One of my PCs just got infected with the XP Total Security 2011 virus. It's actually a fake virus removal tool that has a similar look with Total XP Security. When I first saw it pop up, it instantly scanned my hard drive and warned me of a number of infected files. It then prompted me to delete the infected files and when I clicked "Yes" another message told me that I had to register first. At that point, I sensed something was wrong.
Forgot to take a screen cap but this is what the fake anti-virus program looks like (via teesupport.com)
A few minutes later, my Firefox malfunctioned and wouldn't connect to any site. A message told me the sites I was trying to access were dangerous. Gah! Since when has Google.com became dangerous?
I then used another PC to Google "XP Total Security 2011" and learned about its hazards. Virus Removal Guru says XP Total Security 2011 (sometimes XPTotalSecurity 2011) blocks applications and creates a series of pop ups and warnings in order to scare the user to purchase the fake program. It further says that the executable file is a series of random letters, so I went back to the infected PC and opened Task Manager. Good thing it had not yet infected msconfig. I searched through the series of processes and found the suspicious 555.exe. I ended the process but it would come back after every few minutes.
There's a downloadable application on Virus Removal Guru's website but I first tried doing what I thought was best. I opened the Registry Editor and searched for "XP Total Security." There wasn't any entry with that name so I tried the executable file "555.exe." Alas it showed a series of entries and I deleted them all. When no more 555.exe was found, I restarted the PC to safe mode. I searched 555.exe again and found one remaining entry to delete.
Good thing XP Total Security 2011 was gone when I turned on the PC in normal mode again.
It's quite interesting that XP Total Security 2011 changes its name to Vista Total Security 2011 or Win7 Total Security 2011 depending on the OS of the PC it infects.
For more info regarding the virus, head over here.