PDA

View Full Version : "Security Tool" virus program - how to remove?



starrekin61
10-10-2009, 01:11 PM
hi. somehow my system was infected with a program called "security tool" - it tells me I have umpteen viruses, trojans, etc. every program I try to run, it stops, telling me they are all infected. it wants me to pay 80 bucks to run it, etc. no uninstall. it is not listed. can not run hijack this. i googled it and found a program to remove it, which i downloaded, but then was unable to open due to this piece of *&^^&* program.

anyone have any clues how to get rid of this?!? thanx, in advance.:mad:

Speedy Gonzales
10-10-2009, 01:19 PM
Disable system restore, do a full scan with something like malwarebytes. Update if first

nofam
10-10-2009, 01:22 PM
hi. somehow my system was infected with a program called "security tool" - it tells me I have umpteen viruses, trojans, etc. every program I try to run, it stops, telling me they are all infected. it wants me to pay 80 bucks to run it, etc. no uninstall. it is not listed. can not run hijack this. i googled it and found a program to remove it, which i downloaded, but then was unable to open due to this piece of *&^^&* program.

anyone have any clues how to get rid of this?!? thanx, in advance.:mad:

Download Trojan Remover from here (http://www.simplysup.com/tremover/download.html), disable system restore, and then boot into safe mode (reboot then press the F8 key repeatedly until a menu appears), install Trojan Remover, and run a scan.

starrekin61
10-10-2009, 01:24 PM
stupid quick question speedy - where do i find system restore - no icons on desktop. then follow link on your signature? thanks.

Speedy Gonzales
10-10-2009, 01:30 PM
What version of windows is it? If XP press the windows key (if the kb has one) and pause. Click on system restore, untick it. If Vista, same thing / system protection / untick c on the bottom. Or get teamviewer (www.teamviewer.com), boot into safe mode / networking. Install teamviewer / run it. Then send the ID and PW to me in a PM. And I'll check it out for you

pctek
10-10-2009, 01:38 PM
Control Panel - System icon - System Restore TAB - Disable it.

starrekin61
10-10-2009, 02:06 PM
"security tool" program is gone - deleted through safe mode using trojan remover - nothing else worked. thanks.

now - no desktop - just blank screen and task bar. no icons, zilch. when i right click, nothing happens - no menu comes up.

what do i do next?

Speedy Gonzales
10-10-2009, 02:18 PM
Use malwarebytes update it then scan the whole hdd. Is there a virus scanner on this?? If there isnt, install one

starrekin61
10-10-2009, 02:23 PM
it has avg free on it. thanks. will try the malware bytes now.

starrekin61
10-10-2009, 02:27 PM
hey again. i downloaded the malwarebytes program from the link in your signature. it doesn't install correctly on my system. now what? thank you for all the help by the way. i would be lost without you guys.:confused:

gary67
10-10-2009, 02:47 PM
can you install in safe mode?

nofam
10-10-2009, 02:57 PM
can you install in safe mode?

Try going back into Trojan Remover first, and running all the different options in the Utilities menu.

Then download Hijackthis from here (http://go.trendmicro.com/free-tools/hijackthis/HijackThis.exe), run it and choose the option to save a logfile. Post the logfile here for us to take a look at.

DomoMcBeasty
10-10-2009, 03:23 PM
I also have the same problem, I've followed what everyone said, except for the part where I have to open up the System Icon in order to do disable safe mode. For some reason, my computer wont let me up the System Icon. Help, please?

EDIT: My computer also won't let me open up the trojan removing program that I installed from here earlier.

Speedy Gonzales
10-10-2009, 04:34 PM
Do it in safe mode, if you havent yet

DomoMcBeasty
11-10-2009, 04:29 PM
There must be something I'm missing or doing wrong. Here's what I did.
-Disabled System Restore
-Rebooted in Safe Mode
-Scanned my computer (In Safe Mode, with Trojan Remover)

Security tool is still on my computer. Seems like nothing was done. I also have MalWareBytes on my computer, if that helps at all. Help, please?

Speedy Gonzales
11-10-2009, 04:36 PM
Boot into safe mode / networking. Get hijackthis, install / run it. Click on scan the system and save a log. Copy and paste the whole log here. I could check it remotely with teamviewer. But you need 10 posts for PM's to work. Since I need the ID and password from teamviewer, to connect to you. Did you install run / update malwarebytes then do a full scan?

Blam
11-10-2009, 04:38 PM
Kill these processes:
Security Tool.exe
uninstall.exe

Then dind and delete these registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run “SecurityTool”
HKEY_CURRENT_USER\Software\Vista Antivirus 2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\SecurityTool
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityTool

And these files/folders:
%System Root%\Samples
%User Profile%\Local Settings\Temp
%Program Files%\SecurityTool
%Program Files%\SecurityTool
%Documents and Settings%\All Users\Start Menu\Programs\SecurityTool
%Documents and Settings%\All Users\Application Data\SecurityTool

Type each of the folder paths in run and hit enter, then go up one folder and delete it.

Blam

DomoMcBeasty
11-10-2009, 05:09 PM
I didn't do a full scan with MalwareBytes yet. Going to do it know.

@Blam6, I have no idea what any of that means. My computer lingo isn't that good, yet.

Speedy Gonzales
11-10-2009, 05:36 PM
Post a hijackthis log then

archer
18-10-2009, 02:23 AM
I go to Control Panel, System Icon, and then the next popup for me to click System Restore on disappears after half a second. Wtf?

Can anybody else tell me how exactly to get rid of this? I'm still kind of new to messing with computers and I have no idea what most of this stuff is
(btw, what would happen if you clicked "allow" for the program? XD)

Speedy Gonzales
18-10-2009, 08:05 AM
Follow whats already been said

wainuitech
18-10-2009, 08:24 AM
Go to This site here (http://www.bleepingcomputer.com/virus-removal/remove-security-tool) - it tells you how to remove it.

This new variant of spyware can be tricky to remove.

I have a customers PC here at the moment that had it, the spyware actually makes random named files, not always the same so its well hidden. I spent a whole day just trying to remove it, and when I finally appeared to have it, it returned.

Just a word of advice - make a backup of all data you can not want to lose if you have not already done so to a removable drive.

After taking radical actions to remove the spyware , while I finally seemed to have removed it, the whole system was very unstable, and sometimes wouldn't even boot, even after a repair install, so I ended up reinstalling the persons OS / Software and data.

spyhelp
01-12-2009, 10:08 PM
Before starting removal process with Malwarebytes Anti-Malware it is recommended you kill the main malicious process. As wainuitech said, file names are random and it's true, i had several "Security Tool" cases to solve, each of malicious process had a different file name.
Here's how to find out which process has to be killed: http://www.pcindanger.com/security-tool-removal.html

beama
02-12-2009, 07:20 PM
just going into battle with this one, info appreciated

Speedy Gonzales
02-12-2009, 07:41 PM
Install MSE / an AV program, then do a full scan. Post a log

wainuitech
02-12-2009, 08:21 PM
just going into battle with this one, info appreciated :lol: me also, got Two PC's here -- fight time :lol:

If you hear a LOT of (^&#$@&%$(%^&# tomorrow - thats me :p

Edited: One of the people has already run malwarebytes in full scan removed 40 odd infections so he said , with system restore off -- :(

Guess what returned on the next reboot ---- bummer !!

kamo1
02-12-2009, 09:03 PM
I suggest you all try this link for information (http://www.lavasoft.com/mylavasoft/rogues/securitytool), disable system restore, boot into safe-mode & do a manual search and delete all entries.
The files in questions are as follow,
Created Files

* %Desktop%SecurityTool
* %Desktop%Security Tool..lnk
* %Desktop%Security Tool.lnk
* %StartMenu%Programs\Security Tool
* %StartMenu%Program\Security Tool
*

Created Folders

* %CommonPrograms%SecurityTool
* %ApplicationData%73668737
*

Registry Entries

* Key: HKEY_CURRENT_USER\Software\Security Tool
* Value:
* Data:
* Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run
* Value: Install
* Data: C:\Documents and Settings\%userprofile%\Application Data\3552748893\3552748893.bat
* Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
* Value: 3552748893
* Data: C:\Documents and Settings\%userprofile%\Application Data\3552748893\3552748893.exe
* Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
* Value: 73668737
* Data: C:\DOCUME~1\ALLUSE~1\APPLIC~1\73668737\73668737.ex e

It's the .bat file that causing it to regenerate.

apsattv
03-12-2009, 12:01 AM
You left out first unplug the network cable..

wainuitech
03-12-2009, 10:48 AM
:lol: This things putting up a good fight :p NOTHING will run in the way of cleaning tools, even in safe mode, cant stop it Via task manager as thats infected as well, cant disable System restore - same thing infected ----- Time to bring out the BIG guns :thumbs:


Edited: Sneaky little Sh1t-- damn thing has installed its self 4 times, completely random numbers/ files as well ;)

Speedy Gonzales
03-12-2009, 11:01 AM
What if you use something like ccleaner in safe mode, and remove whats in startup (if there's anything there) first? Or let me try :p with Teamviewer

wainuitech
03-12-2009, 11:51 AM
What if you use something like ccleaner in safe mode, and remove whats in startup (if there's anything there) first? Or let me try :p with Teamviewerno exe would run in any mode, but I have managed to stop them running Via ERD commander bootable CD - thats how I found 4 of them.

Disabled Via ERD, removed the reg keys manually as well as the location folders - rebooted, still NO exe runs any mode, but Security Tools doesn't either - scanning the drive as a slave currently - Nod is going nuts - so I suspect theres more than just the Security Tool infection.

wainuitech
03-12-2009, 12:52 PM
Wainuitech 1 - Infections 0 :D

kamo1
03-12-2009, 12:57 PM
You can also do this. Right clicked on "Security Tool" icon on desktop, select properties & remove "read only" & click apply. On the properties tab, look at where the executable is located. Go to that location & renamed the file. Also renamed the folder where it resided. Restart computer & delete the renamed folder & all the files.
Now run Malware Bytes Anti-Malware to clean it up. If MBAM won't run, change it's executable to something.exe & run it again. Hopefully this time it will get rid of that sucker.

wainuitech
03-12-2009, 01:26 PM
You can also do this. Right clicked on "Security Tool" icon on desktop, select properties & remove "read only" & click apply. On the properties tab, look at where the executable is located. Go to that location & renamed the file. Also renamed the folder where it resided. Restart computer & delete the renamed folder & all the files.
Now run Malware Bytes Anti-Malware to clean it up. If MBAM won't run, change it's executable to something.exe & run it again. Hopefully this time it will get rid of that sucker. Thats all assuming it will let you - the versions I have just finished wouldn't allow any of the above suggestions.

Other infections that Were on the PC may have been causing problems, but they are not ones that normally would.

kamo1
03-12-2009, 02:09 PM
Thats all assuming it will let you - the versions I have just finished wouldn't allow any of the above suggestions.

Other infections that Were on the PC may have been causing problems, but they are not ones that normally would.

Well, at least you managed to get rid of it & good on you. I have friends with similar rogue ware, one in Singapore & two in the States. I run them through some options & they said it's all good & fixed. I am glad that you got to the bottom of things & got everything going again.

wainuitech
03-12-2009, 02:24 PM
Well, at least you managed to get rid of it & good on you. I have friends with similar rogue ware, one in Singapore & two in the States. I run them through some options & they said it's all good & fixed. I am glad that you got to the bottom of things & got everything going again. Its my living :D Not all infections can be cleaned out the same way.

NotComputerSavy
16-12-2009, 06:48 AM
I have this same virus and I can't get rid of it. I tried to download the trojan remover, but the virus won't let it. It just closes the program out by itself.

stainton
16-12-2009, 07:06 AM
Rename the task manager exe to iexplore. Then run task manager and end the process that's name is a random 8 digit number, and anything that says security tool. Then you will be able to install, run exe's etc

Blam
16-12-2009, 10:52 AM
I have this same virus and I can't get rid of it. I tried to download the trojan remover, but the virus won't let it. It just closes the program out by itself.

Try booting into safe mode(tap F8 on boot and select safe mode with networking)

Download it from there.

Make sure system restore is turned off before you attempt to remove the malware.

Blam

wainuitech
16-12-2009, 10:57 AM
I'm working on one at the moment - exact same thing -- Running in safe mode with networking allowed trojan remover to work BUT the option to disable system restore was gone - (vista) wasn't till TR had done its thing in safe mode, the desktop came back, and system restore was then able to be turned off.

scottwww
04-01-2010, 04:06 PM
:badpc:

Startup in safe made
goto Start, then run, type "msconfig"
goto the start tab and disable all, only click your AV program

restart
google "combofix.exe" and download, and run - takes a bit of time :sleep
google "hijackthis.exe" and download, and run
remove anything that looks bad or copy and paste the info into this website to tell which is bad www.hijackthis.de

run Malwarebytes and SuperAntiSpyware - basic scan at the same time
If issues, run the full scan too for both

run CCleaner
run Spybot

goto www.eset.com and click on the right "online Scanner"

all this will remove all possible isures

Richard Scott

13yroldcomputerguru
05-01-2010, 09:20 AM
for me, my laptop was that bad infected with it malwarebytes anti malware and avast wouldnt install. my last option was some software i stopped using ages ago. turned out it saved the laptop. Spybot Search & Destroy