"Security Tool" removal

[fw2010]

Hi;
My sister visited a website, and suddenly there are all sorts of warnings from a supposed security tool that the system is infected with viruses and spyware.
First off, I know about these hoax programs that infect your computer and try to get you to purchase the software to remove files that are not actually threats, and may be critical windows system files.

No action was taken, so now I just want to remove this program from the computer.
I googled "Security tool" on another computer and found lots of sites offering software to remove this and other spy/malware, but for a price.

I need a free tool that will remove this "security tool" and return the computer user account to its previous status.

I tried removing the registry entries myself, but I probably didn't get all of them, for after reboot, the malware came right back.

I did download two files that are supposed to remove this.
rkill.com
mbam-setup.exe

Since I found these removal tools on a page that Norton Internet Security Site Safety advisor said was safe, I tried to use them.
The rkill.com seemed to stop the malware, as the warning message disappeared.
But when I tried to install the mbam-setup program to actually remove the offending files, there were errors, and the program cannot be run on the machine.
I'm wondering whether the malware is preventing itself from being removed, or what.

I am about to install a new copy of Win XP on this machine anyway (this has nothing to do with the malware), and I plan to increase security in various ways to prevent such attack in the future.
But for now, I just need to remove this spyware/malware, whatever.

Thanks

FW

[rodi]

Hello,

1. Download Process Explorer and save it in C:\ folder.
Download link: http://live.sysinternals.com/procexp.exe

2. Rename procexp.exe to explorer.exe and double-click to run it.
3. Select Security Tool process from the list. Should be 4946550101.exe or similar and press "Delete" button to end the process.
4. Close Process Explorer and download MalwareBytes anti-malware:
http://www.2-spyware.com/review-malwarebytes-anti-malware.html

5. Rename mbam-setup.exe to explorer.exe and double-click to run it. Install, update and run MalwareBytes anti-malware. Then perform full computer scan and remove all found infections.

Good luck!

[fw2010]

Thanks for the help.
I may not have to do all of that now, since I am installing Win XP on a bran-new HDD.
Just happened that the new drive arrived today.
Just to make sure nothing gets infected, I have disconnected all other drives in the system, then will do a complete scan of the old drive before re-installing anything.

FW

[rodi]

You are welcome I hope this will help you to remove the infection from the old drive.

[fw2010]

Funny thing;
After the security tool failed to appear for several hours (on the old drive), it came up again this morning.

I am going to follow your instructions to remove it once more, as I don't want to take the chance of infecting another computer when I connect this HDD to my external USB box.

Do you think there is any chance that this thing has infected other drives in the system?
There is a second drive which I have not yet checked. This is not a bootable drive, so I am not considering it a high priority to scan right now, but will do so before re-installing it into the newly installed system.

When I scanned the old boot hdd on my Win 7 system, using Norton Internet Security 2010, it detected two instances of a "cloud" which I understand is not actually a virus, but virus-like.
It is supposed to be a more advanced method of scanning for virus and malware.
Apparently, Norton 2009 does not have this feature, since it did not detect it on the native system.

I don't know if this cloud had anything to do with the Security Tool hoax, but it has been removed.

I will re-scan the drive at some point, or I will just reformat it.

Again; Thanks for your help.

FW

[rodi]

Rogue security applications like Security Tool are promoted through the use of Trojans. Basically, a Trojan virus displays those fake security alerts, downloads Security Tool files and finally loads the rogue program. So, the most important thing is to remove those Trojans, because they may re-download rogue applications. There is a possibility that other drives has been infected too. Make sure to scan those drives too. Try to use another anti-spyware application, not just MalwareBytes. I recommend using Spyware Doctor as they just released a new version of their product. New detection engine and etc.
http://www.pctools.com/spyware-doctor/

[Adain]

Thanks for taking the time to help, I really apprciate it.

----------------------------------------------------------------
Computer Security Tools

[nodata99]

I have the same virus. I tried to log in the Safe Mode but virus is getting smarter I believe. It does not allow me to log in any of Safe Mode and even do not let me go furher than user password. I've follow this Security Tool removal guide but it failed too. Any ideas what I should do next? Thanks.

[RobROcket]

I have the same virus. I tried to log in the Safe Mode but virus is getting smarter I believe. It does not allow me to log in any of Safe Mode and even do not let me go furher than user password. I've follow this Security Tool removal guide but it failed too. Any ideas what I should do next? Thanks.

Ok i see this vrius about. 2-3 times a week. im going to include what i do to remove this security tools.
Ok i use 3-4 tools to remove this virus. depending on which version of sec tools ill list them here.
Mbam (Malwarebytes)
eset online scanner (handy )
Spybot
and
Rkill.exe (Make sure you download this from a trusted site. i cant give you the site i get ths from due to a agreement.

ok if you can get into safe mode do it . runn Rkill.exe and it kills the process of security tools. now run and update Mbam run a quick scan it qwill pick up some of security tools files. do the same with spybot and it will pick up some more.
then go to eset.com for the free online scanner. run that aswell by now they would have killed off 80-90% of the extra files lying around. which is good. (we need this in order to view the exe and be able to delete it.
now here is the important part. Click on ur start bar and type in sserch. .exe
try to find the exe secuirty tools iis located under. it ussaly looks like a blue shield or will be somthing similar to this. 4946550101.exe
delete it and that should be the end of our friend the secuirty tools.

okwell i hope this helps and sorry for the wall of text.

[kristain]

Security Tool is a deadly trojan virus that will sneak onto your system often without you knowing it. Browser hijacking is a common cause of Security Tool. Sometimes if you install a malicious program it can also cause trouble.

# Download Spyware Doctor and save to your Desktop (if you cannot download then bookmark this page and skip to Step 3 to restore your internet)
# Rename the file iexplorer.exe
# Restart your Computer in Safe Mode with Networking (keep tapping F8 while your system boots up)
# Launch Internet Explorer, click on Tools and then Internet Options.
# Click on the Connections tab and select LAN Options
# Uncheck the box Use a Proxy Server For Your LAN and click OK
# Launch iexplorer.exe (Spyware Doctor)
# Update Malware Definitions and click Start Scan
# Click the Fix Checked button and remove Security Tool

[carlesle]

Hi All,

Everyone here is talking about "security tool". But still no one has elaborated deeply about "security tool" removal steps.

Can some one elaborate more on it?

Thanks!

________________________
carbon footprint software