How to remove Security Tool Virus / Malware ( Removal Guide )
Security Tool is a self-proclaimed anti-spyware program, promoted through pop-ups, trojans and malware webites. The Security Tool is promoted just like Windows Police Pro or Green AV ( Antivirus ) 2009. The rogue anti-spyware programs are distributed through websites that simulate virus scans, then the user is told to download the software to clean his PC.
Once installed, the Security Tool will start automatically each time you turn on your PC and log in to Windows. Then it will start scanning your computer and show you a list of fake infections. When you try to clean the infected files, you are prompted to buy the software.
Be careful, don’t believe anything this rogue software prompts to you and DO NOT delete the infected files found by it, because those are just legitimate files.
This is how Security Tool looks ( article continues below the image ):
Security Tool Virus
To get rid of this software, you need MalwareBytes Anti-Malware, a legitimate software that will get you rid of all those rogue applications and malware, and rkill.
How to remove Security Tool:
- Download MalwareBytes Anti-Malware.
- Download rkill.com ( rkill.exe ).
- Install the mbam-setup.exe file.
- To install it, just press next and don’t edit any options if you are not sure what you’re doing.
- After the installation is ready, MalwareBytes Anti Malware will start automatically and will require you to update the software, so just press OK.
- Go to the Scan tab, select “Perform Quick Scan” and press “Scan.”
- MalwareBytes Anti Malware will now scan all your PC for malware, including the Security Tool.
- You will see a “The Scan completed successfully. Click ‘Show Results’ to display all objects found” prompt once the scan is finished. Press OK.
- Now press “Show Results.”
- You will see a list of malware applications, including the Rogue.SecurityTool. Be sure to select them all and press “Remove Selected.”
- After MalwareBytes Anti Malware finishes the cleaning, you can close the program and be sure your PC is clean.
- As a caution, you should also use rkill.com ( rkill.exe ) to terminate malicious processes.
Please let me know if you need any more help and I’ll do my best to help you get rid of the rogue application.
If you have any questions about the Security Tool Virus, you can always ask us on our Forum and we will help. Click here to join the Forum now !
- THIS POST WAS WRITTEN BY:
- Alex Dumitru
I have the Security Tool virus and have downloaded the Malware software but the virus won’t let the software run. What can I do?
Thank you!
The easiest thing to do is to insall malewarebytes on to a flash drive or external harddrive and run the program from there while in safe mode. This should take care of you.
Had malware installed earlier. Malware wouldn’t start up. Folled the suggestion above, downloading Malware to flash drive and running it in SafeMode. Error messages:
Unable to execute file:
C:\Program Files\malware Bytes’ Anti-Malware\mbam.exe
also on Malware install:
Create process failed; code2
The system cannot find the file specified
I’m in deep trouble here. Any help appreciated.
IMPORTANT: DO NOT CLICK ON ANYTHING THE MALWARE WANTS YOU TO CLICK EXCEPT “CONTINUE UNPROTECTED” until you finish your business with your computer. Then you will need to restart in the SAFE MODE with NETWORKING. DO NOT delete anything the malware recommends you to delete. When you install this anti-malware program, the .EXE file gets deleted by the bad virus within about 3 seconds or less. You will need rescue the “mbam.exe” file out of the folder as soon as you see it appearing by the installer. if you have a flash-drive, then open up an empty folder in your flash drive and have it ready on the desktop, such as D:\NEW FOLDER (just the empty folder). When you see “C:\Program Files\malware Bytes’ Anti-Malware\mbam.exe” get created by the installer, grab the file and drag it (with your mouse of course) into the empty folder that you had ready on the desktop. then you may copy it and paste it back where it belongs in “C:\Program Files\malware Bytes’ Anti-Malware\” folder. Then double-click on “mbam.exe” and the anti-malware program should start running. if nothing happens, you will need to restart in SAFE MODE. Turn off the computer and as you click the start button, hit F8 once per 2 seconds until you see the screen where you can choose SAFE MODE with NETWORKING. you will need networking if you want to get on the internet. While in safe mode, the walware will not bother you. in START, click on RUN and type MSCONFIG and run it. In MSCONFIG’s start-up, uncheck anything that sounds like a made up word like framgran.dll and any numbers usually 6 digits. Then search for that file. You will most likely find it in a folder located in C:\documents and settings\all users\application just delete the whole folder in which those numbers reside. the DLLs will be in C:\Windows\System32\ folder. The malware Bytes’ Anti-Malware will remove all of them. Once you restart windows you will be bugged by windows start up bitching about these files not existing such as framgran.dll which you should be happy that they can’t be found. Now, in START–>RUN type REGEDIT and run it. press F3 in REGEDIT and in the search dialog put in whatever files it is that Windows complains it can;’t find because the malware remover killed it. search for those files and delete the folder in which they exist. BE CAREFUL not to delete more than necessary. As this is like herpes virus and WILL come back at some point in time, you will learn how to delete it without even the use of the malware remover. just by using MSCONFIG and REGEDIT and windows explorer SEARCH. GOOD LUCK!
Excellent suggestion regarding the MBA.exe file creation.
I was receiving and error upon install in safe mode:
Create process failed; code2
The system cannot find the file specified
Followed the process mentioned above and monitored the installation folder while the install was running. I saw MBAM.exe get created, but then it dissapeared within a few seconds. I tried installing again, this time when I saw the MBAM.exe appear, I quickly clicked the file, hit CTRL+X (make sure you cut and not copy, copy will just create a shortcut and be worthless), then CNTL+V onto the desktop. Waited a minute or so and pasted right back in the original installation folder, and now works like a charm!!!
Thanks for the info
Thank you so much easy,
without this info I’d be in deep stuff. Had the problem fixed in a couple hours. Couldn’t have done it without your help.
Just restart (force it pushing and holding the start button if necessary) the computer and as soon as the Windows starts, click control+alt+del and pull up the TASK MANAGER. Go to the tab PROCESSES and end process called 2467839.exe or any series of numbers like that. From there you can start working on your computer. Either install that antimalware you were talking about, or remove it manually, which really isn`t a big deal. I found manual instructions at http://www.techjaws.com/how-to-remove-security-tool-virus/ I got rid of it in less then an hour…
Worked like a charm, thanks Julia.
Julia u are the best I did as u said to do and a few seconds later it was gone add I could open everything again thanks a million!!!!!!!!!!!
the easiest and quickest method i have found. it worked like a charm even for a beginner like myself. thank you so much Julia.
Oh my God, Julia!!!! I love you!
That was so easy!! That was a horrifying experience, and you wouldn’t believe all of the bad advice there is out there.
Hi, Jeanne again.
*****THIS IS IMPORTANT*******
*****Security Tool leaves a shortcut on the desktop.
*******You HAVE TO RIGHT CLICK ON IT
IT WILL ASK:
*****DO YOU REALLY WANT TO SEND THIS TO THE RECYCLE BIN?
*****BEFORE YOU DO ANYTHING!!!!!!!
*******IT ALSO GIVES YOU THE EXACT
LOCATION OF THE VIRUS FILE******
*****CUT AND PASTE IT INTO FILE SEARCH*****
THAT WILL TAKE YOU TO THE FILE***
*****DELETE IT *****
ONCE THAT AND THE SHORTCUT ARE IN RECYCLE BIN, YOU MUST DELETE THEM FROM YOUR COMPUTER OR IT WILL JUST KEEP COMING BACK*****
This is THE way to take care of the virus if you can’t seem to run anything. Thank you so much for the help!
But task manager won’t open for me and when i tried to delete the file after finding the location, it keeps saying it is open. I can’t seem to figure this out. I have tried every different way and the virus has blocked it. I have tried downloading an anti-virus, downloading an anti-virus onto a flashdrive, manually deleting (but the files it tells me to search for do not show up), and task manager. i am freaking out!
Julia, thank you so much for you simple instructions!!!!!!!!!!!!!!I removed security tool in less than 20 min!!!!!!You are an ANGEL!!!!!!!!!!!!!!!!THNAK YOU SO MUCH!!!!!!!!!!
Thank you so much some how my daughter went on a google web site and downloaded this virus. I spent 2 hours on it last night trying to remove it. It took me 10 minutes with your help.
Hi, Larry. I don’t know if you got it fixed yet, but I just restored my computer to a earlier date (before Security Tool was installed). Start;All Programs;Accessories;System Tools;System Restore. Just pick a earlier date, than Restore. Worked for me! Kyler.
When I am trying to start computer in Safe Mode the following things are popping up on the screen
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\ntoskrnl.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\hal.dll
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\KDCOM.DLL
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\syste32\BOOTVID.dll
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\conifg\system
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\c_1252.nls
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\c_437.nls
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\l_intl.nls
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\vgaoem.fon
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\drvmain.sdb
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\DRIVERS\ACPI.sys
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\DRIVERS\WMILIB.SYS
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\DRIVERS\pci.sys
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\DRIVERS\isapnp.sys
And after that nothing happens.
Now when I shut down computer and restart, I can hear sound of processor running but screen is blank.
I will appreciate your help in this regard
Thanks in advance
Saeed
Saeed that’s exactly the same thing that happened to me. I finally gave up and reformatted and reinstalled windows. I tried several times to get past that blank screen, but nothing worked. I hope you have better luck than I did. I just spent all night dealing with this.
I should have mentioned that I just made a post earlier tonight and if you do a search on my name you’ll see what I was talking about.
i understand where your coming from but when your ao safe mode it cuts off connection with all external drives… you cant even use your speakers.
ok, well im REALLY worried. none of the above or below things will work. i CAN get into safe mode, but system sec is at 7%, i have 172 virus, NO start menu, in norm mode and safe mode.NO toolbarat the bottom. i got this virus on my laptop (what im useing now) and was able to fix it…the PC only had for 2 hours max, and now NOTHING,nothing works what-so ever. if possible, could someone come up with a way to save it? (which would be hard, ’cause nothing works!) plz help!
i had the same problem as Genny but i fixed it successfully due to jadwg’s advice. thank you very much, jadwg.
Same here! I right clicked on the “security tool” icon it installed on my desktop, picked “properties”, and removed the “read only” property and “applied.” I then went to the directory where the properties tab told me the security tool executable was located, and changed its name. Also changed the name of its parent directory, which was the same bunch of numbers. I then rebooted my machine, and it didn’t execute. I could then remove the executable and its directory. Just to get things back to normal (I lost my desktop background), I restored the machine to the last restore point. Seem to have recovered, but I think I will install the malware removal tool for the next time.
Bill Hough’s solution of October 9 worked perfectly well and took all of two minutes. If you can do this and avoid all the safe mode stuff, highly reccomended.
Thank you so much ! I followed your advice and it saved my computer when I couldn’t do anything else ! Thank you !!!!!
You are a lifesaver. Nothing else was working and then all of a sudden HALLELUJAH.
This worked for me when nothing else would and was so easy. Thank you!!!
Yep I did the same thing I did delete the file after rebooting! “There should be a law!!
Bill Hough’s suggestion is so easy and quick to get rid of this malicious virus. What he said to do worked so easily, and I am so grateful!
bill hough is that dude…don’t even bother with all that other nonsense, the virus won’t let you run anything anyway…just follow bill’s steps and be glad he posted here
Hi Bill:
I’m not too tech savvy and was hoping you could expand a little on your explanation for the virus removal. I restored the desktop icons ,right clicked on the icon and I can see the program file numbers. I highlighted the part without the .exe file extension and erased it however I got a error message.
Also how do I navigate to the directory where the executable file is located ?
Steve, When you right-click on the desktop icon, and pick “properties”, a description of the “target” executable should appear in the “shortcut” tab. The “target” is the location of the executable on your hard drive. You have to navigate to that location. You will start at the root directory of the file structure, C:, and descend through the sub directories listed in the target path. Each step in the path is separated by a backslash. Use Windows Explorer to do this. Go to My Computer, pick “C:”, and then pick each subdirectory (Microsoft calls them folders) until you get to the one with all numbers. In that directory should be the executable with the same name followed by .exe. That is the file you want to right click, pick properties, and remove the check mark on “Read Only”. Make sure you “apply” after removing the check mark. You should then be able to change its name (rename after a right click ) Then reboot, go back to the file location with the same method, and delete the file. Go up one directory and delete the directory, which will have the same numerical name. If this makes no sense, get some help from a kid in the neighborhood.
Bill Hough
THank you thank you thank you. It was so easy. Although Im not computer savvy I was able to do it in 2 minutes. Awesome. That will teach me to watch stuff online.
Bill. you.are.the.best. I would give you a hug if I were able to. thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you.
THANKS =]
Thanks Bill for the info, I was about to throw my computer through the window when you came to the rescue.
Yvan From Québec, CANADA
Thanks a lot!!! That was so much easier than instructions from other sites and this actually worked! Thanks a lot.
Bill…I worked hours on this problem with advise from other websites with no success… the name change on the file was genius. IT WORKED..thank you. You helped save a girl a lot of $$$.
BILL HOUGH ATTN:
I have the same problem that saeed is having do you know how to fix this problem if so PLEASE contact me back asap thank in advanvce
To JACOB WHITE,
No, Jacob, I have no idea. Back when my method worked, you didn’t have to go to the safe mode to apply it. It appears that the virus has gotten a lot more damaging since my solution was posted. This surprises me as to be able to buy security tool to fix the original problem, you need to have the machine somewhat operational. Makes me wonder if some of the remedies posted here and elsewhere aren’t destructive in themselves, or haven’t been followed precisely.
Thanks Bill, however, if one cannot get the properties from the desktop icon, as it won’t respond to right click; in my case the desktop icon is a green nike like check mark.
Hi Handa,
Could you walk me through how to restore the desktop icons? And I’m probably even less tech savvy so could you instruct me in a very easy language? Or should I just ask Bill? Sorry if this is just a bother.
Mila: I had the same problem with my icons…my whole desktop screen was black. I just found the Security Tool button thing in the start menu and right clicked it and went on from there.
Bill;
I am not as computer savy as all these people so can you help me here?
this is what i understand to be done:
select the security tool icon–> pick “properties” and remove the “read only” and the “applied” functions
After doing this does this take me directly to the ” directory where the properties are kept? how do I change the name and to what? also how will I know which is the parent directory?
Now to reboot that means to restart right?
HOw to restore themachine to the lst restore point?
see I told you I was not compute savy.. would you recommend installing the malware removal tool instead?
thanks!!
09 11 15
Sir: A friend called and said his three-week-old Windows 7 laptop had something called ‘Security Tools’ I was not familiar with it, but even though it was my first troubleshooting on a 7 machine (only other 7 experience was taking a look at the beta), I was self-assured I could resolve it. It was only when I first opened the lid that I remembered ‘64-bit’ All of my 32-bit disks were useless. After five-hours of trying everything I could dream up to remove ST, I came across your process while searching with my own machine for a solution. Of course it worked perfectly. His machine will not leave my office until I set up some competent security measures. I am a bit surprised I have not heard more about ‘Security Tools’ as it is pretty devastating. You saved me many, many hours of effort, or, ultimately, a complete washing of the hard drive. Thank you.
William
Thank you so much for such a direct solution to this problem. It is very much appreciated. Considering how long I was browsing online for solutions before I came across your advice, I know you saved me tons of time when I sat down to it.
thank you Bill Hough, i might add though, with us, we couldn’t even get our desk top, so in that case open a file threw your start menu and just get that window to show your desk top, then continue with what Bill said, once i followed your way, took me less then 2 minutes to remove it.
Bill, UDM!!!
Bill’s idea was the easiest way to get it done. Thanks for the easy way out.
OMG I could kiss you! I found this virus on my computer 2 days ago. I was unable to do any of the solutions I found on the internet. I couldn’t get it to go into safe mode by F8 or manually. Couldn’t get to MSCONFIg or REGEDIT. I downloaded Malware removal tool and couldn’t install it either. I followed your instructions and TADA! I could boot up without the virus starting and all my desktop icons are back and I was able to intall the anti-malware. YOU ROCK! THANK YOU THANK YOU THANK YOU!
I believe now you are my savior! Nothing else was working, I was afraid my computer was going to completely crash. As soon as I renamed it I was able to download an anti-malware. YOU ARE THE BEST!
To remove the security tool virus, first you have to start up the computer in safe mode.(press F8 repeatedly after the BIOS screen on system startup, then select safe mode). then run several anti-virus programs. Even after this, there are usually still several DLL files that act as keyloggers and will report everything you do unless they are removed. To delete them, open my computer->C:(or hard drive windows is installed on) -> WINDOWS -> SYSTEM32. there are usually 2-3 randomly named DLL files. to find them, you must first click Tools (at the top of the screen) -> folder options -> select the VIEW tab-> if not done already, check the “show contents of system folders” box, select “show hidden files and folders”, uncheck “hide protected operating system files” and uncheck “hide extensions for known file types.” look on the page for several hidden .dll files(hidden files usually have slightly opaque icons or colored text in the name). there should be 2-3 of them. they are randomly named but usually have a name such as “womaduzo.dll”, nobajuno.dll, navavaze.dll, or yipiveto.dll or a similar sounding name. these must be deleted with the file shredder in Spybot Search & Destroy. if you are not sure which .dll files should be deleted, you can upload a list of the names of the hidden .dll files in the SYSTEM32 directory and I can figure out which ones are the virus.
I found 6 opaque icons, yet they they were labeled “manifest files” and not “dll”, would this mean anything different? Also all the files look like they have funny names, canyou help me?
TO BE ABLE TO RUN YOUR ANTI MAL WARE PROGRAM WITHOUT SECURITY TOOL INTERFERING FOLLOW THESE STEPS.
1. Ctrl + Alt + Delete
2. Click on the Processes tab
3. THE PROCESS FOR SECURITY TOOL WILL BE A BUNCH OF RANDOM NUMBERS
Ex. 6341908843 ——- 7,000
4. Right click random number process and click end process tree.
5 After this you should have no problem running a program.
the answer to your question::to help you out alot..sercurtiy tool is always poping up your computer screen turns blue and somtimes shut down it will also not let you get on alot of site or download anything..so wat you do is when you first turn your computer on press F8 and press up arrow up to SAFE MODE NETWORKING press enter and enter again your screen will turn BLACK but don’t be scared get on the internet without any pop ups or shut downs and download MALWAREBYTES’ ANTI-MALWARE..and follow the insturtions..
This is what i had to do, if it wont let you run it, then right when your pc is booting, open task manager (asap) and close security tool when it pops up in applications running. then it wont come on anymore.
it really is simple mame
restart your computer
as soon as it comes back on press f8 repeatedly
click on safe mode press enter
go to start menu
go to run
type in misconfig (as shown here) press enter
go to start up tab
uncheck the file that consists of just numbers
restart computer
right click on security tool icon
press delete
go to recycle bin
delete from recycle bin
if the box ever comes back do not let it run click x repeat do not run it or it will come right back
try this i hope this helps
first find the file location. i did a search by typing in keyword “security”. it showed me the file location. shut the pc off at the power button. when it restarts it’ll ask u to select safe mode, etc. select safe mode. in safe mode select command prompt. run a dos command dir to find any new file or directory. i found mine in c:\program data (and a long nbr). run dos command RD and directory name. run dir command again. it will create yet another file. this time .exe file. delete it as well. restart the computer. u’ll b fine and up and running. run ur antivirus and update system registry files.
This worked for me.. first I clicked the above link MalwareBytes Anti-Malware instead of clicking run click save then reboot your computer in safe mode. once in safe mode go to your document and install MalwareBytes Anti-Malware program once installed do a scan sectrity tool will not show up in the regualr finds you’ll have to look in the unidentified folder then click the box next to it and hit quarantine…and it’s fixed!!!!!
I tried this in safe mode, but as soon as it would come up it would exit itself out. When I clicked on the icon on the desktop it would say invalid icon and would say search manually for file. Any thing I can do?
Ok so I got malware bytes to run by doing this:
run windows in safe mode (F8)
download Malwarebytes to the desktop
open the install directory, C:\Program Files\Malwarebytes
now run the installer and as it’s installing watch the install directory and as soon as mbam.exe is in there copy and paste it to the desktop (be fast because it’s about to magically disappear)
after that copy it back to the install directory and run mbam.exe
run the updates and do a scan.
Thanks for the tip I was about to look for the file online, your approach was easier. Although I did have to do it 2x – you’re right it does disappear fast! I just got this last night (just by clicking on a website – didn’t even download anything) and was able to delete some the files but it replicates so I can’t find them all manually. Thanks for the tip – now I can just let Malwarebytes find the rest of these files.
Same problem here. Are there manual instructions on removel? What files/keys does it use/create? Do we need to/can we shut down system restore, go into safe mode and delete the entries?
It creates random files and keys, so it’s hard to find them.
Run your computer in safe mode. Run a command prompt and type “msconfig”. In the startup tab, disable all. Restart and then try malwarebytes and combofix.
in response to my msg above I meant run the “RUN” thingy in your start menu. Then open msconfig by typing “msconfig” into the line. By disabling the startup items u can reboot without the security tool running. This allows you to reinstall malwarebytes and run it.
I too have this damn virus. I followed your thread and after reboot and downloand of mbam.exe I got an application error. Was I supost do reboot in safe mode?
Me too. I successfully disabled the start up in safe mode, then tried to run the Malware application but it will not run saying it cannot find the mbam.exe file. I browse to it but it the program will not accept it. I kept trying and once or twice I actually got to the window where you can prompt it to scan but it disappears within seconds.
One more thing. I can open programs now, which I could not before. I only have free AVG virus software. I am running it now. Should it find this damn virus and delete it? Is there another anti-virus app I can use to delete this. I’d rather pay for that than have my computer re-built.
Ok so I got malware bytes to run by doing this:
run windows in safe mode (F8)
download Malwarebytes to the desktop
open the install directory, C:\Program Files\Malwarebytes
now run the installer and as it’s installing watch the install directory you have open and as soon as mbam.exe appears in the install directory copy and paste it to the desktop (be fast because it’s about to magically disappear)if you miss it just reinstall it again
after that copy it back to the install directory and run mbam.exe
run the updates and ran a scan. It will remove security tool.
I know this sounds weird but it totally worked to get Malwarebytes to run and remove this.
Good luck
and i didn’t even have to mess with msconfig
I have tried everyway i can think of to get itno safe mode… any suggestions?
You have to hit F8 repeatedly at start up, then one of the options is ‘Safe Mode with Networking’ which you can select with the arrow keys and enter. This should do it!
Thank you, thank you very much! This is the only method I have tried that works, cheers!
I am going crazy! Is there anyone who can help me?
did you try both methods noted above?
I tried one and that did not work. And then I was confused about this posting of yours.
Ok so I got malware bytes to run by doing this:
run windows in safe mode (F8)
download Malwarebytes to the desktop
open the install directory, C:\Program Files\Malwarebytes
now run the installer and as it’s installing watch the install directory you have open and as soon as mbam.exe appears in the install directory copy and paste it to the desktop (be fast because it’s about to magically disappear)if you miss it just reinstall it again
after that copy it back to the install directory and run mbam.exe
run the updates and ran a scan. It will remove security tool.
I know this sounds weird but it totally worked to get Malwarebytes to run and remove this
Dan is right, you should be ok now
This virus is annoying.
Download mbam-setup (malwarebytes) and save it to your desktop
Download combofix and run it in Safe Mode.
After it runs and is done, install mbam-setup.exe
Run a quick scan and remove remaining .exe files
This virus is basically attaching itself to every .exe process because of dlls. Mbam.exe will not run because the virus deletes the file. To get around this – rename mbam.exe to something different like “bytes.exe” and then create a desktop shortcut from that and it will run.
I am running combo fix now. I need a drink!!!
Combofix is now rebooting. Should it reboot in safemode.
I ran it all in safe mode, try that
It worked!!! Thank you so much!!!
1. Reboot PC into safe by holding down F8.
2. Go c:\documents and settings\all users\application data
3. You may have to click on Tools > Folder Options > View Tab > select show hidden files and folders.
4. Under application data folder look for a number like 29721425 on a folder the virus has batch and executable file in this folder.
5. Click Start > Run > regedit > Search the folder number 29721425 in your registry. When found delete the key. Press F3 to search again and delete registry key again.
6. Reboot PC virus will be remove.
I somehow got this virus after I left my computer on overnight running a LavaSoft Ad-Ware scan believe it or not. After reading through this entire thread, I finally went the regedit route to get this removed. I tried Manny’s method but I guess the mbam.exe was getting removed so fast, I never saw it come up in the directory to copy it off. I don’t like messing with my registry, but this was the only solution that worked. It found probably around 5-7 keys that I had to delete. So far no more freakin’ Security Tool virus. Thanks Jon.
…. Umm, the second step is already my problem..
My.. c:\documents and settings\all users\application data is unaccessible… and so I can’t do anything at all… any advice?/
What can you do when you cannot start in safe mode? When I click (enter) on safe mode, this comes up next: Select the operating system to start. Windows xp Media center or Microsoft Windows recovery console. When I click on either one, then this comes up: We apoligize for the inconveniece, but windows dis not start successfully. A recent hardware or software change might have caused this.
From: Jon
To: Skylar
If you cannot reboot into safe mode, let your Windows XP boot up.
1. Click start > click Run > type msconfig > Select startup tab > Select Disable All.
2. Reboot PC hopefully, the hidden files located at c:\documents and setting\all users\application data\29721425\29721425.exe and 29721425.bat will not startup.
Then follow Step 2: from my earlier post.
Good Luck!
OK, I clicked on start, then run, typed in misconfig, the hour glass came up, then disappeared, then the security tool pop up in the lower right corner came up and says: misconfig.exe is infected with worm Lsas.blaster.keyloger. I must have the super duper security tool virus. Nothing I have tried has worked. I tried to download malwarebytes from a disc, and it blocked that too, superantispyware from a disc, blocked, ad-aware from a disc, blocked. Renamed the ad-aware file name to 123.exe, blocked.
time to get the 12 gauge out?
Nah just install malewarebytes on a flash drive on a clean computer. Just make sure to select the correct drive when you install. update the file than eject the flashdrive. Now boot your infected computer into safemode and plug in the flash drive. Your should be able to open the file of the flash drive and run it from the flashdrive with no problems.
I’m having the same problem as Skylar. I am unable to boot in safe mode. Which pretty much means I’m screwed, right?
I can’t run mdam.exe. I can’t run msconfig. Everything I try to run is blocked by this virus.
Got any other solutions?
my laptop would not start at all so i pressed f8 continually then i selected sn option “restart from last successful boot” or something. then when you see your desktop right click the security tool icon, click properties and enable the read only box. then click apply, then in the shortcut tab you will see target and this is the file location. it should be in a sub folder in c:/program data/07133633( or some other series of random numbers) rename the file itself, and also rename the folder i have just described. restart your system and when you log on it will not be so annoying. i still need to run a malware programme….. i hope this helps.
omg lolz u guyz rock! i had that damn virus on my pc and couldn’t get anything to run and mbam was down for the count and BOOM snagged the copy and pasted the mbam.exe back into the file and it worked like a charm pc is up and running and ima back to work
Skylar:
You have to somehow get your PC to boot into Safe Mode in order to defeat this virus! Safe mode will prevent the virus from loading at startup.
1. Try safe mode with networking (press F8)
2. Trouble Getting into Windows 2000 or Windows XP Safe mode – If after several attempts you are unable to get into Windows 2000 or Windows XP Safe Mode as the computer is booting into Windows, turn off your computer. When the computer is turned on the next time Windows should notice that the computer did not successfully boot and give you the Safe Mode screen.
Any luck?
This thing is annoying, i’ve been trying different thinks all day!
Hi, I found a manual and automatic removal at
http://www.im-infected.com/rogue/security-tool.html
Ive used the automatic removal with malwarebytes and it works.
And yeah, i have the same prob as skylar… NO IDEA how to boot it into safe mode… ><
to get your computer into safe mode you have to go into the msconfig click the BOOT.INI tab and check safe boot then restart and it will be in safe mode. but make sure you uncheck it when your done so it wont reboot again in safe mode.
I’ve had to buy PrevX 3.0 to get this thing out of a company PC, could not get Malwarebytes or Superantispyware to run.
No msconfig, no taskmgr, no system restore, no F8/SafeMode!
$30 is not a terrible amount of money, but PrevX has also prevented many of these types of software from loading on my home PC’s. A few times I got popups from PrevX notifying me NOT to install software, and this was just going to “normal” sites that AVG had marked as “Safe” sites.
Yes, nobody wants to pay for software, yet having something like this that boots with the system, detects infections on removable media, websites, etc that catches this junk in the first place, you’ll consider it money well spent in the end if your time has any value whatsoever.
Consider buying and running resident software like Malwarebytes, SuperAntiSpyware or PrevX (the best and lowest system resource).
THANK YOU MWHUNTER!!!! I tried to get rid of this nasty virus with no luck using Norton utilities. I tried your suggestion of prevx 3.0 and it worked like a charm. One thing I noticed: Norton found 33 bad files but Prevx found 45. I don’t know if it is because Prevx works in the “cloud” but it found the source and killed it. $30 is a small price to pay to get rid of this problem. Thanks again mwhunter
Mannys solution did the trick for me. Had to run the install several times because the first couple time is removed the .exe file before I could copy it from the install dir. After I did get it copied back it ran and scanned like a charm.
Hi Jon – I’m following your instructions because I finally got my anti-virus software to run in Safe Mode and it found a file 61038422. There is an .exe file in the folder but no batch files. Does that mean the scan hasn’t found the batch files yet?
The anti-virus will take another 3 hours to run so I’d like to go ahead and delete the file from the registry as you suggested unless you think there may be more files hidden somewhere.
Thanks!
I think I found the perfect solution. I simply booted up in safe mode and used system restore to restore to yesterday. Worked great and didn’t have to download anything.That means that I got the darn thing today. Anybody know where this thing is picked up? Is it possible that it came from YouTube?
I got the virus today as well but I was not on YouTube.
And that sounds like a good solution also that Rick has but I would lose today’s work which would be a drag.
Can’t you save today’s work to an external source or disk Genny? I sure would like to figure out where this thing was picked up. I can’t really think of any untrusted sites that I have visited.
Actually, after a good part of the last 10 hours trying to find a successful solution to this blasted virus I’ve forgotten what I worked on this a.m. I’ll run a search on what I did today.
How do I do system restore?
Thanks!
HEY!!! if you go to run.C:\windows\system32 , find the file taskmgr and make a copy of it (Ctrl+C CTRL+V, rename the file iexplore and run it, it will run the task manager, from there you can end the virus, it looks like a bunch of numbers, for example: 7431948234.
This worked great to turn off the virus. But I still can’t run malware bytes. Whenever a file named mbam.exe is created, it immediately gets destroyed, therefore I’m unable run mdam.exe to get rid of this virus.
I’ve posted to malwarebytes.org to ask for assistance there, and I suggest others in my situation do the same.
so you got the virus terminated via the task manager method? After you terminate it, you have to do a system restore.
Thanks Nobody! I got malewarebytes to run by renaming the exe to Iexplore. I was then able to get back in my PC & do a restore. There were 2 exe files left, one called seres
that was still messing with the regisitry & admin settings. Not worth fighting it. I did a clean restore & now it’s a better world.
There are several ways to run system restore. As mentioned earlier, you have to be in safe mode or the virus will prevent it. Just go to “windows help and support” center on the start menu and under tasks go to “Undo changes to your computer with System Restore”. Click on that and it it will guide you easily thru it. If you can’t access system restore that way, you can just do a general search for it. I don’t know why anyone would use another method to undo this virus since it is so simple and only takes a couple of minutes.
I am running windows vista and just got the Security Tool spyware like an hour ago. I already had malware malbytes and am currently running it to deal with the spyware. The windows defender has picked up on some trojan Winwebsec and is rated severe is this a fake windows defender part of Security Tool or is the threat genuine? Also will it be removed by malware aswell?
P.S. i think i picked mine up from egoshare
This exact same thing happened to me a year ago shortly after the subscription ran out on my antivirus software. It pretended that it was my own sofware and scanned all of those viruses and said that I was under attack and had to update my subscription to get rid of them all. It scared me so badly I fell for it and gave them my credit card. I immediately realized my mistake when they said it would be 45.00 and once I submitted it, it said thanks for the payment of 92.00. My point to all of this is that someone seemed to know that my antivirus subscription had expired and it seems like more than a coincidence that I let my subscription expire again just one week ago. How do they know? Do you think whoever is spreading this virus has access to the antivirus database of expired subscriptions? Anyone (or everyone) else let their subscription expire lately?
What I did..
I ran the setup on another logon on the computer and didn’t even touch the run prompt or had to be speedy about it.
..I hope this clears up a lot of confusion.
Im running malware still so hopefully it should remove Security Tool but also i have another problem. Im not sure if its casue by Security Tool and the trojan Winwebsec which have infected the comp but the background is black and my old background seems to have been deleted. Also when i click on anything like open the scan window the icons on the desktop disappear. The only way to show all the shortcuts on the desktop again is by pressing the return to desktop key in the toolbar. Is this caused by the aforementioned programs and will it be fixed when malware finishes?
The problem got worse again the exact same things happened to the other comp as their networked and now both are infected and both have the same background problem. i am running malware bytes on both to remove now. If the virus is fixed on one comp will it just be reinfected by the other?
Do viruses attached to certain file types or can they infect any type depending on how they are written? Scanning takes 4 hours and if I have to do it again I’d love to pick and choose files.
I’m pretty sure that Security Tool attaches itself to any .exe file… so if you go into run and type in: C:\Windows\system32 , unlock the “hidden files” and find the taskmgr.exe file; make a copy of the file and name it iexplore, it will allow you to run the task manager. From there you can find the virus in processes (the name of the virus is a random string of numbers such as: 4792342398) after you terminate the virus, rna a system restore, and you should be up and running.
I managed to scan my computer with Malwarebytes but once it finished, the Security Tool was still there. What should I do?
Thank you all for your advice manny i did what you said and finally got rid of this annoying virus after many attempts. I appreciate it
Reply: To Genny
You said: Hi Jon – I’m following your instructions because I finally got my anti-virus software to run in Safe Mode and it found a file 61038422. There is an .exe file in the folder but no batch files. Does that mean the scan hasn’t found the batch files yet?
Genny – The batch is hidden I only saw the .exe file also, I deleted the batch registry key when searching the number associated with the folder that contains the virus.
Just search the registry using your number 61038422 and delete the keys. Remember to hit F3 to search again, and delete again.
It really works!
Good Luck
1st. Download Superantispyware remover, its free
2nd Download MalwareBytes Anti Malware (also free)
3rd Download Norman Malware Cleaner (also free and very good)
4th Download ATF-Cleaner
update as neccarcy
all these should be easy to find by googling them
5th Start pc in safe mode (F8)
6th Select Safe mode with networking
7th Run and scan using MalwareBytes Anti Malware remove what it finds
8th Run and scan using Superantispyware remove what it finds
9th Run and scan using Norman Malware Cleaner remove what it finds
10th run ATF-Cleaner select all and remove
all of these will take about an hour depending how big your drive is
11th start again in normal mode
and smile
heres what I did do get MBAM ro run. Go to safe mode.
Install MBAM in safe mode. When you get to last setup screen (witrh the checkboxes for update and run mbam) STOP- dont click the last “next” or install” button.
Go to the directory you installed the program to. (by default, C:\Program Files\Malwarebytes’ Anti-Malware)
find mbam.exe and rename it to mbam.com
THEN finish the install, and run that mbam.com file
I did what nobody said to do, I found the batch of numbers it was 7534598454.exe, or something like that, I clicked on end process. Restarted my computer, and the virus is still there. Then I tried what Rick posted at 8:58 pm, I tried restoring the computer to last Friday, a couple of things happened, then a window came up and told me the restore was unsuccesfull. So I went to try to do a restore again to a different time, and now I cannot access windows help and support, the virus has blocked it.
to get Malwarebytes to run change the install directory name(this will allow it to install correctly) then rename the file MBAM.exe doesn’t matter what to but this will allow it to install and run. It won’t matter what mode you run your computer in.
PLEASE NOTE: I’ve just spent 8 F#!@en hours on it.. So here’s the steps I took. PLEASE READ ENTIRELY and NOTE THAT THIS WAS MY HELL ON EARTH experience as the virus wouldn’t let me get to ‘SAFE MODE’ I know a few of you had this problem (and some might still have it)
I did everything everyone suggested but found these few things to be helpful. I also did all of this without my computer connected to the internet just to be safe.
1. The guy who programmed this thing is smart. disabling all exe/bats. so I had to create other means of getting to my programs, shortcuts and some renames (as suggested above) worked and I also ran a chance on doing coms (surprisingly it worked). Note that my renaming convention was random and I didn’t use things like ’spyware.exe’ or anything too obvious, reason is I tried a few renames along those lines and it failed to run the program. Yet when I did renames along the lines of GHDHR2345.exe, it ran (go fig).
2. renamed the task manager (following the above convention as suggested by a previous poster) and then went in and shut down the viral process. (this is also listed by someone in a previous post as programs with a string of numbers ie 1234657.exe)
3. ran msconfig and shut down ALL start up processes
3a
4. ran malwarebytes /
5. eliminated everything.. (or so I thought)
5a DO NOT RE-ENGAGE ALL PROCESSES, this is where the fun (or pain) actually starts.
Now here’s where things get interesting.
6. After you run it, you think things are fine, but run malwarebytes again and you might find more copies of the virus! (I know, since I did) and actually it won’t be ’secutiy tools’ related by random weird trojans.
plus you’ll notice after your reboot you’re going to have a ton of DLL errors, these errors are from the virus and they’re probably still in your trashcan. CCleaner might be an option.
7. I’m guessing that this virus is pretty ingrained into your files, meaning getting rid of it is only 1/2 the battle. In one scenario the virus is a time-bomb / action based script where it’s going to react everytime (or start a count down) everytime you start your computer or run program X,Y,Z. The trick is going to be rooting it all out.
8. Deleted all cookies and Uninstalled my web browsers and ran malware and found more traces.
It’s in the AM now and I’m still letting my system run malwarebytes, etc.
My gut instinct tells me that this malware is definitely ingrained in either our browser execution or something we have to ‘run’ a lot. It might also mean that this stealth malware (if I can call it that) will still be in our system until a) we do a formatting or b) someone truly figures out a way to remove it.
AGAIN PLEASE NOTE:
This was my experience with the Security Tool malware. From what I read, everyone is having a few different experiences. A few of you here are having what happened to me the first time around. So a quick after thought might be, after you get your system up and running, perhaps it’s time to do a clean install.
Sorry you are trying too hard!!
1. open my computer
2. open “C” drive
3. find the program files
4. security tool has a folder and icon
5 rename folder
6. delete folder (it won’t delete if you do not change the name)
7. reboot
8 if you can try malwarebytes if not download it and up date
9. run all the anti
10. go back and search for the dlls do a complete maintence
bro how did you get passed the safe mode part i cant even get to safe mode PLEASE HELP
Manny, thanks so much for the information. I was never able to find the mbam.exe during the install. However, I did have Malwarebytes downloaded on another computer so I opened Malwarebytes on the noninfected computer. Then I ran the update and closed Malwarebytes. I then navigated to C:\Program Files\Malwarebytes and copied the mbam.exe to a flash drive. Then I copied and pasted mbam.exe in the C:\Program Files\Malwarebytes directory on the infected computer. I was able to successfully run the software.
I’m just hoping the virus stays gone this time. I called myself removing it yesterday but it returned this morning.
I was forced to do a clean install of the OS. The anti-malware programs don’t get rid of the program completely as others have stated. The only true way to rid yourself of this nasty program is to wipe the disk and start from scratch, unfortunately.
First restart in SAFE MODE I hit the F8 key several times from a fresh boot (when the Bios displays somethings on the screen). Then I chose SAFE MODE with NETWORK enabled (so to have the WiFi working. then I downloaded the file wbam-setup.exe from CNET.com and prepared an empty folder – calling it whatever. Then I opened up the empty folder whatever and selected the VIEW option to be DETAILS and not hiding extentions. Then I installed the file I downloaded into that folder. As soon as saw the file wbam.exe I coipied it and pasted it onto another folder. You have to have both folders ready open. then when the file wbam.exe disappeared as expected, I pasted it back and it was all good. then I ran the wbam.exe by double-clicking and took care of the little bastard. Only when I restarted, dunb Windows complaiined it could not find ‘midogiru’ which is still in the registry. So if you run in the start menu, RUN, and then type REGEDIT, in RegEdit you can search for ‘midogiru’ and delete it. This will take care of the Windows complaining about it being missing which is a good thing that it’s missing. Many thanks to SOFT SAILOR which saved me! may the force be with you, always!
I got hit with this awful Security Tool package today, and spent several hours fixing it. Many thanks to all of you who have posted your helpful comments. I used the suggestions on this page and eventually found my way to freedom from the virus (or whatever it is exactly)!
When I had the same trouble downloading the Malwarebytes as everyone else, I took the suggestion to go to my Registry Entry in Safe Mode and delete the Security Tool files there. That worked well enough to at least get my programs back up and running. However, my desktop background was still different and I still couldn’t download the Malwarebytes software, so I figured I still had hidden parasites from Security Tool in some obscure place.
Next, I ran a Systems Restore in Safe Mode, and that seemed to help tremendously. Everything booted up as normal. At that point, I could download the Malwarebytes program. It ran a scan on my laptop for 40 minutes and found 10 infections! I cleared them all and promptly set up Firefox as my internet browser from now on.
Hopefully those nasty parasites will stay far away!
Thanks again to all you computer gurus who assisted me today.
Hi
this virus is awful
I opened safe mode and ran malaware which seemed to get rid of it
but now my pc is slow and google chrome or IE do not run
Any ideas?
yeah, same here my internet does not work wireless no not… its dumb everything is so slow… help!!
We had this problem…our tech who is a good friend brought us MalwareBytes Anti Malware on flash drive and installed and ran it….the computer seemed ok, but then the damned security tool reinstalled itself! For three days I’ve been dealing with this! Finally today I re-ran maleware, deleted the files, immediately when and updated our anti-virus (Avast) then downloaded and installed PC Tool Firewall plus. Now FINALLY it SEEMS to be ok. But beware, because for some reason this thing will re-install. If you’re not running a firewall you might want to think about changing that.
make sure it has been completely removed from program files!
i reformatted my computer 4 hours ago from “Anti_virus_pro_2010″ and now Security tool has downloaded, Fuck my life.
Easy version if you have a second computer available:
1) Download and install MalwareBytes to a thumb drive.
2) Run infected computer in Safe mode with Networking (f8 at startup)
3) Install MalwareBytes on infected computer
4) Copy Mbam.exe from your thumb drive into the MalwareBytes program files folder (C:\Program Files\MalwareBytes)
5) Run, update, scan
This did it for me, no command prompt or msconfig necessary.
I got this today. I already had MalwareBytes on my machine and it ran ok when I booted in SAFE mode. But SpyDoctor now keeps running over and over. SO I have to see what thats about. I am 99% certain I got this virus via an instant message window on a PAY site that I *previously* trusted.
ok so i cant even got on the internet to download malwarenor can i use a flash drive or zip drive…. help please…
Has anyone simply tried Windows Restore to go back a few day before the infection? It worked for me.
Yes tried restoring to a few days to few weeks to few months, doesnt work.
Any ideas on what to do.
IE does not have add ons – how to fix?
trry my previously mentioned task manager soultion… THEN system restore!
Finally was able to run MalwareBytes per jdawgs suggestion by installing an updated copy on my flash drive and running it on my infected pc while it was in safe mode. I ran a full scan first and it deleted all infections except for 1 which it claimed it would do on startup. A 2nd quick scan seems to have eliminated all traces.
bill h. solution worked beautifully. Really quick.
okay so i just called a friend of mine who is a genius at computers. He said to download combo fix run that and then when the system reboots to run malwarebytes. am doing this now wish me luck and hopefuloly this shit virus will be gone
Malaware removed virus but killed crome and IE
what to do??
when i go to install malwarebytesnit says
unable to execute file:
C:\Program files\Malwarebytes’ Anti-Malware\mbam.exe
CreateProcess failed; code 2.
the system cannot find the file specified
how can i fix this!!!
This is not a solution.
Okay, so this is what I did, step by step.
I started my computer in Safe Mode with Networking, downloaded the program and installed it while still in safe mode to avoid having the virus eat the program, but that DID NOT work.
As soon as I started my computer and ran it in the normal mode (Because MalwareBytes Anti-Malware would NOT run in Safe Mode) the virus would destroy the Mbam.exe file. So, I did what was advertised on other websites, and I think also commented here and installed it on another, uninfected computer, then transferred the program over to my computer, but again, the virus attacked and destoryed the Mbam.exe file.
So I fallowed another set of instructions, which was to be quicker than the virus.
And to anyone who’s read that, copy the mbam.exe file, instructions. What the person means is open the program files folder and open the MalwareBytes folder, (as it’s installing) cut the mbam.exe file and paste it anywhere else before the virus reacts and destroys the file. (Its close to impossible with a fast computer.)
Well, after a good 48 tries, I cut and pasted the file before the virus attacked it.
Then promptly ran MalwareBytes Anti-Malware.
Things APPEAR to be back to normal, but don’t trust it for a second. The Virus is still in my computer and it’s still doing damage. Not only that but it tends to reinstall itself, and when that happens it will attack MalwareBytes.
I had to use a series of different tutorials to hide the Virus, and I’m not satisfied with just hiding it.
I want the virus out, but that’s not going to happen with anything advertised on the internet right now, unless you want to spend a couple hundred dollars trying out different programs.
MalwareBytes will only slow the virus, and if you run MalwareBytes a good 20 times per day, you shouldn’t have the virus bother you. But if you want to get rid of it, your best option is spending a retarded amount of cash to find the right program to delete it, or you just f-disk your computer.
Don’t trust for a second that its gone after you use MalwareBytes. It still has loggers in your computer and you will get your information taken.
Sorry to burst everyone’s bubble.
Thanks Nobody. It worked. I am running Malwarebytes.
If your computer does not let you install it, reboot your computer, and while it is restarting, hold F8. After you get to a screen with three sections of options, you want to use your arrow keys and hit enter on ‘Start Windows in Safe Mode With Networking’. You should be able to install it from there.
Hi guys, just got Security Tool a few hours. I downloaded MalwareBytes and tried to open up in Safe Mode, but so far no luck. It’s (1) preventing me from running MB’s install, (2) preventing me from opening MSconfig, and (3) I can’t seem to open Safe Mode. When I attempt to open Safe Mode, a bunch of files with the prefix “Multi(0)Disk(0)partition(0)…..” or something along those lines scroll across my screen, eventually ending in a blue screen stating:
A problem has been detected and Windows has been shut down to prevent damage to your computer.
PAGE_FAULT_IN_NONPAGED_AREA
at which point Windows suggests disabling some things in BIOS. The blue screen finishes by saying:
Technical Information:
*** STOP: 0×00000050 (0xc7E91094, 0×00000001, 0×80537009, 0×0000000)
If anybody knows what that means, or has any suggestions, I’d love to hear them. As noted, this only happens when I boot into Safe Mode. I can boot into Normal Mode fine, but of course, when I do so, SecTool prevents me from running even msconfig. Thanks!
have you tried Manny’s instructions above yet? That worked to get Security tool to stop interfering long enough for me to run MB’s install. Then when you install MB, have window’s explorer open to the MB folder while you are installing because security tool will delete the exe file as it’s installing so it won’t run. you have to be quick (it took me several tries) – when you see the mban.exe appear copy and then paste it to desktop. then copy back and you can run MB. this is virus is a real pain – I got it last night.
I believe that Manny’s instructions are designed to be run from Safe Mode. As noted, I cannot get Safe Mode to open on my computer; I tried doing that in Normal Mode, but nothing “pops up” inside the target folder – not even for a split second. Basically what I’m looking for is suggestions as to (a) possible ways of getting Safe Mode to work, given the error message displayed above, or (b) ways to fix this without using Safe Mode. Thanks in advance!
to get Malwarebytes to run change the install directory name(this will allow it to install correctly) then rename the file MBAM.exe doesn’t matter what to but this will allow it to install and run. It won’t matter what mode you run your computer in.
Oh, forgot to add, the program prevents me from running regedit, task manager, etc., as well.
With everyones help all together this page has helped alot…This is
a very advanced virus, it completely locked me out of all programs, Task Manager, my system settings, msconfig, and wouldn’t (and still wont) let me reboot in safe mode in any way…
renaming task manager didnt work for me but renaming msconfig did (first i copied the file), i renamed it to firefox and it worked,i shut down all start up processes, and restarted pc, i have a secure deleter that i used to delete all the secure tools and av2010 files i could find, looked up dll’s (on another pc) and hidden files and registry files, deleted all i could find. and still its still somewhere.
all these antivirus programs that are listed here(malwarebyes, spyware doc etc…) WILL NOT COMEPLETELY GET RID OF THIS, well it wouldnt with mine atleast… i’ve used registry cleanerS, and many
i repeat MANY different antivirus programs they all couldnt completey remove it…
everyones experience does seem to be different, there has to be different versions of this virus, but it names its key or core files randomly, and NO ONE can pin point exactley what YOU need to
delete, there are a couple of sites out there that tell you most of them, but I tried securely deleting all of the files listed, from dlls to getting into regedit and getting rid of registry files, so like some others are saying
your best bet is to start all over, wipe your hard drive.
back up your important files after disabling your start up processes and move on.
I also tried everything that was suggested but the more I did the more the virus seemed to spread.
Doing a System Restore is probably a good solution if you are positive when the virus got through and if you do it before you try a million other fixes, one of which, for me, was getting Malwarebytes to download properly, which never did work. I ultimately ended up with the Security Tool icon in safe mode and there were so many registry keys affected that I decided that was a good place for me to stop before I did permanent damage.
I’ve now learned that these damn viruses can mutate anyway so I agree that THE BEST SOLUTION IS TO BACK IT UP AND WIPE THE HARD DRIVE CLEAN. The hours I spent trying to fix this could have been spent reloading and tweaking.
Hate to disappoint all those negative-souled virus writers out there but although this was frustrating and tedious, it was an invaluable learning experience.
Hi everyone, just thought I’d share a simple way to get rid of SecTool for those who, like me, are prevented from booting into Safe Mode.
1. Start up in Normal Mode.
2. Immediately go to Start -> Run and launch MSConfig.exe. SecTool is low on boot priority and does not launch immediately; thus there’s a small window in which you can start this up before SecTool locks down new .exe’s.
3. Once this is done, disable all Startups and restart computer.
4. Your computer should now start in Normal Mode without SecTool running, clean up its files by:
a. Deleting all visible start menu and desktop icons
b. Deleting all files and folders from C:\Documents and Settings\All Users\Application Date\ that consist of strings of random numbers (423134342.exe).
c. Opening regedit.exe from your Start -> Run menu and manually deleting similarly suspiciously numbered entries. Mine were found in HKEY_Current User\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_Local Machine\Software\Microsoft\Windows\CurrentVersion\Run. Yours will likely be here as well, but I’d recommend a full manual search to make sure there are no others.
5. Once this is finished, run an antivirus – AVG picked up a file I missed in my purge. Then reboot without Selective Startup and things should work fine. I still have a piece of adware floating around that I have to get rid of, but I’ll find it eventually.
Good luck!
THIS WORKED FOR ME:
When the Security Tool windows first started appearing, most programs worked as normal. Then the trojan started intercepting more and more programs and the only was I could get my PC to run anything was in Safe mode.
For those who are having problems installing Malwarebytes because they can not copy the mbam.exe file fast enough (before Security Tools deletes it), you can try to delete it yourself, then restore from the Recycle Bin.
Also, IF you are able to boot up in Safe Mode, a combination of Malwarebytes AND Spybot S&D worked for me this morning after 4 hours of going in circles yesterday.
I had this on a PC also. It had affected the ability to open task manager, it closed any command window I opened after about two seconds, and it also closed other windows I tried to open up. When I installed Malwarebytes, the ‘Security Tool’ would delete the Mbam.exe. I made a small batch file to rename mbam.exe to some other .exe file and I was able to run Malwarebytes that way. Malwarebytes detected and removed most of it and had to reboot.
However, after rebooting, the program reinitiated itself and one to three of the files could not be deleted. I tried booting into safe mode and the ‘Security Tool’ had installed a link to .exe’s so that when I tried to execute one, it would come up with the window that asks what program you want to open it with.
I ended up removing the hard drive and attaching it to my PC externally and moved the files from the hard drive. I then ran a Malwarebytes scan (Malwarebytes will not pick up the registry on an external hard drive, only the files) then installed the hard drive back into the original PC and did a Malwarebytes scan again and let it reboot. After the reboot, the files stayed gone. I also removed the registry entries in HKLM\…Run that pointed to the missing files.
This will work.
Best way to do this is to make sure extensions for know file types are not hidden.
To show them, click on My Comouter, goto Tools, then Folder Options, then click on the View tab and uncheck the option “Hide extensions for known file types”.
Next install Malwarebytes into the default directory. Of course mbam.exe will disappear about as soon as it is installed. After the first install navigate to the directory at C:\Program Files\Malewarebytes’ Anti-Malware\ and leave it open. Next re run the mbam-setup.exe and watch the install directory. Towards the end of the install, mbam.exe will show up in the window. As fast as you can, right click it, select rename, and type a character or letter like a. This will stop the application’s executable from disappearing. You may have to try this more than once depending on how fast you are. Close out any error windows and finish the install. Next, go back to the directory where your newly renamed executable is located, select rename again, call it whatever you want like abcd and add the .exe extension back to it. This will make it executable again.
Run the application by double clicking abcd.exe as normal. The first thing to do is update it. Next do a deep scan. You may also create a new shortcut if you like.
I hope this helps.
thanks man!!!!! you saved my life!!!! i have removed security tool!! thanks to you and malwarebites!!!
Thanks for all the advice on removing security tool. What a pain and what a blessed relief. Easy when you know how!
I already removed it 3 times (using the fast scan on Malwarebytes) but it keeps coming back after a while. I’m doing a full scan now, but I doubt it’ll remove it completely. Is there anything that I can delete that might help remove it completely?
Thanks in advance!
This will be the second time for me, how do we protect against it in the future?
I downloaded malware and it runs fine, problem is that security tool is making my PC randomly restart every 15-20mins
a blue screen comes up with some random info
(which i havent been able to catch) and then it restarts
so the quick scan by malware never finishes to give me the results, at the moment its been running for 10 mins and has found 13 infected items, if i abort the scan (before the PC restarts) will it give me a results page ????
Neither the quick nor the full scan on Malware work. I tried both and it fixes the problem temporarily. After 15-20 minutes it comes back. And this time it wasn’t only Security Tool, but also Windows Police!! I tried ComboFix just now, once again, it seems to have worked fine but I have to wait and see what happens. If it works well, I’ll let you all know.
Bill Hough’s solution worked, thank you Bill.
This virus is a fucking bitch just when I think its gone it reinstalls itself…..I dont want to clean sweep my comp but i think it might be coming to that
I finally figured it out! Can’t wipe my computer here, ran malware a few other virus programs. It caught all the keys, and told me to reboot to clean them. But, every time I rebooted, they came back.
Here’s what I did.
Ran msconfig
clicked start up menu
unchecked the blank line
rebooted and wa’la. All gone (at least for now, knock on wood)
Here is how I removed “Security Tools”:
My sons laptop got the nasty rogue called Security Tools. It was very slow as it was constantly being bombarded with pop-ups telling us that his laptop was infected and that we needed to purchase their product. He kept getting Security tool warnings. It also stole (actually just hid) his desktop icons.
This nasty rogue would not allow his computer to open in safe mode, nor would it allow him to download Spybot, Adware Se or Malwarebytes.
So from my clean computer I downloaded Spybot, Adware Se or Malwarebytes, all of them (saved them) to a thumbdrive and tried to sneak it on his infected computer via a thumbdrive,…no luck.
I download them again, this time renaming them before I download (a trick that sometimes work) ….still ….no luck. If you rename your anti-spyware or ante-malware the rogue spyware might not recognize the new name and let you run it. Unfortunately this spyware (System Tools) was to smart for that.
]Here is what finally worked
From my clean computer I downloaded “HijackThis” to a thumb drive but before saving HijackThis.exe, I renamed it to explorer.exe.
I stuck the thumb drive into the infected computer, and sent (HijackThis.exe) disguised as explorer.exe to the infected computers desktop.
Even though the computer infected with SecurityTools wouldn’t allow us to download SpyBot or AdwareSe or Malwarebytes, it allowed us to download HijackThis.exe.
Since this bad spyware Security Tool hid our desktop icons, I had to right click on the Windows task bar, and then click Show Desktop so that the desktop icons would appear.
Now that I could see the desktop icons I saw the icon for the spyware SecurityTools. Of course deleting the icon would do nothing but delete the shortcut. But when I right clicked on it and I found clues in the properties:
The nasty booger was…..
C:\Documents and Settings\All Users\Application Data\94345126\94345126.exe
So now I knew where the spyware was and the important number 94345126 (note this number varies….your number will probably be an 8 digit number, just right click on the securitytools icon and write down your number.
As the desktop icons were now visible I clicked on the desk top icon for HijackThis.exe that I had falsely named explorer.exe and ran it. I did a system scan only.
I looked at the log and found
O4 – HKLM\..\Run: [94345126] C:\Documents and Settings\All Users\Application Data\94345126\94345126.exe.
I put a checkmark in this and pressed the “fix checked” button”
After HijackThis.exe did its magic on O4 – HKLM\..\Run: [94345126] C:\Documents and Settings\All Users\Application Data\94345126\94345126.exe. I could now run the Malwarebytes that I had previously downlowaded to a thumbdrive.
Malwarebytes found (4) problems which I fixed with malwarebytes. I then cleaned out my sons recycle bin.
His laptop is now free!!!!!!
I had never heard of HijackThis until today. (see Go.TrendMicro.com) I had used Malwarebytes a few years ago. I recommend downloading this from CNET, because you never know what you are getting anywhere else.
I found out that if I hit c-a-del, after I login, before it load all the start-up programs, I can get the task screen running, and when the virus does start-up, I can stop it. This allows me to run my virus scan and remove it.
I had the free version of AVG on the computer, but I am going to upgrade to a version which monitors in coming files and removes the viruses from them.
I hope this helps.
All I did was a “System Restore.” The viruses are gone, but the computer is really slow. I tried looking for anything related to Security Tool, or Windows Police but I couldn’t find anything. I ran Malwarebytes, and Ad-Aware.
Ok, well nothing suggested in this thread worked for me. My experience:
I agree – VERY advanced virus. Never thought I would resort to thoughts of joining the lynch party but I would honestly LOVE to see this MFer experience a slow and PAINFUL death!!!
I may have ran across a yet more advanced copy than most have dealt with here but I believe it is the same bugger. I did NOT experience the disappearing mbam.exe behavior some folks described during mbam install. Instead, mbam.exe stayed. What I DID experience was that it ran the first time, then closed once the scan was initiated. Subsequent executions of mbam would result in an access error, the exact message of which I can’t remember (sorry*). When you execute mbam.exe from the command line, it said access denied. Copying it quick to the desktop and all that stuff that worked for others did not work for me.
Symptoms
Everything is locked – we’re talking Registry editor, IE, you name it. They disabled it! EXE’s were rerouted so most Executables would not launch. Regmon, Procmon, superantispyware to name a few that I tried. Whether in Normal or any of the three safe modes, it still seemed resident even though procexp.exe, which it DID allow to run, did not shows signs of it’s presence. Obviously it rooted itself in one of the main system files.
What I did to get rid of this!
I downloaded and copied mbam-setup.exe and mbam-rules.exe to the root of the infected PC’s C: drive. I then removed the hard drive (I know, many of you have probably never done this) and slaved it off another PC with Malware and AVG installed. I had both security apps scan the drive and both found numerous file infections and cleaned them. I then brought the PC back up in command line safe mode, no internet acccess. I executed the mbam-setup.exe in the root and then the mbam-rules.exe and had it initiate a scan. This time mbam.exe did not close. It finished the scan and found numerous infections in the registry and some additional files. I then rebooted and came up in normal mode. I next ran superantispyware. It found infections right away (Jesus!) – ended up finding numerous registry infections and a couple files, cleaned, rebooted. Back into normal mode, ran full scan with mbam. It found 1 infected file and several more registry entries. Then ran ComboFix.exe. Between the three the thing is finally gone. Combofix found numerous items too. What a mess.
If you are experiencing the same thing, I would suggest slaving the drive on another PC and start with a file scan. Then move on to scanning within the operating system of the infected PC> Hope this helps someone! I lost some hair over this one!
I thought my system was free after doing the safe mode stuff & running MalwareBytes and a couple of others. I also used PC Tools, which indeed found them all but doesn’t fix them unless you pay for the package (which, in retrospect, would have been a VERY good idea….).
I had left the Registry Scan from PC tools running. NO APPLICATIONS were running; just the stuff in the system tray. After returning to the computer running in this state for 8 hours…Registry Scan had found over ONE THOUSAND changes to the registry. Now, it’s my understanding the registry should not change unless you make a change to an existing APPLICATION (not file), or add/delete applications and/or hardware/system settings.
I am not sure this drive is worth the effort to save it. I restarted machine in Safe mode, and copied my music files, word, excel, and photo files to a Passport drive. I am going to slick the C: drive and do a fresh install of XP. I will then scan my copied files from another computer before moving them back to my PC.
This bears repeating: I believe I got this virus IN AN INSTANT MESSAGE WINDOW, from a “user” in a chat room. This user had NO PROFILE; even knowing better, I accepted the IM anyway.
If you are reading this, its probalby already too late for you as well, but spread the word.
Once again, do a “System Restore.” I went back to a week before I got the viruses. Now the computer is working fine, it was slow at first but now it’s normal. I ran Malwarebytes, and Adaware and they didn’t fine anything! It’s been 12 hours since I did this and the viruses didn’t come back!!! =)
This is a simple solution to get control back to your computer.
As I said before, as the computer booted up, I hit control-alt-del after it got into windows, but before had started up all of the programs. With the taskmanager windows open, I could shut down the ########.exe file when it started. I then bought a 3 copy version of mcafee, downloaded it, and installed it, because the free AVG stuff does not monitor incoming files, as does McAfee. AVG would delete the file, as I had this problem a week ago, but the virus came back.
Okay just so you guys know I have fought with this virus for over a week. I have tried everything recommended and quite a bit not recommended. I am going on 24 hours virus free and I hope it stays that way but just on the off chance that you guys did not try what I did I am going to give you a little insight.
First, I have norton as my antivirus and I thought for sure that this was the best software and it would stop anything. Boy was I wrong.
I first got this virus off a banner on Hi5.com so anyone who uses this application please beware. I have an associates in computer networking and software and even this was well beyond my patience.
The first thing that I tried was running Malwarebytes after having to steal back the mbam.exe file and rename it to bytes.exe to be able to run it. It caught many of the virus but not all of it. 12 hours later the damn thing reinstalled itself.
This time I ran combofix.exe and then malwarebytes and it got all the infection but norton kept telling me I had a trojan.vundo which is part of this virus.
Finally when push came to shove I ended up doing this and am still crossing my fingeres to make sure that this works.
1. I downloaded Superantispyware and ran it-17 infections of the registry
2. I downloaded Norman Malware Cleaner and ran it- 14 infectious files.
3. I download ATF cleaner which gets all of the little files you miss.
4. I followed this path—-Start—Run—-Prefetch—-and deleted 121 instances in my prefetch file.
So far Everything seems to be working better and faster than before so please pray that this fixed the problem…..
Now i have for instances of anti virus on my computer and if this damn thing gets by now there is something wrong.
I have a purchased copy of Norton, Avast, SuperAntispyware
As well as spybot search and destroy the atf cleaner and norman maleware cleaner. I would recommend downloading these to prevent future attacks of this virus.
I have antivirus and am pretty careful, and can’t remember the last time I picked up anything that messed up my computer like this nasty thing. It takes over when you boot up, and won’t let you go into task manager or anything.
I got rid of it by going into safe mode (press f8 during boot) and looking at the properties of the shortcut on the desktop. It pointed to the executable file C:\Documents and Settings\All Users\Application Data\24180116\24180116.exe.
I deleted this executable file and removed the desktop and startup-menu shortcuts. After I rebooted into normal XP mode I was back in control. I went into the registry editor and deleted the items HKEY_CURRENT_USER\Software\24180116 and HKEY_LOCAL_MACHINE\Software\24180116.
The trick is to follow the Security Tool shortcut to the executable file. Once you delete it, you’re probably OK. I just wanted to remove all trace of it.
From what I have read, it generates a random number for the name of the executable file, so yours will probably be different.
I have tried multiple iterations of all of the above suggested remeides. Much as it disgusts me, I give in. Doing System restore from the restore CD’s I created when the machine was new. Meaning I will have to reinstall any apps I still need. Oh well. Learning experience.
I Cannot Install That File because he blocked the file -.-
THANK YOU SO MUCH !
the original method posted work for me !!
THANK YOU ,
now i dun have to bug my cousin to fix it anymore !
My boss sent me a link via email that has a small piece of software that may remove a number of these types of programs. I downloaded it but haven’t had a chance to test it yet. Here is a link to the article.
http://www.downloadsquad.com/2009/10/19/remove-fake-antivirus-cleans-up-personal-antivirus-antivirus-36/
100% got this bug from visiting the celebrity blog WWTDD – DO NOT GO TO THAT SITE.
As for trying to get rid of this bug, I had problems trying to boot up in safe mode and finally got msconfig to run upon a restart. I changed the setting there, and restarted. Now it seems I am in big trouble. The computer will not re-boot in safe mode and I am stuck in a circle of it re-booting. It wont do safe mode OR regular start OR last known working settings. While I think I had a huge problem before with the buy, now I am totally up the creek…
Don’t bother with that! read my earlier post!
Rick, I was on YouTube also when this sprang up…though the icon was on my desktop for quite a long time.
WWTDD is a site I frequent too….this must be everywhere!
so after scanning/removal of the specified virues from the use of malaware bytes, my computer won’t go to windows startup where the log in window shows ex.owner etc. Instead, just a blank black screen appears with the cursor. I don’t know what I should do can anyone help me??
Sometimes my PC does this when the harddrive overheats- too many add-on’s in a small case. It needs to cool for a few hours, and I’m sure the PC purists out there will cringe but I opened the case and use a small fan to cool it off when it misbehaves. I also re-directed a floor heat vent. This is a very low-tech solution but I was ready to buy a new MB when I figured this out. I spent all night re-booting the PC, finally got to bed, and the next morning it started like a charm.
Hi. My computer is in big trouble. So I couldn’t get it to restart into safe mode, so I tried to force it to manually go into safe mode by going into msconfig, boot.ini /safeboot. It still won’t safeboot, and now I can’t get it out of this mode, since nothing appears when I go into safemode still. Is there any way to get my computer out of this mode? Thanks.
I accidentally downloaded security tool, and everyonr says to download something else. But, I don’t want to download something else just to be safe. How can I get rid of the security tool virus manualy?
the download wont start up until you disabled the security tool.
as soon as your computer starts up, press crtl, alt, and del. when the tast manager, find the .exe file and end it’s process. then the download should start up without a problem.
For those of you frantically fighting against SecurityTools I will cut to the chase and provide to you what worked for me and some the hurdles/challenges I faced along the way. Further below I will provide some of my color commentary.
Challnges/Hurdles
– I couldn’t boot into safe made, got a blue screen crash/error
– Couldn’t get Malwarebytes to load correctly, Error Code 2 at the very end of the install process
– Every time I tried something different SecurityTools would quickly figure it out and slow my CPU down to a crawl and bombard me with pop ups and fake/false security notices/messages.
What I would do if I faced this again (based upon my own experience through trial/error/success).
– Restart windows/computer (hard boot – unplug and plug back in if needed)
– Launch task manager right away by Ctrl + Alt + Delete at start up, after Windows Log on for me (get task manager going as quickly as you can after start up before SecurityTools gets a chance to load).
– Look for program with a name listed as several random digits (may need to refresh to disable/kill it right away)
– As soon as the program with several digits shows up, end process for that program (as quickly as it shows up).
– Try to install Malwarebytes, if it doesn’t install Go to Start and then Run, then MSConfig and clicked on Startup Tab, deselected all so that no programs load/run at startup (including SecurityTools)
– Reboot after disabling the startup programs via MSConfig… then try loading Malware again, I had to quickly rename the program in the destination folder it as I downloaded it as well as renaming quickly as it installed to avoid the error message.
– Malware caught most of the bad stuff once I got it to run. Also make sure you have an antivirus program like Avira or similar running to keep the SecurityTools rogue from spreading as you try to fix/clean… Avira and others allow you to quarantine threats as they come up and not just want to find them as bad during a scan.
– Once I were to get my system some what stable, I would run ATF cleaner to get rid of the extra temp files accumulated from browsing the Internet (these cause the scanning software to slowdown/take longer).
– I would then run a few freebie spyware/malware programs to make sure you got everything… Spybot Search and Destroy, Superantispyware, combofix, (AdAware, Spy Doctor, Webroot, aVast – where all too slow for me and didn’t find much after waiting for ever to download, install, scan, reboot, etc). Panda, Fware and Trend Micro have quick web browser based scans that will do in a pinch if your system is in bad shape… won’t likely find the really hard to find things though.
– Going forward, I have decided to use Prevx… it downloads, installs, and scans very fast and protects threats in real time, around $29 to $35 a year and doesn’t slow down my computer.
– How my machine got infected by SecurityTools
My Windows XP desktop was infected by SecurityTools when I downloaded an email attachment on 10/27/09. It was a card from Hallmark, email address was “e-cards@hallmark.com). The email attachment was “Postcard.zip” and was 259KB in size. I was using YahooMail via Mozilla Firefox v3.5.3 and as soon as I opened the zip file and the subsequent PDF (Document.PDF or Postcard.PDF)… everything went bad in a hurry… pop ups, fake security messages, etc. I would normally not open this sort of thing, but it was two days before my birthday and seemed very plausible that a relative sent me a bday card via Hallmark.
I haven’t faced something like this in at least 3 years. I consider myself computer literate but by no means an expert who is going to be able to remove his hard drive and slave it to another machine to fix this. To be clear, this was a very frustrating ordeal for me and I lost a lot of time figuring this stuff out… 12+ hours easily. I think you could whip it in an hour or two if you don’t make the same mistakes I did.
Some things I learned the very hard way…
– Tried disable process via the Task Manager as my first and only line of battle against SecurityTools… I couldn’t get it figured out quick enough how to get around SecurityTools blocking/slowing me down trying to fix things… change the name of the programs/applications you need to run/scan is the key as is disabling SecurityTools via the task manager as soon as it appears (name consists of several random digits/numbers).
– Rescue CD from Avira was helpful to me once I had my computer so locked up I couldn’t do anything and could barely get it to boot up. You can boot directly off of the disk into a Linux GUI that avoids you needing to get hung up when Windows boots… my scan took nearly 2 hours but it did the trick to get me back into being able to boot into windows.
– Wasted time on some poor/slow scanning software.
– Thought I had it beat, then noticed all the redirects I was getting when using my web browser.
– Prevx is well worth it the $30… it runs very quickly and easily.
Many thanks to those of you have posted your feedback on this page, w/o your help I wouldn’t have been able to defeat this hanus rogue anti spyware called, SecurityTools. Thanks as well to SoftSailor for providing a page like this as a resource. It have spent several hours battling against SecurityTools and feel I have made very clear and definitive progress towards winning the war.
I got rid of this malware using ESET NOD32 Home anti-virus and spyware software. I didn’t go into safe mode or anything like that, just as well as that would have been scary! I simply scanned my drive, something was picked up and then I had the blue screen of death. The pc rebooted and scanned again and then the exe file was quaranteened, and cleaned. I then deleted it. Hope this helps. I can only presume that during the blue screen ESET did something to “security tool” because a large icon appeared on the screen and not the small ones that were in the bottom task bar that had usurped all my other desktop items. Four pcs protected for £46 a year. Can’t be bad.
Ok so i tried it in safe mode but i have the blue screen of death each time i tried in safe mode. What should i do now? Any help would be great.
Thanks,
My computer was infected with this Security Tool virus and I was unable to access my system restore or access Malaware (which I had already installed). I wasn’t able to start up in Safe Mode. My desktop was gone and the virus took over continuously prompting me to check for errors, etc. I couldn’t delete the file under c:/Documents and Settings/All users/Application data/ because the virus wouldn’t let me. I couldn’t stop the process in Task Manager because it wouldn’t let me do that either. This jerk of a virus is very tricky! THIS IS WHAT WORKED FOR ME: I finally managed to get to the Application Data folder again and i simply RENAMED the .EXE FILE and the FOLDER. (it was just a series of numbers- that’s how you know it’s this virus) By doing this, I was able to restart my computer, delete the file and folder I had just renamed and then finally run Malaware. Hope this helps!
Also, this thread helped a bunch of folks, particularly comment #24:
http://www.ibtimes.com/articles/20091008/security-tool-virus-removal-security-tool-removal-security-tool-malware.htm
Good Luck!
Guys!!! Thank so much for all your suggestions.. ,, finally I’ve remove this damn security tool virus.. MuuaaHhh..
None of this worked. cannont find the .exe nor the hidden folders avast and malwarebytes finds files out the ass but it will not go away regedit is useless due to the fact it will not find anything at all. the exe i found in the path name were 19418023.exe(impossiable to find, isnt any where on the computer at all) and Winhbt.exe(same as other) i’ve been fuckin with this for 9 and 1/2 hours and its not worth it any more. talkin last suggetions b4 i toss it and buy a new 1
Security tool still there. DLin Combofix and SpybotS&D still cant find the folder. found 1 with a bunch of #s but its been there 4ever and is also on other computers i’ve had so i’m not missin with it. got this damn virus from antivirus + WHAT EVER U DO DO NOT RESTART UNTILL U GET RID OF ANTIVURS + OR IT WILL CAUSE MORE ISSUES.
Reply
Hello all,
well, a friend of mine has also that sucks Security Tool virus on his pc. I went to his house and tried to fix it.
As at so many of you, the desktop items on my friends pc are also hidden. I found where the numbers####.exe is located, but couldn’t delete it. So, I tried to run the task manager ctrl+alt+del, msconfig, regedit, etc. but everything failed. The virus shows pop-ups that the files are infected. I tried safe mode over and over again but also failed. I downloaded Malwarebytes and other software but it is not possible to install them, the virus blocks every action. With other words… the pc is f*cked up.
I will try to rename that ######.exe and its folder. I hope to have than any access to go forward to delete this b*tch of virus in some way.
I have gotten malwarebytes to run, deleted registry values, and any files i could find pertaining to this virus. It seems to be gone.But now, my desktop icons and tool bars are completely gone and i get no pop-up when i right click on desktop. I can get a background up fom the properties menu(accessed thru taskmgr)but noting else!! Any ideas?
What I did was first open multiple task managers until it comes up, look for a series of numbers and then delete it within the processes tab then searched and deleted all files/documents called security tool.
I am really sad. I couldn’t get into Safe Mode and tried MSCONFIG. I unchecked everything except for REGEDIT. Not only did it not bring me to any Safe Mode screen, I got presented with the blue and green screens of death (green for when I hit ‘Last Known Good Configuration’ and ‘Start Up Normally’). Before I can continue my battle with Security Tool, can anyone help me at least boot back into Windows? I heard I need Windows XP CD for this.
Use the advice I put up there. No safe mode is needed and you also need to use malware bytes program called mbam to finish it off.
Hello, Just wanted to add my two cents here.
You can rename the mbam.exe file to something else like bbam.exe and the malware/virus will not pick it up.
These false av programs know the file names of all the true av programs out there and stops the scanning and detection, Renaming your av scanner should work to.
dee
THanks for hte headsup man
That was one nasty virus
you dont have to install additional programs after a couple hours you can find out what its linked which i found out was divx i uninstalled divx the the computer let me uninstall security tool i tried to reinstall divx security tool came back i uninstalled divx again the reinstalled security tool was easy to uninstall again i think divx is just trying to make a little extra money fuck them
Yeah, Security tool does no real bad thing, it is just really annoying and yes, they could take your money and DO NOT PAY THEM!!! It really isnt worth it at all.
Thanks… it works very well…
i cant get my computer to start in safe mode it sounds like the hard drive is running so fast that the computer shuts down i have malware bytes installed on it but just cant get it to stay on long enough to run it. please help
i have malware bytes installed but cannot get it to run this adware is making the hard drive spin so fast it shuts the computer down cannot start up in safe mode either or get into msconfig or start up in command prompt. please help me
BILL HOUGH IS THE MAN! Thanks for this SIMPLE & EASY fix! It worked like a charm…
Thanks a lot. I was able to remove security tool malware screen at every start up by “MalwareBytes Anti Malware” according to your instructions. Now I am very happy. Thanks you again. Best Regards.
Hey, i put malware onto a cd now what do i do?
Woke up with this virus on my machine today, i expect somebody on my network got it as I am generally pretty careful with how i browse.
Anyway, had malware byte’s already installed. Ran perfectly without any additional steps. Rebooted the machine as it couldn’t stop the already running process. Came back and the executable for the virus no longer functioned. I did some full scans with other reputable softwares to be safe including another mwb scan. No viruses detected.
Only damage done: lost my desktop background.
Not sure why everybody else had such issues with running malware bytes. Pretty wierd if you ask me. Regardless I’m going to be keeping a close watch on the situation in case something failed and the virus is still lurking. Which is completely possible.
If it matters im running windows XP.
Hold on, where do I find the mbam.exe file? I read the suggestion above to remove it from the install folder while being installed. What is the install folder?
I also got hit with this on a machine with Vista. This got past ZA but MS Defender noted it as Winwebsec. Unfortunately, using MS DEfender did not remove since, as has been noted, the trojan disables antivirus/malware tools. After trying a couple of things that did not work, I finally went to the control panel\programs\change startup programs and under the Publisher not available section found three odd files 64712323.exe, 99060024.exe and another numbered file I didn’t write down. I removed all three and rebooted. Seemed to reboot OK and no more prompts. I am going to do a scan with several programs.
Hope this helps someone else.
Thanks this worked like a charm. Luckily I had a separate account for my kids to use. I was able to log into my admin account which was not infected. Malewarebytes removed the virus in less than an hour.
OMG!! THANK YOU THANK YOU THANK YOU!! I TOHUGHT I WOULD NEVER GET THAT OFF MY LAPTOP… I COULDN’T DO ANY OF MY ASSIGNMENTS FOR SCHOOL… VERY HAPPY I FINALLY GOT IT OFF!
THANK YOU Bill Hough!!!!!!
=D
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
THANK YOU BILL HOUGH once again and again and again
May your wiseness lead you to your great future=)
=D
Hey Bill Hough
I saw many people from different sites that they are copying your instructions on this site to more sites.
=D
1.Right click “Security Tool” icon on desktop.
2.On Shortcut tab, follow the “Target”. Go to its folder (folder’s name was a bunch of numbers).
3.Open the folder.
4.Rename it.(any name)
5.Make sure that you have unchecked the “Read Only” check box.
6.Restart your system.
7.Go to that folder again.
8.Delete it.
Thank you Dr. Chris. Your solution worked for me on my daughters laptop with Vista home premium. Downloaded Malwarebytes afterward and it found four more objects. Everything seems to be back to normal.
security tool wont let me download malware or install it!
What i did with Win XP was to enter ’safe mode’ by hitting F8 repeatedly while rebooting.
Then in Safe Mode go to system restore & restore windows to check point that you are sure was before you got infected. Then you can now reboot normally, go online & download Malwarebytes, install it update it,then clean out your computer by scanning with it. Should sort u out.
David.
THANKS!!!!!!!!!!!!!!!!!!!!!!! WITH EVERYONES PEOPLE LIKE: MARILYN ROXIE, BILL HOUGH, AND OF COURSE ALEX DUMITRU, MY LAPTOP IS DONE WITH THE HASSEL OF SECURITY TOOL. YOU GUYS ARE THE BEST!!!!!!!!!
I MEANT EVERYONES HELP
~
I have downloaded spyware doctor to a flash drive AND WAS ABLE TO download it in safe mode… when i click on run smart update it tells me UPDATE FAILED error downloading. Thought i was following directions well , but im really lost.
Can’t get rid of it. I’m only a kid and it affected my school computer. My mum and dad have both tried. I first had softcop on a differnt laptop and that wAs easy to get rid of using malware bytes but this one won’t work. It has completely blanked my desktop, I can’t see my icons so is there a way u can explain it to me but more simpler
I booted into “Safe Mode” where I had noticed that the Security Tool software did NOT automatically start. From that point I was able to Restore my wife’s computer to a previous date as recommended above. After the system had been restored, the Security Tool Icon was not there on the desktop, and it did not start. Thank You!!
For insurance, I downloaded and ran MalWareBytes and it found 277 infected files on her laptop. I deleted them all, and, so far, the computer is operating normally. I’ll hear about it if it doesn’t! I also downloaded and ran MalwareBytes on my desktop, and it found NO infected files. I use AVG Free daily. I give it credit for the excellent results.
I tried everything you said, and I thought I finally got rid of Security Tool. When I opened internet explorer, it seemed to be working just fine. However, the Security Tool icon was back on my desktop! I went in and deleted it again, emptied my Recycle Bin. I did a search to find that file, I put just the numbers in, and found nothing. Is it really gone, or is it going to keep popping up on my desktop each time I restart my computer? I had been ast this for weeks, and finally today there was Security Tool in my taskbar and that’s the only way I knew what I was dealing with.
Is there anyother way to delete security tool with out downloading any thing?
Jose,
Yep – see Bill Hough’s comment above (October 9, 2009 at 3:21 pm) and then in greater detail at (November 2, 2009 at 5:11 pm). Read it through first before starting. After six-hours of effort, I searched online, found his post, followed it exactly – based on what he was saying to do, rather than what I was thinking I should do. Worked the first time and at 0330 in the morning I finally got to bed. Good luck.
William
you have to download malrebytes’anti-malware after downloading it just unplugged the internet connection so that security tool will not appear in your screen then restart your computer. Open malware then click run and follow the instruction.
text 402-802-2828 saying “yell at your sister”
text 402-730-0366 “write a story on mlia. then text your friend whose initials are “KV” if you did it.”
Yeah, I’ve been fighting with this program all afternoon! It’s not a real tough malware program, but just extremely annoying. I’m not sure how people get away with making this stuff!
I fell for the fake viruses and purchased security tool, how could I get my money back or find out where it went
how can I get my money back or find out where it went if i purchased security tool already?
the secuirty tool wont let me do anything do i need to reboot
I had that stupid Security Tool and it kept popping up every minute! I followed these instructions and it got rid of the whole program. Thanks sooo much for this article!
if anyone has problems becuase security tool wont let them run malware i went on firefox safe mode and then when the download finished i pressed f4 and then it opened and it ran successfully. keep holding f4 tho until u get to the terms of agreement section
This is proving a real challenge, it wont let me stop the program from running using taskmanager as it keeps closing it down, any software i download to get rid of it wont open afterwards, ive located Where the Security tool file is but it wont let me delete it as the program is still running, any help guys?
For the record, my daughter picked this virus up from Facebook. BEWARE!
Hello
I ran my computer on the safe mode. Was able to download Malwarebytes, run the scan and clean the infections. BUT now the moment I switch on the computer, it switches off again after about 30 seconds – the same thing happens in the safe mode.
PLEASE HELP – AM GOING CRAZY !!!!!
Hi everyone,
well i got that security tool headaches too. got malwarebytes to find it and thought it was gone but it came back, ran malwarebytes again and found a few more files this time and cleaned/deleted all files found, but the real problem started after i tried to reboot..
now i can’t bootup windows in any mode, looks like mbr got damaged/erased. so after trying everything i can think of it looks like i’m in for a re-install of windows XP – has anyone had this problem?
i really wish the person who wrote this malware was sitting in my office right now as there would certainly be lots of re-Booting happening.
The security tool thing is on my computer and ive went to sevral websites on how to remove the virus and each time i tried downloading a anti spyware the security tool would pop up then a blue screen popped up and siad that i needed to turn my computer off in order to protect it. does anyone know how to get rid of it.???
When you start to look for ways to speed up your PC and optimize it’s performance, you’ll come across the option of using a registry cleaner, and with these programs comes many options as well. Maybe you are searching for freeware or maybe you are OK with spending a couple of dollars to get a quality product, but first you only need to learn how to choose the top registry cleaner software for your requirements. That is what we’re going to talk about in this piece, we’re going to go over the features that you need to be looking for when selecting a registry cleaning application. Click for more information.
if you cannot get into windows safe mode, here is a trick i used.
i was removing this virus/trojan/malware from a computer across the country, and luckily had installed remote access software (vnc). but this tip works if youre right in front of the infected pc too.
the symptoms that prevented removal were that anytime i ran ANYTHING, the “security tool” shut it down. so i would open a browser, and it would shut down. i would open a command prompt window, and it would shut down. i would open any number of antivirus programs, and they would shut down. adaware, spybot s&d, etc. they all shut down.
but i was able to click on the windows start menu and see the program list. i could see my option to RUN programs. but id i typed CMD in the run box, that window immediately shut down.
i had a flash of inspiration.
in the run box i typed
taskkill /fi “username ne SYSTEM” /fi “username ne LOCAL SERVICE” /fi “username ne NETWORK SERVICE” /fi “imagename ne explorer.exe” -IM * /F
and pressed OK (or hit ENTER)
what this does is it makes use of the taskkill command in windows xp (unfortunately its in xp pro and not xp home. it can be installed in xp home, but thats another story)
it stops all processes which are not vital system processes or network processes. it also doesnt stop the EXPLORER process. if we killed that process, we would lose our desktop interface (more or less). most of the time EXPLORER.EXE will restart if killed, but not always. so i was being safe here.
it worked!
it killed the rogue processes being run by “SECURITY TOOL”.
i was able to run CLEANUP40, MALWARE BYTES ANTI-MALWARE, then ran scans with ADAWARE, SPYBOT S&D, updated SPYWARE BLASTER, ran microsofts malicious sw removal tool, ran mcafees stinger (removes a subset of known viruses), cleaned all my temporary riles (again) with CLEANUP40, ran HIJACKTHIS to make sure there was nothing suspicious looking, and then looked manually for traces of “security tool”.
all gone.
rebooted, and it was good.
cheers,
disk demon.
Security Tool manual removal:
Kill processes:
4946550101.exe OR ANY series of numbers.exe
Delete registry values:
HKEY_CURRENT_USER\Software\Security Tool
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “4946550101″
Delete files:
4946550101.bat 4946550101.cfg 4946550101.exe Security Tool.lnk Security Tool.lnk
Delete directories:
%UserProfile%\Application Data\4946550101
I got this too…and used Malwarebytes (free download). It took a couple of times to get rid of it in safe mode….but now I can’t access the Internet through my regular prompts…only through my verizon provider…then it keeps kicking me around before I can get to the Internet.
Is there something that was disabled by the Security tool for internet access…and where can I enable the settings I had before? I can’t access the Internet on the start-up menu that says “Internet”….error 404 or something like that…
Security Tool manual removal:
Kill processes:
4946550101.exe
HELP:
how to kill malicious processes
Delete registry values:
HKEY_CURRENT_USER\Software\Security Tool
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “4946550101″
HELP:
how to remove registry entries
Delete files:
4946550101.bat 4946550101.cfg 4946550101.exe Security Tool.lnk Security Tool.lnk
HELP:
how to remove harmful files
Delete directories:
%UserProfile%\Application Data\4946550101
what i did for security tool virus is i ran an avg search. security tool detected it and turned off windows. i turned back on my laptop and searched through all the files for security t because security tool takes longer to search for. i renamed the files to all this random crap (like hglasadfljhg)and deleted them. after that i imediatly rebooted my laptop and luckily it was gone. the only damage that i know of is my desktop background was changed to black from a picture. i dont know if this method works because ive heard some people(like me) dont have much of the files with security tool bit ive also heard some people had alot.
I just got hit with this nasty virus on my laptop (XP Pro). A screen came up saying that “Security tools has successfully downloaded, although I didn’t download anything. I was just shopping for Christmas (some Christmas present I got!).
I figured it was one of those viruses, so I didn’t click on anything except I tried to bring up task manager so I could close the window. That didn’t work, it only brought up the full screen of this “security tools” and it started doing the fake scan.
I didn’t click anything, but just rebooted in hopes that I could get to either task manager soon enough to close down the program, or to explorer and get to a virus remover such as malwarebytes. That didn’t work either, the screen came up as soon as I rebooted, so I shut down again and tried going into safe mode. When doing that, the drivers only go halfway down and stop, then nothing.
I tried just rebooting normally, thinking if I signed up for that security tools with false info, at least I could get rid of the opening screen and access the net. Now when I try to reboot, I get nothing at all, just a black screen. Did I kill my computer by doing this the wrong way? Please help! Thank you in advance.
P.S. This is on my laptop and I do have my desktop that I’m using now. How can I safeguard (with strong preventative measures!) that something like this doesn’t happen on this one too?
Simplest way to remove it:
Go to Safe Mode.
ctrl-alt-del and choose task manager.
End the random number process.
Click Start->RUN and type MSCONFIG.
Click the STARTUP tab
Uncheck the item that is just random numbers (ex:612393219)
Go to your C drive and open C:\Program Data\(and a folder with random numbers again) and delete the numbered directory.
Run a virus scan
Reboot to normal mode and run the virus scan one more time. Worked for me.
Thank you very much Bruce!
I did exactly what you said and am now problem free. I can’t speak for other cases, but in mine this solution worked flawlessly. I would encourage anyone who has tried other solutions unsuccessfully to try this.
I think the virus has been improved to prevent some of the posted fixes from working.
I was able to start my computer in safe mode with networking and simply delete the files. I also emptied the recycle bin after deleting the files.
I started my computer in safe mode with networking and was able to delete the files. I also emptied my recycle bin after deleting the files.
Rebooted and all is well.
Jesse Hess gave the following advice which worked like a charm. Easy and Fast. Of course I already had AntiMalware from MalwareBytes (the tool that IP techs use) installed. You may have to download and install it after stopping the Security Tools processes. http://www.malwarebytes.org/
Forget the rest of these posts. Do this and you will be fixed in no time.
*Note, MalwareBytes can take a few hours to run a full scan depending on how much stuff you have on your hard drive.
Jesse Hess says:
October 11, 2009 at 9:09 pm
TO BE ABLE TO RUN YOUR ANTI MAL WARE PROGRAM WITHOUT SECURITY TOOL INTERFERING FOLLOW THESE STEPS.
1. Ctrl + Alt + Delete
2. Click on the Processes tab
3. THE PROCESS FOR SECURITY TOOL WILL BE A BUNCH OF RANDOM NUMBERS
Ex. 6341908843 ——- 7,000
4. Right click random number process and click end process tree.
5 After this you should have no problem running a program.
Tom’s note* After the first scan I would then reboot your computer and run Malwarebytes a second time.
This one works. My daughter just got a laptop for Xmas and got the “Security Virus” the same day. I did the steps above and it cleaned it. I was then able to put McAfee on the laptop for her. Really simple.
Thank you so much! you have no idea how much help you were in my laptop saving because the exact same thing happened to me as that guys daughter! i got a laptop for christmas and there it was, security tool.
God bless you, Tom Cooper! I could not get the Malwarebytes program to download due to interference from Security tool. Christmas is saved for my son and his new laptop! Thanks again!
This was great! Just wanted to mention that the software is at cnet.com a great website for quality software.
and what if Ctrl + Alt + Delete DOESN’T WORK (because it blocks that too)???? (How do I get to the task manager to end processes to be able to download the malwarebytes)
You have to start Windows in safe mode (this is easy, just search it in Google). Bruce’s fix (see above) worked well for me, I recommend you try it.
on the manual way i cant find the registry values
i found the file but i cant deleat it what do i do???
my computer became infected with this virus today and i have tried to get rid of it. every time i try to open an antivirus program, security tool tells me that it is infected with a virus that is trying to steal my credit card information. none of the solution suggested above have worked. i deleted all the files i can find that are related to security tool. any solutions?
Well when i was surfing the web lokking at game reviews i get this notification. It says “security tool is done downloading!”, THEN it tells me multiple viruses detected do you want to clean them out? I said no and it did it anyway. so i downloaded. Google anti virus pack, AVG anti virus and spyware. It helped hold back on some of the notifications and didn’t shut my computer down. it kept my computer up long enough to download two anti mal-ware programs and that was that.
I just got a new computer yesterday and after about 3 hours of use, it was infected with this very annoying virus. I tried everything suggested above to rid my computer of it but nothing worked. Finally, I started my computer in safe mode and chose a restore point from before the infection. It worked and the virus was gone.
1. Open file location on virus source. (Right click and go to properties and click ‘open file location’) 2. Right click virus source and go to properties. (Example. 45263672.exe) 3. Click security tab and then go down to the bottom and click advanced. 4. Click change permissions. 5. Find yourself as a user, in my case it was ( John (John-PC\John) ) ; and click Edit tab. 6. Check DENY on all the tabs. 7. Apply and restart your computer. BAM your Security Tool Virus Free!!!.
Is this MalwareBytes a free software? Because I installed Spyware Dr., which found the virus, but the only way to get rid of the virus was to purchase the Spyware Dr.
MalwareBytes has both a free and a paid version. The only real difference is the paid version works in “real time” whereas the free version works only when you tell it to. I “think” you have to update the free version too, but the paid will update automatically.
You can find those here – http://www.malwarebytes.org/
I downloaded the free version and it worked amazingly! After I downloaded it to my laptop (after I reformatted and reinstalled xp) I did the full scan twice and it came back clean. I figured it should have, but I wasn’t taking any chances.
I had my computers networked, so I downloaded it to my desktop and it found 87 infections and 2 trojans! I’m not sure if this worked its way through the network to my desktop, or if it was already infected, but I’m just glad I did it to both computers.
A couple laptops I’ve serviced at work had this. The latest version of the virus won’t let you run any .exe’s, even taskmgr. Currently trying to login through safemode.
I tried all the above too and couldn’t get anything to work. After my previous post I got frustrated after several attempts of going to safe mode and simply reformatted and reinstalled xp. I hope you have better luck!
Thank you all for sharing these fixes too. There seems to be different versions of this same program and some fixes wont work for each version, but through the help found here, quite a few people are getting this fixed.
After experiencing these kinds of problems, I’m wondering what all of your thoughts are on the best set-up for keeping a system safe. On my laptop (XP Pro 2003) I decided to go with MalwareBytes free version, Avast and Microsoft’s Security Essentials.
On my desktop (Vista 32) I have CA Internet Security Suite and MalwareBytes, but I’m thinking of changing it to Avast and MSE too. Before I do, I’m just wondering if there’s a better combo, or what you all have had good luck with in keeping your system protected.
Thanks in advance for sharing ideas.
OMG thank you so much! worked like a charm!
matt, i had the same problem. a friend suggested i take out the power source for my computer and let it rest overnight. i did this and when i logged on the next day, the virus was either gone or it hadnt started acting up yet because i was able to run malwarebytes
I got Security Tool last night and it blacken out my screen completly rendering it useless. I couldn’t use safe mode or ANYTHING. I took it to the Geek Squad and they are now removing it. I don’t have an OS disk because The Sony VAIO did not come with a separate disk. So now I should have my laptop by tomorrow at the cost of nearly $200.00.
I have no idea what I’m doing. My mom put it on here and has left me with the task of removing it. Lucky, eh? I have no idea what I’m doing. Really, I don’t. I can get on the Internet and everything, I just don’t know what to do after I downlaod the malware thingy. Any help?
My daughters toshiba laptop was infected with Security Tool.
I removed it with Malwarebytes and now it works almost ok.
For some reason the laptop will no longer access gmail and google searches won’t work.
Google news, images, video etc all work.
Other search engines work.
Any website off the favorites list still opens.
But I can’t open a website by typing it directly into the browser.
This happens both in explorer and firefox.
I deleted firefox and reloaded it, still nothing.
Obviously Security Tool is still messing with her laptop.
Any suggestions?
I had the virus, and the same thing happened to me. I can’t do google searches (gmail works though), and I can’t log in to some websites. Have you found out how to fix it yet? I sure haven’t!
Got it!
Found this on another post:
Even after removing the malware I was unable to access Google &c. From another site I got a direction to look at C:\WINDOWS\system32\drivers\etc\Hosts.
Opening it in Notepad, I saw that it had listed just about every variety of Google & Yahoo against IP address 127.0.0.1. I copied this file (to be on the safe side!) and then deleted all the entries and, bingo, worked fine.
I just tried this as well, and it worked!
Hope this is helpful!
it seems to have worked.
gmail and google search is back
thanks much
My husband’s computer had it and we were not able to access anything, not internet, not safe mode, nada. I used my non infected computer to download the rkill.com process killer and the antimalware software. Burned them to CD and then copied the rkill to his desktop. The malware would not let me run either. So I followed the advice above about starting the rkill before the malware had a chance to start after reboot and that worked (I had it on the desktop so I didn’t have to hunt for it). After it was clear the malware wasn’t going to start (I kept clicking on rkill over and over and over again until it I was sure it had stopped it) I put the CD containing the anti malware software in and ran that. It found a bunch of infected files and removed them. I am rebooting now…fingers crossed.
(but yeah, for me it was a matter of speed, beating the malware with the process kill file).
eta: it appears to have worked!
after hours of frustration and anger i came here, had to reboot in safe mode just to open task manager and end the process. then i rebooted normal and was able to download mbam w/out security tool’s interference. that did the trick. really appericate everyones’s help.
After my sons laptop was infected with Security Tools, it would not let me download Malwarebytes. It would not let me open malwarebytes even after downloading it from a clean computer to a thumb drive and transferring it to a thumbdrive. I even renamed malwarebtyes and it would still not fool Security Tools.
Here is how I removed “Security Tools”: (despite the fact malwarybytes wouldnt install or renaming wouldnt fool Security Tools)
My sons laptop got the nasty rogue called Security Tools. It was very slow as it was constantly being bombarded with pop-ups telling us that his laptop was infected and that we needed to purchase their product. He kept getting Security tool warnings. Security tools made the desktop icons disapeear (actually just hid) his desktop icons.
This nasty rogue would not allow his computer to open in safe mode, nor would it allow him to download Spybot, Adware Se or Malwarebytes.
So from my clean computer I downloaded Spybot, Adware Se or Malwarebytes, all of them (saved them) to a thumbdrive and tried to sneak it on his infected computer via a thumbdrive,…no luck.
I download them again, this time renaming them before I download (a trick that sometimes work)….still ….no luck If you rename your anti-spyware or ante-malware the rogue spyware might not recognize the new name and let you run it. Unfortunately this spyware (System Tools) was to smart for that.
Here is what finally worked
From my clean computer I downloaded “HijackThis” to a thumb drive but before saving HijackThis.exe, I renamed it \to explorer.exe.
I stuck the thumb drive into the infected computer, and sent (HijackThis.exe) disguised as explorer.exe to the infected computers desktop.
Even though the computer infected with SecurityTools wouldn’t allow us to download SpyBot or AdwareSe or Malwarebytes, it allowed us to download HijackThis.exe.
Since this bad spyware Security Tool hid our desktop icons, I had to right click on the Windows task bar, and then click Show Desktop so that the desktop icons would appear.
Now that I could see the desktop icons I saw the icon for the spyware SecurityTools. Of course deleting the icon would do nothing but delete the shortcut. But when I right clicked on it and I found clues in the properties:
The nasty booger was….. C:\Documents and Settings\All Users\Application Data\94345126\94345126.exe
So now I knew where the spyware was and the important number 94345126 (note this number varies….your number will probably be an 8 digit number, just right click on the securitytools icon and write down your number.
As the desktop icons were now visible I clicked on the desk top icon for HijackThis.exe that I had falsely named explorer.exe and ran it. I did a system scan only. I looked at the log and found O4 – HKLM\..\Run: [94345126] C:\Documents and Settings\All Users\Application Data\94345126\94345126.exe.
I put a checkmark in this and pressed the “fix checked” button”
After HijackThis.exe did its magic on O4 – HKLM\..\Run: [94345126] C:\Documents and Settings\All Users\Application Data\94345126\94345126.exe.
* * * I could now run the Malwarebytes that I had previously downlowaded to a thumbdrive. * * *
Malwarebytes found (4) problems which I fixed with malwarebytes. I then cleaned out my sons recycle bin.
His laptop is now free from this awful Security Tooks
I had never heard of HijackThis until today. (see Go.TrendMicro.com) I had used Malwarebytes a few years ago. I recommend downloading this from CNET, because you never know what you are getting anywhere else.
Please help I have windows 7 and I can’t follow the instructions given anywhere. I can’t download anything. Pleasegive me simple precise steps on how to get rid of it.
Woooow!! major cheers to BRUCE..his method helped me lots
!…now i can browse on my laptop once more!
Go to Safe Mode.
ctrl-alt-del and choose task manager.
End the random number process.
Click Start->RUN and type MSCONFIG.
Click the STARTUP tab
Uncheck the item that is just random numbers (ex:612393219)
Go to your C drive and open C:\Program Data\(and a folder with random numbers again) and delete the numbered directory.
Run a virus scan
Reboot to normal mode and run the virus scan one more time. Worked for me.
I need help. I got Security Tool on my computer and went to a different website and it told me how to remove it. I had Malwarebytes on my computer before I got security tool but I had to reinstall it. I got Security Tool removed, my icons back, and was a happy camper. Quite proud of myself that I could get it off by myself, too. But then I realized when I tried to reset my background picture on my desktop it wouldn’t let me. Every time I try to mess with the background color or the picture my computer freezes for a couple minutes and when I try to change it again, it freezes again. Now, this is not a huge problem but it’s just annoying! I ran malwarebytes again, and again, and it found nothing! So, if any one could help I would really appriciate it!
Hmm.. So i got this stupid security tool virus thing, and I ran my comp into safe mode- opened up Malewarebytes anti-malware and then after it was done it told me i needed to restart. After i restarted, my screen turned black completely (No windows logo). I restarted again trying to go into safety mode, and the same thing happens. black, no logo. I don’t have the windows XP cd, any suggestions?
Ok. Wife just got this bug and it is a little smarter than previous versions i removed. Right click on the Seccurity Tool Icon and figure out where the target is under properties. I am running Microsoft 7 fyi. Next you want to get to your folder options. For windows 7 right click the widnows button or hit the folder to bring up windows explorer. Next click on organize and find the folder options. Click on the view tab and check show hidden files folders and drives to ON. My target for the file was c:\\ProgramData\\98767776. Delete the .exe file you found as your target and this will stop the process. Next Run Mawarebytes. http://www.malwarbytes.org I have malwarebytes running now so this is as far as i have gotten. Should clean it though once you get the process stopped.
I got infected as well. I had anti-maleware on my computer so i ran a scan and nothing came up. I restarted my computer and windows will not start up in safe mode, i just keep coming to a black black screen.
Any ideas?
I have the security tool virus on my computer and turned it off the other day and now the computer will not restart. i turn it on and all i get is a half lit black screen staring at me. How do i fix it?
Thanks for this article and download link. Really helped.
just want to say thank you for the great sharing! Lucky me, I tried using System Restore and everything backed to normal within a few minutes.
I had the same damn problem it took me 2 hrs to solve It disabled myt webroot so i went into the start menu and clicked on it I got it to run and when i saw 3 items in the items area I stopped the webroot and delt with those main 3 little buggers 1 was a rouge the other was a security tool malware and 3rd was alot internet tool device after i got rid of them I ran a full system sweep/ trust me it was hard but it can work
Hi. I just picked up this very annoying virus or something very similar to it on my XP-SP3 machine. I was able to remove the annoying virus using some of the steps listed on this thread, so I thought I’d share what steps I took.
My virus was a little different that what was commonly described here, but my two main symptoms were:
1) Annoying (fake) security pop-ups in the form of balloon notifications, fake Windows security center, corner-desktop notification (like outlook), a splash-screen like (not a draggable window) warning .. omg!!
2) I couldn’t run virtually any exe’s … not MalwareBytes, not TaskManager, not Notepad … not anything! … omg!!
However, the way that my virus differed was that there were no random numbers in my application data or a running process with random numbers. Also, my desktop/icons were not affected by the virus.
——–
To resolve this virus, with help of some of suggestions on this page, here are the steps I took:
1) I plugged in a flash drive and installed MalwareBytes on that.
2) Ran MalwareBytes from the flash drive to scan my hard drive. (Took 2 hours) (I did rename my mbam.exe to iexplore.exe, but at this point, I’m unsure if this was required)
3) Launched my TaskManager by (copying and) renaming it to iexplore from my “C:/windows/system32″ folder. I matched the malicious items list found by MalwareBytes, and killed the malicious item from my TaskManager. My item was named “ilymsysgaurd.exe” (instead of random numbers). I’m not sure if this step was necessary, but it was nice to kill the process.
4) Removed all of the malicious items found using MalwareBytes, and rebooted my computer.
——–
These steps seem to work for me. My virus’s exe was named
“ilymsysguard.exe”, but a search for that on Yahoo/Google netted no results. I think the “sysgaurd” base name is the virus you can search for online. This exe was sitting in “C:\Documents and Settings\Owner\Local Settings\Application Data\iyxjah\ilymsysguard.exe” for me. the “iyxjah” part seems like the random bit for me, instead of random numbers. You may want to check there if you can’t find it in the locations described by other people.
I didn’t reboot my computer in SAFE mode to do this, because I had read other posts that stated that they could no longer get back to Windows after they rebooted, so I didn’t want to take that chance without running MalwareBytes. I backed up my important data (just in case) after I scanned using MalwareBytes, but before I rebooted rebooted.
Anyway, After scanning with MalwareBytes, removing malicious items using MalwareBytes, and rebooting, my computer seems to be back to normal. I didn’t do a system restore even.
…
I really appreciate this thread and all of the people posting, because it helped me tackle this virus (the iexplore.exe renaming trick was nice). So thank you everyone! I hope my post may one day help anyone else battling this virus. Good luck. Thank you.
So what happens to the information that one put in when downloading the security tool like the credit card information and how can one get their money back if it is charged?
I was lucky i found a forum that told me to spyware doctor. I worked, took it off right away and nomore problems.
good luck
Bill you are the bomb!!! Thank you so much for the info, this virus showed up on my business computer after I looked at a celebrity website. I can not repeat the words I used when trying to get rid of this nonsense!! Once again you are a lifesaver!!!! I hope you get have awesome luck in life!!
What a pain. I got infected and it took hours to delete the program. With God’s help, I went into C documents and found those numbers the program was installed under. When I tried to delete it-I could not. It took trying to delete it several times and then rebooting my computer before it fianilly disappered. A petetion needs to be signed to run the people who started this false program off the internet. If I ever see anything like this again, I will shut my computer off before it has a chance to infect my system. What a PAIN.
I hate security tool!!!!!!!!!!!!!!!!!!
OH MY GOD
why didnt i see this before
i hate myself now
u see i paid the security tool for scanning my computer and it worked a few days that security thingy didnt harrass me for a few days and today it came again so i wanted to get the registration so i googled it and found this………. i think i made the biggest mistake ever…… oh…. sob sob
I used Cheri’s advise for getting into safe mode and she screwed me. Now I can’t even get into windows. Can anyone help with getting in?
i got this virus a good week and a half ago, i did my usual and deleted it. I thought i was all right..
i was wrong, it came back yesterday, not with popups but it was messing with my browsers and exe files
i ran combo fix, then i deleted the numbered folder and i did the cut and paste malware bytes exe trick. I seem to have removed all traces of it.. atleast i hope i did
this is a pretty nasty virus, the worst one i ever got
i was trying to watch how i met your mother from tv duck and got it while trying to enter one of the links…thx for the advice worked perfect from the first time
I simply went to system restore and restored my pc to an eariler date. It worked like a charm!
I too got that awful virus SYSTEM TOOLS and all I can say is…………IT WORKED! THANK YOU SOOO MUCH!
I tried everything I could for hours and the MalwareBytes download was the only adviced that worked.
Thanks again
I am just speechless…..all I can say is Thank you!
the MalwareBytes download worked! After hrs and hrs of trying to remove the awful virus System Tools I feel lucky to have come across this website.
Thanks again!
is this software safe? should i download it??? please reply, im worried about my pc
Purchased Security Tool and now i can’t get it to run
What can i do to fix the problem ?
I found out a easy way to use MalwareBytes Anti-Malware when Security Tool is up. all you have to do is go into safemode. the virus can not pop up in safemode. then you can use MalwareBytes Anti-Malware.
This website has helped me tremendously, to remove security tool. Thanks a million!
ok guys i fixed my laptop what u do is u go to safe mode than go to this website and dont go to the first safe mode there should be three of them 1 on top 1 in middle and 1 on bottom press the second one becuz with the first one no internet ok so once u pressed on the second safe mode go to this website and donwload malware once u did that quick scan your computer once malware is downloaded after that click show results and than it should say delete all or erase all something like that once ur done with that just restart ur computer it should be fine good luck and thank you to whoever made malware and i hope the guy who made security tool gets into a car crash and gets paraltzed
I had a hard time trying to figure out what remedy was the right one to use. I had to download the malware program on a sd disk because the security tools was not allowing me to download it on my infected computer. Before I tried to load it on my computer via the sd disk, i tried the other remedy first which is to press f8 at start up and choose the option to start windows in safe mode. Once windows started in safe mode I was able to go to system restore which is usually located at the performance and maintenence location which can be found in the control panel. Once the system restore screen came up I made sure I chose a date back before I got the securtiy tool headache. To my delight my computer was restored back to that point I chose and now computer running fine. Hopefully this info helps you out if your not sure what to do.
Thank you sooo much! this worked like a charm, although at first my computer wouldnt let the malware software open, i finally got it to, and dont know how i did! Thank you!
A friend was using my PC & this “Rogue Devil” / “Security Tool”, put itself in. It had ate my icons & flashed it’s little warning box every 2-3 seconds. I tried everything to get rid of it with my Malwarebytes & Avast Anti virus. It would not let me even pull these up. I couldn’t get to my Restore, TaskManager, or Flashdrive. It blocks EVERYTHING!! I went to my search & it wouldn’t allow me to delete it. So I called my friend who is a PC Tech & he couldn’t right off hand figure all this out. Then I found all of your comments. Funny thing, this Rogue let me online while still warning me to register it’s product.
I shut down my PC & when it booted up I kept pressing F8 over & over. It finally asked if I wanted to go into safe mode, which I did. Once there all I had to do was a system restore to about a week earlier. Then after I did that, my Malwarebytes worked & got RID of it. Then I went into search & found what little remained. So far I’ve not seen the $#@%@%$# that kept me frantic for a good 3 hours!
I just wanted to add that before you run your Malwarebytes be sure to update it. Both the paid for & free versions have this. It’s just with the paid version it’s automatically updated for you.
I followed Jeanne’s instructions and it worked great.
Simple and quick.
Thanks Jeanne!
yeahh like when im trying to run the MalwareBytes Anti Malware, the stupid security tool pops up saying that the file is trying to send my credit card details and blahh. what do i do now?!
SECURITY TOOL WAS AN ICON ON MY DESKTOP I RIGHT CLICKED IT AND SENT IT TO THE RECYCLING BIN AND THEN DELETED IT. THE SECURITY TOOL HASNT INVADED MY FILES…. YET….. BUT IT DID GO AWAY. IS IT GOING TO COME BACK?
This people are a bunch of theaf ,who they send you a virus ,to damage your computer and that way they can steal your money ,after you realize the transaccion,you never can contact them,the phone number 800-469-9689,is not a working number they make your wait for a long period time and them they hang out the phone,is any way you can comunicted them,this have to be reported to the FBI,in usa ,because this company is not even existed,just to people know ,and probably this people who make statment about this company are fake too,but i will work very hard to the authryties ,catch this fucking theaf
they are the virus people,we need to reported to the FBI<and tomorrrow i will do that,give them all the information about this fake comapny and phone number they provided
You can go to techjaws.com for specific instructions as to how to remove the Security Tool virus. I followed the instructions and was able to remove them( I had 2 separate Security Tool apps). The key is to hit the Cntrl/Alt/Del keys as soon as the desktop appears. Then you can go to task manager and disable it. From there you can follow the rest of the instructions to remove it. Don’t look for “Security Tool.” The app will be a series of numbers ie: 68345228.exe. or 57817129.exe or any other variation of numbers. Hope this helps. I know it’s frustrating/
My computer has the system tools virus and whenever I go to system restore, the virus pops up and doesnt allow me to restore. Can anyone help
My computer has the system tools virus and is killing my system.Every time I try to restore my computer the system tool virus blocks it from happening. Can anyone help?
If you do not have access to safe mode due to drive encryption the removal instructions can be found here (or if you have Windows 7 and just want to clean it quickly)..
http://www.thegremlinhunt.com/2010/02/22/security-tool-removal-without-access-to-safemode/
tried lots of other sites but this was the only one that helped. you’re awesome, thanks!!
I had to remove this from my friend’s PC. What I did was I found the Security Tool program listed in Start->All Programs. I right-clicked on it to determine it’s location on the HDD. In my case it was in c:\ProgramData\73478920. In that folder was 73478920.exe. I changed the file extension from .exe to .trash then restarted the PC. On restart Security Tools did not start. I then deleted the c:\ProgramData\73478920 folder and removed it from the recycle bin.
To get rid of “Security Tool” I held down the F8 key as I rebooted. Eventually, a screen appears w/several choices.
Choose “Safe Mode”. You’ll come to a screen which offers the choice of resetting your computer to an earlier date: choose this option and pick a reset date before the malware showed up. That’s it.
Thank You Jeannie! This bug got on my work computer, with your advice I had it off in just a couple minutes
Hello, i have the same problem with seaad, i need to open my computer but it is not possible anyhow. please a slotion….
When I am trying to start computer in Safe Mode the following things are popping up on the screen
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\ntoskrnl.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\hal.dll
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\KDCOM.DLL
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\syste32\BOOTVID.dll
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\conifg\system
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\c_1252.nls
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\c_437.nls
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\l_intl.nls
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\vgaoem.fon
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\drvmain.sdb
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\DRIVERS\ACPI.sys
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\DRIVERS\WMILIB.SYS
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\DRIVERS\pci.sys
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\DRIVERS\isapnp.sys
And after that nothing happens.
Now when I shut down computer and restart, I can hear sound of processor running but screen is blank.
I will appreciate your help in this regard
Thannk’s for the guide,,
You are AMAZING! THANK YOU, THANK YOU, THANK YOU!!!!!!
Let me say thank you for this tutorial, I fixed my computer intalling the malwarebyte.org and this was an excellent proces, and also I have to download rkill.exe and was great, my computer was fixed just in 25 minutes,, thank you again and I am happy beacause I save $200 dollar to fix it, well that;s Best Buy store was asking to fix my computer, REMEMBER YOU CAN TAKE OUT security control from your pc for YOURSELF…
I HATE THIS!!!! After figuring out what happened to my NEW laptop, I installed Malware, ran it, cleared up…or so I thought. All programs ran really slow. Then the black screen. I went through all these postings and was elated that others may be able to help.
I am experiencing the same problem as Saeed (Dec. 21, 2009) and Semaa (March 12, 2010)
When I am trying to start computer in Safe Mode the following things are popping up on the screen
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\ntoskrnl.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\hal.dll
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\KDCOM.DLL
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\syste32\BOOTVID.dll
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\conifg\system
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\c_1252.nls
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\c_437.nls
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\l_intl.nls
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\vgaoem.fon
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\drvmain.sdb
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\DRIVERS\ACPI.sys
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\DRIVERS\WMILIB.SYS
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\DRIVERS\pci.sys
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\DRIVERS\isapnp.sys
And after that nothing happens.
PLEASE HELP!!!!
Thank you to all those who have posted about this virus.
I got this darn thing a couple days ago, who knows where. It stole all my icons and desktop picture.The pop ups from it were relentless. I read all these posts before deciding what method I was going to use. It seems I was lucky, I first went in safe mode and right clicked the security tool icon, I found it’s 8 digit number under properties so I could look for anything with that number on my computer. Next I renamed the icon. I then went under programs from my start button and found the security tool program was also renamed there too. I deleted both the program and icon and then ran a virus scan using my own avg virus software. On the first scan in safe mode avg found 8 trojan viruses with this 8 digit number attached. After the scan I rebooted and the computer rebooted fine no pop ups or any warning from security tool. I then ran a second scan in regular mode avg found 1 more trojan with the same number in it. A third scan showed up nothing. I can’t seem to find any trace security tool was there in any part of my computer. lastly I reset my desktop picture which had been switched to “none” by this stupid virus. So far so good, this seemed easy copared to what some people have to do but it also might be an easy fix for someone else too.
I got that system tool thing yesterday and my machine would not do ANYTHING.. except sit there and look at me.. I have McAfee and scanned th