How to remove Security Tool Virus / Malware ( Removal Guide )
Security Tool is a self-proclaimed anti-spyware program, promoted through pop-ups, trojans and malware webites. The Security Tool is promoted just like Windows Police Pro or Green AV ( Antivirus ) 2009. The rogue anti-spyware programs are distributed through websites that simulate virus scans, then the user is told to download the software to clean his PC.
Once installed, the Security Tool will start automatically each time you turn on your PC and log in to Windows. Then it will start scanning your computer and show you a list of fake infections. When you try to clean the infected files, you are prompted to buy the software.
Be careful, don’t believe anything this rogue software prompts to you and DO NOT delete the infected files found by it, because those are just legitimate files.
[ssad]
This is how Security Tool looks ( article continues below the image ):
Security Tool Virus
To get rid of this software, you need MalwareBytes Anti-Malware, a legitimate software that will get you rid of all those rogue applications and malware, and rkill.
[ssad]
How to remove Security Tool:
- Download MalwareBytes Anti-Malware.
- Download rkill.com ( rkill.exe ).
- Install the mbam-setup.exe file.
- To install it, just press next and don’t edit any options if you are not sure what you’re doing.
- After the installation is ready, MalwareBytes Anti Malware will start automatically and will require you to update the software, so just press OK.
- Go to the Scan tab, select “Perform Quick Scan” and press “Scan.”
- MalwareBytes Anti Malware will now scan all your PC for malware, including the Security Tool.
- You will see a “The Scan completed successfully. Click ‘Show Results’ to display all objects found” prompt once the scan is finished. Press OK.
- Now press “Show Results.”
- You will see a list of malware applications, including the Rogue.SecurityTool. Be sure to select them all and press “Remove Selected.”
- After MalwareBytes Anti Malware finishes the cleaning, you can close the program and be sure your PC is clean.
- As a caution, you should also use rkill.com ( rkill.exe ) to terminate malicious processes.
Please let me know if you need any more help and I’ll do my best to help you get rid of the rogue application.
If you have any questions about the Security Tool Virus, you can always ask us on our Forum and we will help. Click here to join the Forum now !
554 Responses
I have the Security Tool virus and have downloaded the Malware software but the virus won’t let the software run. What can I do?
Thank you!
The easiest thing to do is to insall malewarebytes on to a flash drive or external harddrive and run the program from there while in safe mode. This should take care of you.
Had malware installed earlier. Malware wouldn’t start up. Folled the suggestion above, downloading Malware to flash drive and running it in SafeMode. Error messages:
Unable to execute file:
C:Program Filesmalware Bytes’ Anti-Malwarembam.exe
also on Malware install:
Create process failed; code2
The system cannot find the file specified
I’m in deep trouble here. Any help appreciated.
IMPORTANT: DO NOT CLICK ON ANYTHING THE MALWARE WANTS YOU TO CLICK EXCEPT “CONTINUE UNPROTECTED” until you finish your business with your computer. Then you will need to restart in the SAFE MODE with NETWORKING. DO NOT delete anything the malware recommends you to delete. When you install this anti-malware program, the .EXE file gets deleted by the bad virus within about 3 seconds or less. You will need rescue the “mbam.exe” file out of the folder as soon as you see it appearing by the installer. if you have a flash-drive, then open up an empty folder in your flash drive and have it ready on the desktop, such as D:NEW FOLDER (just the empty folder). When you see “C:Program Filesmalware Bytes’ Anti-Malwarembam.exe” get created by the installer, grab the file and drag it (with your mouse of course) into the empty folder that you had ready on the desktop. then you may copy it and paste it back where it belongs in “C:Program Filesmalware Bytes’ Anti-Malware” folder. Then double-click on “mbam.exe” and the anti-malware program should start running. if nothing happens, you will need to restart in SAFE MODE. Turn off the computer and as you click the start button, hit F8 once per 2 seconds until you see the screen where you can choose SAFE MODE with NETWORKING. you will need networking if you want to get on the internet. While in safe mode, the walware will not bother you. in START, click on RUN and type MSCONFIG and run it. In MSCONFIG’s start-up, uncheck anything that sounds like a made up word like framgran.dll and any numbers usually 6 digits. Then search for that file. You will most likely find it in a folder located in C:documents and settingsall usersapplication just delete the whole folder in which those numbers reside. the DLLs will be in C:WindowsSystem32 folder. The malware Bytes’ Anti-Malware will remove all of them. Once you restart windows you will be bugged by windows start up bitching about these files not existing such as framgran.dll which you should be happy that they can’t be found. Now, in START–>RUN type REGEDIT and run it. press F3 in REGEDIT and in the search dialog put in whatever files it is that Windows complains it can;’t find because the malware remover killed it. search for those files and delete the folder in which they exist. BE CAREFUL not to delete more than necessary. As this is like herpes virus and WILL come back at some point in time, you will learn how to delete it without even the use of the malware remover. just by using MSCONFIG and REGEDIT and windows explorer SEARCH. GOOD LUCK!
Excellent suggestion regarding the MBA.exe file creation.
I was receiving and error upon install in safe mode:
Create process failed; code2
The system cannot find the file specified
Followed the process mentioned above and monitored the installation folder while the install was running. I saw MBAM.exe get created, but then it dissapeared within a few seconds. I tried installing again, this time when I saw the MBAM.exe appear, I quickly clicked the file, hit CTRL+X (make sure you cut and not copy, copy will just create a shortcut and be worthless), then CNTL+V onto the desktop. Waited a minute or so and pasted right back in the original installation folder, and now works like a charm!!!
Thanks for the info
Thank you so much easy,
without this info I’d be in deep stuff. Had the problem fixed in a couple hours. Couldn’t have done it without your help.
easy-does-it,
i was able to install the malware bytes software in safe mode with networking, but i did not run msconfig while i was in safe mode. after i restarted and it ran the standard os once, i realized that i needed to do the next steps before restarting, i.e. run msconfig and regedit in safe mode. i went back to run in safe mode and i cannot. i get the blue screen of death every time i want to run in safe mode or safe mode with networking. i have a feeling i’m completely screwed here. is there anything else i can do to get rid of this monster? i have the setup file on a flash drive and the software is installed on my c drive…
thanks in advance for any advice you can give me!!
okay, i outsmarted the stupid program!
of the many times that i tried to search for this security tool program, i could never find it ANYWHERE! then, i found it under start–> all programs. i right-clicked it and looked at the properties. i looked at the target which was c:documents and settingsall usersapplication data4292452642924526.exe of course, this was all hidden, so i went back to the c:documents and settingsall users folder and searched for “application data” and checked the box to search hidden files also. it came up first in the search results and the folder was shown as hidden. i right-clicked the folder and went to properties and removed the hidden attribute for the folder and all sub-folders. then, i opened the application data folder and noticed how extensive this virus was. it had a separate folder for every program i had and many sub programs inside each folder to block and ignore and executable files. i found the folder named “malware bytes” and deleted it. then, i went back to the c:documents and settingsall users folder and renamed the application data folder to just “application”. after doing this, the virus lost it’s directory to hold all of its information. i restarted windows and after startup, there was no mention of security tool. i checked the programs folder and it showed the small, blue window you get with a ‘not responding’ message. with the malware down, i had a chance to re-install the malware bytes software and run a complete scan, got rid of both security tool AND antivirus 2009 malware programs for good. i had antivirus 2009 just two weeks prior and tried to get rid of it, but never really did, it just kinda went away on its own!!! i wonder if the two are from the same creator and he just created a new generation with the security tool??? thanks for all the help, easy
Just restart (force it pushing and holding the start button if necessary) the computer and as soon as the Windows starts, click control+alt+del and pull up the TASK MANAGER. Go to the tab PROCESSES and end process called 2467839.exe or any series of numbers like that. From there you can start working on your computer. Either install that antimalware you were talking about, or remove it manually, which really isn`t a big deal. I found manual instructions at http://www.techjaws.com/how-to-remove-security-tool-virus/ I got rid of it in less then an hour…
Worked like a charm, thanks Julia.
Julia u are the best I did as u said to do and a few seconds later it was gone add I could open everything again thanks a million!!!!!!!!!!!
the easiest and quickest method i have found. it worked like a charm even for a beginner like myself. thank you so much Julia.
Oh my God, Julia!!!! I love you!
That was so easy!! That was a horrifying experience, and you wouldn’t believe all of the bad advice there is out there.
Hi, Jeanne again.
*****THIS IS IMPORTANT*******
*****Security Tool leaves a shortcut on the desktop.
*******You HAVE TO RIGHT CLICK ON IT
IT WILL ASK:
*****DO YOU REALLY WANT TO SEND THIS TO THE RECYCLE BIN?
*****BEFORE YOU DO ANYTHING!!!!!!!
*******IT ALSO GIVES YOU THE EXACT
LOCATION OF THE VIRUS FILE******
*****CUT AND PASTE IT INTO FILE SEARCH*****
THAT WILL TAKE YOU TO THE FILE***
*****DELETE IT *****
ONCE THAT AND THE SHORTCUT ARE IN RECYCLE BIN, YOU MUST DELETE THEM FROM YOUR COMPUTER OR IT WILL JUST KEEP COMING BACK*****
This is THE way to take care of the virus if you can’t seem to run anything. Thank you so much for the help!
But task manager won’t open for me and when i tried to delete the file after finding the location, it keeps saying it is open. I can’t seem to figure this out. I have tried every different way and the virus has blocked it. I have tried downloading an anti-virus, downloading an anti-virus onto a flashdrive, manually deleting (but the files it tells me to search for do not show up), and task manager. i am freaking out!
Julia, thank you so much for you simple instructions!!!!!!!!!!!!!!I removed security tool in less than 20 min!!!!!!You are an ANGEL!!!!!!!!!!!!!!!!THNAK YOU SO MUCH!!!!!!!!!!
Thank you so much some how my daughter went on a google web site and downloaded this virus. I spent 2 hours on it last night trying to remove it. It took me 10 minutes with your help.
omg!!! thank you ssssooo much julia!!! i sat here trying to get it off for two hours before trying your ideas… this was the ONLY thing that worked!!! i cant say thank you enough!!
Thanks so much…I was so mad at my son! We just got his laptop a few days ago. Office Depot told me they would fix it for $170. Thanks goodness for the internet, and good hearted people sharing valuable information
can you please help me with the security tool removal.
Very easy and effective method. Thanks, Julia.
Thanks loads, it worked for me too. Play safe x
Hi, Larry. I don’t know if you got it fixed yet, but I just restored my computer to a earlier date (before Security Tool was installed). Start;All Programs;Accessories;System Tools;System Restore. Just pick a earlier date, than Restore. Worked for me! Kyler.
When I am trying to start computer in Safe Mode the following things are popping up on the screen
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32ntoskrnl.exe
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32hal.dll
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32KDCOM.DLL
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsyste32BOOTVID.dll
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32conifgsystem
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32c_1252.nls
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32c_437.nls
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32l_intl.nls
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32vgaoem.fon
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32drvmain.sdb
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32DRIVERSACPI.sys
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32DRIVERSWMILIB.SYS
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32DRIVERSpci.sys
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32DRIVERSisapnp.sys
And after that nothing happens.
Now when I shut down computer and restart, I can hear sound of processor running but screen is blank.
I will appreciate your help in this regard
Thanks in advance
Saeed
Saeed that’s exactly the same thing that happened to me. I finally gave up and reformatted and reinstalled windows. I tried several times to get past that blank screen, but nothing worked. I hope you have better luck than I did. I just spent all night dealing with this.
I should have mentioned that I just made a post earlier tonight and if you do a search on my name you’ll see what I was talking about.
hey i have the same problem what did u do to solve it
I have a modification of what Jeanne (Feb. 2010) did that worked for me. I restarted Windows in Safe mode (pressing F8 as Windows rebooted). In safe mode Security Tool didn’t launch, so I was finally able to do something to get rid of it. I went to the Security Tool icon on the desktop, right clicked on it, and clicked on Properties to find out where on my machine it was located. Then I went to that location (by opening my C drive and various folders, as indicated by Security Tool’s Properties), and found the folder containing Security Tool (it had a different name, of course, but the same name as listed under Properties). I sent it to the Recycle Bin. I also sent the desktop short cut to the Recycle Bin. Then I opened the Recycle Bin and deleted the short cut and folder. I then shut down my computer, restarted it normally and no more Security Tool.
Good luck; it is a nasty one.
i understand where your coming from but when your ao safe mode it cuts off connection with all external drives… you cant even use your speakers.
ok, well im REALLY worried. none of the above or below things will work. i CAN get into safe mode, but system sec is at 7%, i have 172 virus, NO start menu, in norm mode and safe mode.NO toolbarat the bottom. i got this virus on my laptop (what im useing now) and was able to fix it…the PC only had for 2 hours max, and now NOTHING,nothing works what-so ever. if possible, could someone come up with a way to save it? (which would be hard, ’cause nothing works!) plz help!
i had the same problem as Genny but i fixed it successfully due to jadwg’s advice. thank you very much, jadwg.
can anyone tell me wat safe mode is and who to get there?
I’m having the same problem that Genny had and on top of that i’ve tried installing maleware to my flashdrive from another computer but it seems to not be reading it when i connect it to mine
you have to run rkill before you try to run the setup for malbytes. on the rkill website it had great insructions for getting it to operate even though it continues to get shut down by security tool. the creator of rkill said to continue clicking on rkill until it finally catches up with the virus and does its job. it took me between 10-15 tries, but it finally worked like a charm and allowed me to run setup on malware bytes and scan the computer. took care of the problem in less than a half hour. i didn’t need to run the computer in safe mode at all, but started up windows and used rkill 1st. i am avg in my computer skills. thanks for all the helpful info.
i got rid of this horrible little virus for my neice, it was a windows 7 laptop (which ive no experience with) but i thought i could do it as m ok with getting things done on vista….anyway i was trying to download an antivirus program (antivir) which i use & i was going to try clear the virus from that, but this security tools virus wouldnt even let me intall from a memory stick so i followed julia`s method (CRTL+ALT+DEL) task manager, then kill the process with the numbers on it. I then downloaded the antivirus program malwarebytes. I then ran the scan and restarted my computer, i thought i was in the clear but SECURITY TOOLS wasstill popping up!!! i was in a downer AGAIN! then i just started again by rebooting and kiling the proccess with all the numbers so that i could at least work on the computer. I then had an idea, i went and clicked “progras”…”.security tools”….*properties”….then it showed the shorcut tab, then open file locatin…deleted the file an VOLIA it was gone. Hope this helps if people are in a similar situation. Now my neice will be told not to download or click suspicious stuff on her laptop il also install Avira Antivir and keep the program malwarebytes on it that i tried to clear the virus with.
good luck peepsx
hey what u mean by “while in safe mode”
a computer is infected with this virus and anythin you try anything that will have a chance at getting rid of this virus it will not let you do. so how do i get rid of this without formating
Thanks for the safe mode tip!! It was a very frustrating couple of hours, because the Security Tool Virus would not allow me to do anything. I simply hit F8 during the boot up process and selected “safe mode with net working”, this then allowed me to go to system recovery in the control panel and find a safe restore point. Everything is back to normal now. THANKS AGAIN! I will pass this on.
Same here! I right clicked on the “security tool” icon it installed on my desktop, picked “properties”, and removed the “read only” property and “applied.” I then went to the directory where the properties tab told me the security tool executable was located, and changed its name. Also changed the name of its parent directory, which was the same bunch of numbers. I then rebooted my machine, and it didn’t execute. I could then remove the executable and its directory. Just to get things back to normal (I lost my desktop background), I restored the machine to the last restore point. Seem to have recovered, but I think I will install the malware removal tool for the next time.
Bill Hough’s solution of October 9 worked perfectly well and took all of two minutes. If you can do this and avoid all the safe mode stuff, highly reccomended.
Thank you so much ! I followed your advice and it saved my computer when I couldn’t do anything else ! Thank you !!!!!
You are a lifesaver. Nothing else was working and then all of a sudden HALLELUJAH.
This worked for me when nothing else would and was so easy. Thank you!!!
Yep I did the same thing I did delete the file after rebooting! “There should be a law!!
Bill Hough’s suggestion is so easy and quick to get rid of this malicious virus. What he said to do worked so easily, and I am so grateful!
bill hough is that dude…don’t even bother with all that other nonsense, the virus won’t let you run anything anyway…just follow bill’s steps and be glad he posted here
Hi Bill:
I’m not too tech savvy and was hoping you could expand a little on your explanation for the virus removal. I restored the desktop icons ,right clicked on the icon and I can see the program file numbers. I highlighted the part without the .exe file extension and erased it however I got a error message.
Also how do I navigate to the directory where the executable file is located ?
Steve, When you right-click on the desktop icon, and pick “properties”, a description of the “target” executable should appear in the “shortcut” tab. The “target” is the location of the executable on your hard drive. You have to navigate to that location. You will start at the root directory of the file structure, C:, and descend through the sub directories listed in the target path. Each step in the path is separated by a backslash. Use Windows Explorer to do this. Go to My Computer, pick “C:”, and then pick each subdirectory (Microsoft calls them folders) until you get to the one with all numbers. In that directory should be the executable with the same name followed by .exe. That is the file you want to right click, pick properties, and remove the check mark on “Read Only”. Make sure you “apply” after removing the check mark. You should then be able to change its name (rename after a right click ) Then reboot, go back to the file location with the same method, and delete the file. Go up one directory and delete the directory, which will have the same numerical name. If this makes no sense, get some help from a kid in the neighborhood.
Bill Hough
THank you thank you thank you. It was so easy. Although Im not computer savvy I was able to do it in 2 minutes. Awesome. That will teach me to watch stuff online.
Bill. you.are.the.best. I would give you a hug if I were able to. thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you.
THANKS =]
Thanks Bill for the info, I was about to throw my computer through the window when you came to the rescue.
Yvan From Québec, CANADA
Thanks a lot!!! That was so much easier than instructions from other sites and this actually worked! Thanks a lot.
Bill…I worked hours on this problem with advise from other websites with no success… the name change on the file was genius. IT WORKED..thank you. You helped save a girl a lot of $$$.
BILL HOUGH ATTN:
I have the same problem that saeed is having do you know how to fix this problem if so PLEASE contact me back asap thank in advanvce
To JACOB WHITE,
No, Jacob, I have no idea. Back when my method worked, you didn’t have to go to the safe mode to apply it. It appears that the virus has gotten a lot more damaging since my solution was posted. This surprises me as to be able to buy security tool to fix the original problem, you need to have the machine somewhat operational. Makes me wonder if some of the remedies posted here and elsewhere aren’t destructive in themselves, or haven’t been followed precisely.
Thanks Bill, however, if one cannot get the properties from the desktop icon, as it won’t respond to right click; in my case the desktop icon is a green nike like check mark.
Hi Handa,
Could you walk me through how to restore the desktop icons? And I’m probably even less tech savvy so could you instruct me in a very easy language? Or should I just ask Bill? Sorry if this is just a bother.
Mila: I had the same problem with my icons…my whole desktop screen was black. I just found the Security Tool button thing in the start menu and right clicked it and went on from there.
Bill;
I am not as computer savy as all these people so can you help me here?
this is what i understand to be done:
select the security tool icon–> pick “properties” and remove the “read only” and the “applied” functions
After doing this does this take me directly to the ” directory where the properties are kept? how do I change the name and to what? also how will I know which is the parent directory?
Now to reboot that means to restart right?
HOw to restore themachine to the lst restore point?
see I told you I was not compute savy.. would you recommend installing the malware removal tool instead?
thanks!!
I resolved my problem simply by rebooting with f8, selecting safe mode with prompt and typing rstrui.exe at the prompt which is the restore to a previous non affected date. This solved my virus problem. It was a quick and easy solution and saved me 200 dollars to have someone else resolve the problem for me. I hope this helps someone with a virus jam and no antivirus product that is in date.
09 11 15
Sir: A friend called and said his three-week-old Windows 7 laptop had something called ‘Security Tools’ I was not familiar with it, but even though it was my first troubleshooting on a 7 machine (only other 7 experience was taking a look at the beta), I was self-assured I could resolve it. It was only when I first opened the lid that I remembered ’64-bit’ All of my 32-bit disks were useless. After five-hours of trying everything I could dream up to remove ST, I came across your process while searching with my own machine for a solution. Of course it worked perfectly. His machine will not leave my office until I set up some competent security measures. I am a bit surprised I have not heard more about ‘Security Tools’ as it is pretty devastating. You saved me many, many hours of effort, or, ultimately, a complete washing of the hard drive. Thank you.
William
Thank you so much for such a direct solution to this problem. It is very much appreciated. Considering how long I was browsing online for solutions before I came across your advice, I know you saved me tons of time when I sat down to it.
thank you Bill Hough, i might add though, with us, we couldn’t even get our desk top, so in that case open a file threw your start menu and just get that window to show your desk top, then continue with what Bill said, once i followed your way, took me less then 2 minutes to remove it.
Bill, UDM!!!
Bill’s idea was the easiest way to get it done. Thanks for the easy way out.
OMG I could kiss you! I found this virus on my computer 2 days ago. I was unable to do any of the solutions I found on the internet. I couldn’t get it to go into safe mode by F8 or manually. Couldn’t get to MSCONFIg or REGEDIT. I downloaded Malware removal tool and couldn’t install it either. I followed your instructions and TADA! I could boot up without the virus starting and all my desktop icons are back and I was able to intall the anti-malware. YOU ROCK! THANK YOU THANK YOU THANK YOU!
I believe now you are my savior! Nothing else was working, I was afraid my computer was going to completely crash. As soon as I renamed it I was able to download an anti-malware. YOU ARE THE BEST!
You saved me Bill……your method is so simple yet effective…Thanks a lot
I just wanted to say thank you so much Bill and Julia for your tips! I was freaking out this morning when my work computer popped up with this damn virus! I thought I was going to have to pay to have it fixed and you saved me! THANK YOU!
Bill thank you so much. This worked!
I heard these companies makes billions of dollars..not millions, but billions. I wish our government could try and protect us from this crap.
Bill- I don’t have a system tool icon on my desktop. Now what?
thanks
Thanks Bill,you saved me.I wanna marry you for saving me. Thanks again.
To remove the security tool virus, first you have to start up the computer in safe mode.(press F8 repeatedly after the BIOS screen on system startup, then select safe mode). then run several anti-virus programs. Even after this, there are usually still several DLL files that act as keyloggers and will report everything you do unless they are removed. To delete them, open my computer->C:(or hard drive windows is installed on) -> WINDOWS -> SYSTEM32. there are usually 2-3 randomly named DLL files. to find them, you must first click Tools (at the top of the screen) -> folder options -> select the VIEW tab-> if not done already, check the “show contents of system folders” box, select “show hidden files and folders”, uncheck “hide protected operating system files” and uncheck “hide extensions for known file types.” look on the page for several hidden .dll files(hidden files usually have slightly opaque icons or colored text in the name). there should be 2-3 of them. they are randomly named but usually have a name such as “womaduzo.dll”, nobajuno.dll, navavaze.dll, or yipiveto.dll or a similar sounding name. these must be deleted with the file shredder in Spybot Search & Destroy. if you are not sure which .dll files should be deleted, you can upload a list of the names of the hidden .dll files in the SYSTEM32 directory and I can figure out which ones are the virus.
I found 6 opaque icons, yet they they were labeled “manifest files” and not “dll”, would this mean anything different? Also all the files look like they have funny names, canyou help me?
TO BE ABLE TO RUN YOUR ANTI MAL WARE PROGRAM WITHOUT SECURITY TOOL INTERFERING FOLLOW THESE STEPS.
1. Ctrl + Alt + Delete
2. Click on the Processes tab
3. THE PROCESS FOR SECURITY TOOL WILL BE A BUNCH OF RANDOM NUMBERS
Ex. 6341908843 ——- 7,000
4. Right click random number process and click end process tree.
5 After this you should have no problem running a program.
the answer to your question::to help you out alot..sercurtiy tool is always poping up your computer screen turns blue and somtimes shut down it will also not let you get on alot of site or download anything..so wat you do is when you first turn your computer on press F8 and press up arrow up to SAFE MODE NETWORKING press enter and enter again your screen will turn BLACK but don’t be scared get on the internet without any pop ups or shut downs and download MALWAREBYTES’ ANTI-MALWARE..and follow the insturtions..
This is what i had to do, if it wont let you run it, then right when your pc is booting, open task manager (asap) and close security tool when it pops up in applications running. then it wont come on anymore.
it really is simple mame
restart your computer
as soon as it comes back on press f8 repeatedly
click on safe mode press enter
go to start menu
go to run
type in misconfig (as shown here) press enter
go to start up tab
uncheck the file that consists of just numbers
restart computer
right click on security tool icon
press delete
go to recycle bin
delete from recycle bin
if the box ever comes back do not let it run click x repeat do not run it or it will come right back
try this i hope this helps
dude my f8 key is a volume key my computer is a mini dell you have to give me a different key to use
Force shut it down, and you won’t need f8
first find the file location. i did a search by typing in keyword “security”. it showed me the file location. shut the pc off at the power button. when it restarts it’ll ask u to select safe mode, etc. select safe mode. in safe mode select command prompt. run a dos command dir to find any new file or directory. i found mine in c:program data (and a long nbr). run dos command RD and directory name. run dir command again. it will create yet another file. this time .exe file. delete it as well. restart the computer. u’ll b fine and up and running. run ur antivirus and update system registry files.
This worked for me.. first I clicked the above link MalwareBytes Anti-Malware instead of clicking run click save then reboot your computer in safe mode. once in safe mode go to your document and install MalwareBytes Anti-Malware program once installed do a scan sectrity tool will not show up in the regualr finds you’ll have to look in the unidentified folder then click the box next to it and hit quarantine…and it’s fixed!!!!!
The fix that worked for me (since Security Tool won’t let Malwarebytes run):
1) Start computer in regular mode. The Security Tool noise will occur.
2) Right click on Security Tool Desktop shortcut icon to find the file location. Make note of it. You can’t delete the file in regular mode since Microsoft sees that the application is running.
SO . . .
3) Restart computer in SAFE mode. For me – in Windows 7 – Security Tool did not automatically start running like it does in regular mode.
Download the Malwarebytes software and run as directed by this website.
4) Go to file location noted and DELETE the Security Tool application (randomnumber.exe).
5) DELETE the desktop shortcut.
6) EMPTY Recycle Bin.
7) Restart the computer in regular mode.
I cobbled this solution together from reading what everyone else wrote. Hope it helps. A bazillion thanks for earlier contributors that lead me to this solution.
JeffC
what you can do is begin the computer in safe mode. open the task manager by right clicking on the tool bar or selecting ctrl+alt+delete (i think its this second way to open it because the malware wont allow you to open it by right clickin) then in either applications or processes, look for an open process that is completely all no number, no letters, and end it. then in the run program shortcut, type in C:Documents and SettingsAll UsersApplication Data and then a folder should pop up with a whole bunch of numbers that are exactly the same as those in the task manager.
I started my computer in safe mode, then I was able to right click on the security tool icon and find it’s properties (location/name/filetype). I deleted the desktop Icon which seemed to stop the malware from interfering with my work in safe mode as i attempted to eradicate it from my wife’s computer. I found the file in the C:/ drive and sent it to the recycle bin. Even so it was still appearing as an .exe file in startup applications so I de-selected it and applied. I restarted the computer and it was gone. the file in my case was 07184222.exe, there was also a .pf file involved.
OK people for crying out loud the safe mode i keep hearing everyone is doing that which is great ok but my question is why the f8 key? i mean not everyone has a similiar computer that works with the f8 key i have a inspiron mini aka a mini dell and my f8 key is my volume key so what other key is there for me to use?
My computer will not use F8 to start safe mode, either.
Instead, use F1……
I also had the same aggravating virus. Like another, I restored back to the day I bought my computer. Seems to be working thus far, but is a lot of updating to catch back up on for operational programs. But that is so much easier, and less stressful. When your computer is running optimal (such as the day you buy it) SAVE THE RESTORE POINT FOR THAT DAY!!!!
You will not regret it…..
Just make sure you have any user names and passwords,,,install programs with keys,,etc, etc,, stored on disk or zip.
Good luck….
I ended up restoring my computer to original factory setting to get rid of this security tool virus. It worked but now I have to re-install a lot of stuff back on my computer.
my friend computer is infected with security tool rogue virus. here’s what i tried
1. unable to access safemode or safemode with networking it just boot loop repeatedly to advance boot option. computer windows xp home edition. internet connection available but limited cause security tool always popup
2. cant access msconfig, cmd, regedit, taskamager, proccessxp (third party taskmanger) malwarebytes, super anti spyware, trojan remover, portable super ant spyware file name as random numbers with .com file extention it just flashes for a sec then close down automatically then security tool popup saying msconfig and all the application listed saying that it is infected
3. tried renaming file extention. to .com .bat .scr .pif same error security tool popup saying the file is infected conitinue unprotected?
4. tried running rkill same error. even tried online scanner didnt work unable to run.
5. also tried renaming regedit.exe to regedit.com or .bat no luck
6. system restore unavailable its disabled. no restore point available
7. export HKEY_CLASSES_ROOT .exefile entry and renamed it to blah.reg from another computer and transfer the file over to the infected computer. same thing security tool popup saying blah.reg is infected.
im out of possible solution. any inputs???
restart your computer when it sucurity tool starts to scn prees control alt delete and press security tool and end program then click malwarebytes and finish it off by going through the steps above.
thanks for the reply but taskmanager flashes for a second and disappear as i mentioned
that doesnt work for me like it just send me to a different screen saying lock this computer log off change password and start task manager
i tried to download shopzilla so i can remove security tool from my computer but security tool keeps popping up ,so it won’t let me download malware . i hope that you can help me thank you
Please follow simple instructions below. You dont have to install any software or follow any complicated manual steps.
1: Click on my computer TOOLS>Folder Options>View>Show Hidden files and folders
2: go to c:/Documents and Settings/All Users/Application Data and there should be a folder by name 50400342 or similar folder.
3: Rename 50400342 to any desired foldername like test
4: Restart Your Computer
5: go to c:/Documents and Settings/All Users/Application Data and DELETE TEST or Renamed FOLDER that contains the virus file.
6: Now you should be able to start task manager by pressing ALT+CTRL+DEL…..look for any suspicious processes like any file with just numbers on it and carefully review all the processes
The reason behind doing this is simple. The Security Tool software is just and exe file located in the above mentioned folder. It simply acts as an antivirus and closes all the exe files as soon as it is opened. In this process we are just fooling the program by renaming its home folder and stopping it to load in the memory upon restart. After we stopped the loading of the file from the memory, we are just simply deleting the virus file of existance.
Hey Shasankh,
Can u help me? my home computer will not let me open any of me desktop icons it won’t even let me do a system restore.I get a anti virus saying ur system is under attack blah blah blah what should I do?
thanks abunch 4 yr time
Please Anyone I Need Help Please Anyone Give me Instructions Of How To Delete Security Tool im not a teck. guy i need good instructions and i cant open any desktops or taskmanagger HELP!!!! PLEASE Reply Me.
is anyones computer shuting down in a hour of summin close to that because it keeps doing that HELP!!!!! PLEASE!!!!!
ok i have the same problem, but i found out how to get around it what u need to do is boot ur computer in saftey mode, when u turn on ur comp. u are goin to hit the f8 key a few times before the windows starting screen and then do safety with connection. and it should work
When I boot up in normal mode all I get is coloured lines horizontally across screen, after a minute computer shuts down.
System tools, is a headache for sure, but you don’t need to buy any malware tools.
Here is a fast quick fix option.
1) Power up, then repeatitly hit your F8 key to enter the Safe Mode. Scroll to safe mode press enter.
2) click to open Recovery
3) click to open System Restore
4) back date a couple of weeks, before System Tools virus hit your PC. (note back up any files/pictures etc., recently saved ).
Now your system will be clean again.
5) next run a complete system scan using your Norton, or other security program to tie up any lose ends.
hey i have same problem!!!” have the Security Tool virus and have downloaded the Malware software but the virus won’t let the software run. What can I do?” did u figure out?? what he means by safe mode???
Just fixed this in about 2 min… Windows Vista has a system restore program that backs up your system once a day or so. Go to Control Panel – System and Maintenance -Back up and Restore center – Click on Use System Restore @ bottom of window. Choose a restore date prior to the virus. I’ve had this virus for over a week so I restored to the day before it showed up. Appears to be gone now. You’ll probably lose anything new to the computer after the restore date.
Vista Home Premium
My kids have this on their computer
I run Malware Bytes in Safe mode and it will delete it but when I reboot the machine it starts all over
I can NOT get into regedit to stop this thing
I can NOT get to the all users folder
how do I get this off this machine…..
I have tried to run RKill but the Security Tool stops it before I can get that open….
very frustrated…..
I have the same problem as you Genny and I can’t run any anti viruses softwares!
This thing was nasty but not too hard to get rid-of.
Shut-down computer.
Re-boot in safe mode by hitting F8.
In safe mode, find Security Tool files.
Right-click, properties, and then change all security tool files to, “read only”, then send to the recycle bin.
Look around a little, I had it in my programs and some other places. Shut-down.
Turn computer on in regular mode.
The System Tool virus appears to attack your computer’s BIOS by changing it from the Default setting. The easiest solution is to press the proper Function Key when your computer starts up so you can get to the BIOS. When the BIOS appears, look around through the tabs until you find something that says “Set [BIOS] to Default.” That is all that my computer required.
Most people don’t know that your BIOS can be programmed through software commands. Who ever created this virus was lower than a snakes belly because he (or she, or it) changed the setting of the start-up hardware. For this reason the computer is “unaware” that is has a virus and most virus software cannot find it. Virus detection software counts up numbers and compares them to other numbers. If there are discrepencies then the anti-virus software will flag it.
This virus appears to install some fancy fear graphics which are easily undetectable by most anti-virus software and some code to inhibit (lock out) other software from running (rather easy to do actually). When you start your computer the first thing it reads is the settings in the BIOS. I assume the BIOS is told to execute a deeply buried bit of code, probably no more than a .txt file, somewhere on your drive.
I tried this in safe mode, but as soon as it would come up it would exit itself out. When I clicked on the icon on the desktop it would say invalid icon and would say search manually for file. Any thing I can do?
Ok so I got malware bytes to run by doing this:
run windows in safe mode (F8)
download Malwarebytes to the desktop
open the install directory, C:Program FilesMalwarebytes
now run the installer and as it’s installing watch the install directory and as soon as mbam.exe is in there copy and paste it to the desktop (be fast because it’s about to magically disappear)
after that copy it back to the install directory and run mbam.exe
run the updates and do a scan.
Thanks for the tip I was about to look for the file online, your approach was easier. Although I did have to do it 2x – you’re right it does disappear fast! I just got this last night (just by clicking on a website – didn’t even download anything) and was able to delete some the files but it replicates so I can’t find them all manually. Thanks for the tip – now I can just let Malwarebytes find the rest of these files.
Same problem here. Are there manual instructions on removel? What files/keys does it use/create? Do we need to/can we shut down system restore, go into safe mode and delete the entries?
It creates random files and keys, so it’s hard to find them.
Run your computer in safe mode. Run a command prompt and type “msconfig”. In the startup tab, disable all. Restart and then try malwarebytes and combofix.
in response to my msg above I meant run the “RUN” thingy in your start menu. Then open msconfig by typing “msconfig” into the line. By disabling the startup items u can reboot without the security tool running. This allows you to reinstall malwarebytes and run it.
i tried to go in RUN program but it comes up error on page. also a pop up comes up saying WINDOWS CANNOT ACCESS THE SPECIFIED DEVICE, PATHE OR FILE .YOU MAY NOT HAVE THE APPROPRIATE TOACCESSTHE ITEM. can someone help me
I too have this damn virus. I followed your thread and after reboot and downloand of mbam.exe I got an application error. Was I supost do reboot in safe mode?
Me too. I successfully disabled the start up in safe mode, then tried to run the Malware application but it will not run saying it cannot find the mbam.exe file. I browse to it but it the program will not accept it. I kept trying and once or twice I actually got to the window where you can prompt it to scan but it disappears within seconds.
One more thing. I can open programs now, which I could not before. I only have free AVG virus software. I am running it now. Should it find this damn virus and delete it? Is there another anti-virus app I can use to delete this. I’d rather pay for that than have my computer re-built.
Ok so I got malware bytes to run by doing this:
run windows in safe mode (F8)
download Malwarebytes to the desktop
open the install directory, C:Program FilesMalwarebytes
now run the installer and as it’s installing watch the install directory you have open and as soon as mbam.exe appears in the install directory copy and paste it to the desktop (be fast because it’s about to magically disappear)if you miss it just reinstall it again
after that copy it back to the install directory and run mbam.exe
run the updates and ran a scan. It will remove security tool.
I know this sounds weird but it totally worked to get Malwarebytes to run and remove this.
Good luck
and i didn’t even have to mess with msconfig
I have tried everyway i can think of to get itno safe mode… any suggestions?
You have to hit F8 repeatedly at start up, then one of the options is ‘Safe Mode with Networking’ which you can select with the arrow keys and enter. This should do it!
Thank you, thank you very much! This is the only method I have tried that works, cheers!
I am going crazy! Is there anyone who can help me?
did you try both methods noted above?
I tried one and that did not work. And then I was confused about this posting of yours.
Ok so I got malware bytes to run by doing this:
run windows in safe mode (F8)
download Malwarebytes to the desktop
open the install directory, C:Program FilesMalwarebytes
now run the installer and as it’s installing watch the install directory you have open and as soon as mbam.exe appears in the install directory copy and paste it to the desktop (be fast because it’s about to magically disappear)if you miss it just reinstall it again
after that copy it back to the install directory and run mbam.exe
run the updates and ran a scan. It will remove security tool.
I know this sounds weird but it totally worked to get Malwarebytes to run and remove this
Dan is right, you should be ok now
This virus is annoying.
Download mbam-setup (malwarebytes) and save it to your desktop
Download combofix and run it in Safe Mode.
After it runs and is done, install mbam-setup.exe
Run a quick scan and remove remaining .exe files
This virus is basically attaching itself to every .exe process because of dlls. Mbam.exe will not run because the virus deletes the file. To get around this – rename mbam.exe to something different like “bytes.exe” and then create a desktop shortcut from that and it will run.
I am running combo fix now. I need a drink!!!
Combofix is now rebooting. Should it reboot in safemode.
I ran it all in safe mode, try that
It worked!!! Thank you so much!!!
1. Reboot PC into safe by holding down F8.
2. Go c:documents and settingsall usersapplication data
3. You may have to click on Tools > Folder Options > View Tab > select show hidden files and folders.
4. Under application data folder look for a number like 29721425 on a folder the virus has batch and executable file in this folder.
5. Click Start > Run > regedit > Search the folder number 29721425 in your registry. When found delete the key. Press F3 to search again and delete registry key again.
6. Reboot PC virus will be remove.
I somehow got this virus after I left my computer on overnight running a LavaSoft Ad-Ware scan believe it or not. After reading through this entire thread, I finally went the regedit route to get this removed. I tried Manny’s method but I guess the mbam.exe was getting removed so fast, I never saw it come up in the directory to copy it off. I don’t like messing with my registry, but this was the only solution that worked. It found probably around 5-7 keys that I had to delete. So far no more freakin’ Security Tool virus. Thanks Jon.
…. Umm, the second step is already my problem..
My.. c:documents and settingsall usersapplication data is unaccessible… and so I can’t do anything at all… any advice?/
What can you do when you cannot start in safe mode? When I click (enter) on safe mode, this comes up next: Select the operating system to start. Windows xp Media center or Microsoft Windows recovery console. When I click on either one, then this comes up: We apoligize for the inconveniece, but windows dis not start successfully. A recent hardware or software change might have caused this.
From: Jon
To: Skylar
If you cannot reboot into safe mode, let your Windows XP boot up.
1. Click start > click Run > type msconfig > Select startup tab > Select Disable All.
2. Reboot PC hopefully, the hidden files located at c:documents and settingall usersapplication data2972142529721425.exe and 29721425.bat will not startup.
Then follow Step 2: from my earlier post.
Good Luck!
OK, I clicked on start, then run, typed in misconfig, the hour glass came up, then disappeared, then the security tool pop up in the lower right corner came up and says: misconfig.exe is infected with worm Lsas.blaster.keyloger. I must have the super duper security tool virus. Nothing I have tried has worked. I tried to download malwarebytes from a disc, and it blocked that too, superantispyware from a disc, blocked, ad-aware from a disc, blocked. Renamed the ad-aware file name to 123.exe, blocked.
time to get the 12 gauge out?
Nah just install malewarebytes on a flash drive on a clean computer. Just make sure to select the correct drive when you install. update the file than eject the flashdrive. Now boot your infected computer into safemode and plug in the flash drive. Your should be able to open the file of the flash drive and run it from the flashdrive with no problems.
I’m having the same problem as Skylar. I am unable to boot in safe mode. Which pretty much means I’m screwed, right?
I can’t run mdam.exe. I can’t run msconfig. Everything I try to run is blocked by this virus.
Got any other solutions?
my laptop would not start at all so i pressed f8 continually then i selected sn option “restart from last successful boot” or something. then when you see your desktop right click the security tool icon, click properties and enable the read only box. then click apply, then in the shortcut tab you will see target and this is the file location. it should be in a sub folder in c:/program data/07133633( or some other series of random numbers) rename the file itself, and also rename the folder i have just described. restart your system and when you log on it will not be so annoying. i still need to run a malware programme….. i hope this helps.
omg lolz u guyz rock! i had that damn virus on my pc and couldn’t get anything to run and mbam was down for the count and BOOM snagged the copy and pasted the mbam.exe back into the file and it worked like a charm pc is up and running and ima back to work
Skylar:
You have to somehow get your PC to boot into Safe Mode in order to defeat this virus! Safe mode will prevent the virus from loading at startup.
1. Try safe mode with networking (press F8)
2. Trouble Getting into Windows 2000 or Windows XP Safe mode – If after several attempts you are unable to get into Windows 2000 or Windows XP Safe Mode as the computer is booting into Windows, turn off your computer. When the computer is turned on the next time Windows should notice that the computer did not successfully boot and give you the Safe Mode screen.
Any luck?
This thing is annoying, i’ve been trying different thinks all day!
Hi, I found a manual and automatic removal at
http://www.im-infected.com/rogue/security-tool.html
Ive used the automatic removal with malwarebytes and it works.
And yeah, i have the same prob as skylar… NO IDEA how to boot it into safe mode… ><
to get your computer into safe mode you have to go into the msconfig click the BOOT.INI tab and check safe boot then restart and it will be in safe mode. but make sure you uncheck it when your done so it wont reboot again in safe mode.
I’ve had to buy PrevX 3.0 to get this thing out of a company PC, could not get Malwarebytes or Superantispyware to run.
No msconfig, no taskmgr, no system restore, no F8/SafeMode!
$30 is not a terrible amount of money, but PrevX has also prevented many of these types of software from loading on my home PC’s. A few times I got popups from PrevX notifying me NOT to install software, and this was just going to “normal” sites that AVG had marked as “Safe” sites.
Yes, nobody wants to pay for software, yet having something like this that boots with the system, detects infections on removable media, websites, etc that catches this junk in the first place, you’ll consider it money well spent in the end if your time has any value whatsoever.
Consider buying and running resident software like Malwarebytes, SuperAntiSpyware or PrevX (the best and lowest system resource).
THANK YOU MWHUNTER!!!! I tried to get rid of this nasty virus with no luck using Norton utilities. I tried your suggestion of prevx 3.0 and it worked like a charm. One thing I noticed: Norton found 33 bad files but Prevx found 45. I don’t know if it is because Prevx works in the “cloud” but it found the source and killed it. $30 is a small price to pay to get rid of this problem. Thanks again mwhunter
ARE YOU MADELINE WOOD HUNTER
Mannys solution did the trick for me. Had to run the install several times because the first couple time is removed the .exe file before I could copy it from the install dir. After I did get it copied back it ran and scanned like a charm.
Hi Jon – I’m following your instructions because I finally got my anti-virus software to run in Safe Mode and it found a file 61038422. There is an .exe file in the folder but no batch files. Does that mean the scan hasn’t found the batch files yet?
The anti-virus will take another 3 hours to run so I’d like to go ahead and delete the file from the registry as you suggested unless you think there may be more files hidden somewhere.
Thanks!
I think I found the perfect solution. I simply booted up in safe mode and used system restore to restore to yesterday. Worked great and didn’t have to download anything.That means that I got the darn thing today. Anybody know where this thing is picked up? Is it possible that it came from YouTube?
I got the virus today as well but I was not on YouTube.
I heard update to Adobe can do it – I got it today. I did an Adobe update 2 days ago…
And that sounds like a good solution also that Rick has but I would lose today’s work which would be a drag.
Can’t you save today’s work to an external source or disk Genny? I sure would like to figure out where this thing was picked up. I can’t really think of any untrusted sites that I have visited.
Actually, after a good part of the last 10 hours trying to find a successful solution to this blasted virus I’ve forgotten what I worked on this a.m. I’ll run a search on what I did today.
How do I do system restore?
Thanks!
HEY!!! if you go to run.C:windowssystem32 , find the file taskmgr and make a copy of it (Ctrl+C CTRL+V, rename the file iexplore and run it, it will run the task manager, from there you can end the virus, it looks like a bunch of numbers, for example: 7431948234.
This worked great to turn off the virus. But I still can’t run malware bytes. Whenever a file named mbam.exe is created, it immediately gets destroyed, therefore I’m unable run mdam.exe to get rid of this virus.
I’ve posted to malwarebytes.org to ask for assistance there, and I suggest others in my situation do the same.
so you got the virus terminated via the task manager method? After you terminate it, you have to do a system restore.
Thanks Nobody! I got malewarebytes to run by renaming the exe to Iexplore. I was then able to get back in my PC & do a restore. There were 2 exe files left, one called seres
that was still messing with the regisitry & admin settings. Not worth fighting it. I did a clean restore & now it’s a better world.
There are several ways to run system restore. As mentioned earlier, you have to be in safe mode or the virus will prevent it. Just go to “windows help and support” center on the start menu and under tasks go to “Undo changes to your computer with System Restore”. Click on that and it it will guide you easily thru it. If you can’t access system restore that way, you can just do a general search for it. I don’t know why anyone would use another method to undo this virus since it is so simple and only takes a couple of minutes.
I am running windows vista and just got the Security Tool spyware like an hour ago. I already had malware malbytes and am currently running it to deal with the spyware. The windows defender has picked up on some trojan Winwebsec and is rated severe is this a fake windows defender part of Security Tool or is the threat genuine? Also will it be removed by malware aswell?
P.S. i think i picked mine up from egoshare
This exact same thing happened to me a year ago shortly after the subscription ran out on my antivirus software. It pretended that it was my own sofware and scanned all of those viruses and said that I was under attack and had to update my subscription to get rid of them all. It scared me so badly I fell for it and gave them my credit card. I immediately realized my mistake when they said it would be 45.00 and once I submitted it, it said thanks for the payment of 92.00. My point to all of this is that someone seemed to know that my antivirus subscription had expired and it seems like more than a coincidence that I let my subscription expire again just one week ago. How do they know? Do you think whoever is spreading this virus has access to the antivirus database of expired subscriptions? Anyone (or everyone) else let their subscription expire lately?
What I did..
I ran the setup on another logon on the computer and didn’t even touch the run prompt or had to be speedy about it.
..I hope this clears up a lot of confusion.
Im running malware still so hopefully it should remove Security Tool but also i have another problem. Im not sure if its casue by Security Tool and the trojan Winwebsec which have infected the comp but the background is black and my old background seems to have been deleted. Also when i click on anything like open the scan window the icons on the desktop disappear. The only way to show all the shortcuts on the desktop again is by pressing the return to desktop key in the toolbar. Is this caused by the aforementioned programs and will it be fixed when malware finishes?
The problem got worse again the exact same things happened to the other comp as their networked and now both are infected and both have the same background problem. i am running malware bytes on both to remove now. If the virus is fixed on one comp will it just be reinfected by the other?
Do viruses attached to certain file types or can they infect any type depending on how they are written? Scanning takes 4 hours and if I have to do it again I’d love to pick and choose files.
I’m pretty sure that Security Tool attaches itself to any .exe file… so if you go into run and type in: C:Windowssystem32 , unlock the “hidden files” and find the taskmgr.exe file; make a copy of the file and name it iexplore, it will allow you to run the task manager. From there you can find the virus in processes (the name of the virus is a random string of numbers such as: 4792342398) after you terminate the virus, rna a system restore, and you should be up and running.
I managed to scan my computer with Malwarebytes but once it finished, the Security Tool was still there. What should I do?
Thank you all for your advice manny i did what you said and finally got rid of this annoying virus after many attempts. I appreciate it
Reply: To Genny
You said: Hi Jon – I’m following your instructions because I finally got my anti-virus software to run in Safe Mode and it found a file 61038422. There is an .exe file in the folder but no batch files. Does that mean the scan hasn’t found the batch files yet?
Genny – The batch is hidden I only saw the .exe file also, I deleted the batch registry key when searching the number associated with the folder that contains the virus.
Just search the registry using your number 61038422 and delete the keys. Remember to hit F3 to search again, and delete again.
It really works!
Good Luck
1st. Download Superantispyware remover, its free
2nd Download MalwareBytes Anti Malware (also free)
3rd Download Norman Malware Cleaner (also free and very good)
4th Download ATF-Cleaner
update as neccarcy
all these should be easy to find by googling them
5th Start pc in safe mode (F8)
6th Select Safe mode with networking
7th Run and scan using MalwareBytes Anti Malware remove what it finds
8th Run and scan using Superantispyware remove what it finds
9th Run and scan using Norman Malware Cleaner remove what it finds
10th run ATF-Cleaner select all and remove
all of these will take about an hour depending how big your drive is
11th start again in normal mode
and smile
heres what I did do get MBAM ro run. Go to safe mode.
Install MBAM in safe mode. When you get to last setup screen (witrh the checkboxes for update and run mbam) STOP- dont click the last “next” or install” button.
Go to the directory you installed the program to. (by default, C:Program FilesMalwarebytes’ Anti-Malware)
find mbam.exe and rename it to mbam.com
THEN finish the install, and run that mbam.com file
I did what nobody said to do, I found the batch of numbers it was 7534598454.exe, or something like that, I clicked on end process. Restarted my computer, and the virus is still there. Then I tried what Rick posted at 8:58 pm, I tried restoring the computer to last Friday, a couple of things happened, then a window came up and told me the restore was unsuccesfull. So I went to try to do a restore again to a different time, and now I cannot access windows help and support, the virus has blocked it.
to get Malwarebytes to run change the install directory name(this will allow it to install correctly) then rename the file MBAM.exe doesn’t matter what to but this will allow it to install and run. It won’t matter what mode you run your computer in.
PLEASE NOTE: I’ve just spent 8 F#!@en hours on it.. So here’s the steps I took. PLEASE READ ENTIRELY and NOTE THAT THIS WAS MY HELL ON EARTH experience as the virus wouldn’t let me get to ‘SAFE MODE’ I know a few of you had this problem (and some might still have it)
I did everything everyone suggested but found these few things to be helpful. I also did all of this without my computer connected to the internet just to be safe.
1. The guy who programmed this thing is smart. disabling all exe/bats. so I had to create other means of getting to my programs, shortcuts and some renames (as suggested above) worked and I also ran a chance on doing coms (surprisingly it worked). Note that my renaming convention was random and I didn’t use things like ‘spyware.exe’ or anything too obvious, reason is I tried a few renames along those lines and it failed to run the program. Yet when I did renames along the lines of GHDHR2345.exe, it ran (go fig).
2. renamed the task manager (following the above convention as suggested by a previous poster) and then went in and shut down the viral process. (this is also listed by someone in a previous post as programs with a string of numbers ie 1234657.exe)
3. ran msconfig and shut down ALL start up processes
3a
4. ran malwarebytes /
5. eliminated everything.. (or so I thought)
5a DO NOT RE-ENGAGE ALL PROCESSES, this is where the fun (or pain) actually starts.
Now here’s where things get interesting.
6. After you run it, you think things are fine, but run malwarebytes again and you might find more copies of the virus! (I know, since I did) and actually it won’t be ‘secutiy tools’ related by random weird trojans.
plus you’ll notice after your reboot you’re going to have a ton of DLL errors, these errors are from the virus and they’re probably still in your trashcan. CCleaner might be an option.
7. I’m guessing that this virus is pretty ingrained into your files, meaning getting rid of it is only 1/2 the battle. In one scenario the virus is a time-bomb / action based script where it’s going to react everytime (or start a count down) everytime you start your computer or run program X,Y,Z. The trick is going to be rooting it all out.
8. Deleted all cookies and Uninstalled my web browsers and ran malware and found more traces.
It’s in the AM now and I’m still letting my system run malwarebytes, etc.
My gut instinct tells me that this malware is definitely ingrained in either our browser execution or something we have to ‘run’ a lot. It might also mean that this stealth malware (if I can call it that) will still be in our system until a) we do a formatting or b) someone truly figures out a way to remove it.
AGAIN PLEASE NOTE:
This was my experience with the Security Tool malware. From what I read, everyone is having a few different experiences. A few of you here are having what happened to me the first time around. So a quick after thought might be, after you get your system up and running, perhaps it’s time to do a clean install.
Sorry you are trying too hard!!
1. open my computer
2. open “C” drive
3. find the program files
4. security tool has a folder and icon
5 rename folder
6. delete folder (it won’t delete if you do not change the name)
7. reboot
8 if you can try malwarebytes if not download it and up date
9. run all the anti
10. go back and search for the dlls do a complete maintence
Thanks, sweet/simpe and it worked
bro how did you get passed the safe mode part i cant even get to safe mode PLEASE HELP
Manny, thanks so much for the information. I was never able to find the mbam.exe during the install. However, I did have Malwarebytes downloaded on another computer so I opened Malwarebytes on the noninfected computer. Then I ran the update and closed Malwarebytes. I then navigated to C:Program FilesMalwarebytes and copied the mbam.exe to a flash drive. Then I copied and pasted mbam.exe in the C:Program FilesMalwarebytes directory on the infected computer. I was able to successfully run the software.
I’m just hoping the virus stays gone this time. I called myself removing it yesterday but it returned this morning.
I was forced to do a clean install of the OS. The anti-malware programs don’t get rid of the program completely as others have stated. The only true way to rid yourself of this nasty program is to wipe the disk and start from scratch, unfortunately.
First restart in SAFE MODE I hit the F8 key several times from a fresh boot (when the Bios displays somethings on the screen). Then I chose SAFE MODE with NETWORK enabled (so to have the WiFi working. then I downloaded the file wbam-setup.exe from CNET.com and prepared an empty folder – calling it whatever. Then I opened up the empty folder whatever and selected the VIEW option to be DETAILS and not hiding extentions. Then I installed the file I downloaded into that folder. As soon as saw the file wbam.exe I coipied it and pasted it onto another folder. You have to have both folders ready open. then when the file wbam.exe disappeared as expected, I pasted it back and it was all good. then I ran the wbam.exe by double-clicking and took care of the little bastard. Only when I restarted, dunb Windows complaiined it could not find ‘midogiru’ which is still in the registry. So if you run in the start menu, RUN, and then type REGEDIT, in RegEdit you can search for ‘midogiru’ and delete it. This will take care of the Windows complaining about it being missing which is a good thing that it’s missing. Many thanks to SOFT SAILOR which saved me! may the force be with you, always!
I got hit with this awful Security Tool package today, and spent several hours fixing it. Many thanks to all of you who have posted your helpful comments. I used the suggestions on this page and eventually found my way to freedom from the virus (or whatever it is exactly)!
When I had the same trouble downloading the Malwarebytes as everyone else, I took the suggestion to go to my Registry Entry in Safe Mode and delete the Security Tool files there. That worked well enough to at least get my programs back up and running. However, my desktop background was still different and I still couldn’t download the Malwarebytes software, so I figured I still had hidden parasites from Security Tool in some obscure place.
Next, I ran a Systems Restore in Safe Mode, and that seemed to help tremendously. Everything booted up as normal. At that point, I could download the Malwarebytes program. It ran a scan on my laptop for 40 minutes and found 10 infections! I cleared them all and promptly set up Firefox as my internet browser from now on.
Hopefully those nasty parasites will stay far away!
Thanks again to all you computer gurus who assisted me today.
Hi
this virus is awful
I opened safe mode and ran malaware which seemed to get rid of it
but now my pc is slow and google chrome or IE do not run
Any ideas?
yeah, same here my internet does not work wireless no not… its dumb everything is so slow… help!!
Your anti-malware software may have deleted alg.exe, which is a windows application layered gateway that opens up internet connection. Go to some good tech store and get it back.
SYSTEM RESTORE IS THE SAFEST AND EASIEST WAY FOR ME.
(got ST twice, and deleted 1nce with anti-virus, then SYSTEM RESTORE, which actually finished it off)
We had this problem…our tech who is a good friend brought us MalwareBytes Anti Malware on flash drive and installed and ran it….the computer seemed ok, but then the damned security tool reinstalled itself! For three days I’ve been dealing with this! Finally today I re-ran maleware, deleted the files, immediately when and updated our anti-virus (Avast) then downloaded and installed PC Tool Firewall plus. Now FINALLY it SEEMS to be ok. But beware, because for some reason this thing will re-install. If you’re not running a firewall you might want to think about changing that.
make sure it has been completely removed from program files!
i reformatted my computer 4 hours ago from “Anti_virus_pro_2010″ and now Security tool has downloaded, Fuck my life.
Easy version if you have a second computer available:
1) Download and install MalwareBytes to a thumb drive.
2) Run infected computer in Safe mode with Networking (f8 at startup)
3) Install MalwareBytes on infected computer
4) Copy Mbam.exe from your thumb drive into the MalwareBytes program files folder (C:Program FilesMalwareBytes)
5) Run, update, scan
This did it for me, no command prompt or msconfig necessary.
I got this today. I already had MalwareBytes on my machine and it ran ok when I booted in SAFE mode. But SpyDoctor now keeps running over and over. SO I have to see what thats about. I am 99% certain I got this virus via an instant message window on a PAY site that I *previously* trusted.
ok so i cant even got on the internet to download malwarenor can i use a flash drive or zip drive…. help please…
Has anyone simply tried Windows Restore to go back a few day before the infection? It worked for me.
Yes tried restoring to a few days to few weeks to few months, doesnt work.
Any ideas on what to do.
IE does not have add ons – how to fix?
trry my previously mentioned task manager soultion… THEN system restore!
Finally was able to run MalwareBytes per jdawgs suggestion by installing an updated copy on my flash drive and running it on my infected pc while it was in safe mode. I ran a full scan first and it deleted all infections except for 1 which it claimed it would do on startup. A 2nd quick scan seems to have eliminated all traces.
bill h. solution worked beautifully. Really quick.
okay so i just called a friend of mine who is a genius at computers. He said to download combo fix run that and then when the system reboots to run malwarebytes. am doing this now wish me luck and hopefuloly this shit virus will be gone
Malaware removed virus but killed crome and IE
what to do??
when i go to install malwarebytesnit says
unable to execute file:
C:Program filesMalwarebytes’ Anti-Malwarembam.exe
CreateProcess failed; code 2.
the system cannot find the file specified
how can i fix this!!!
This is not a solution.
Okay, so this is what I did, step by step.
I started my computer in Safe Mode with Networking, downloaded the program and installed it while still in safe mode to avoid having the virus eat the program, but that DID NOT work.
As soon as I started my computer and ran it in the normal mode (Because MalwareBytes Anti-Malware would NOT run in Safe Mode) the virus would destroy the Mbam.exe file. So, I did what was advertised on other websites, and I think also commented here and installed it on another, uninfected computer, then transferred the program over to my computer, but again, the virus attacked and destoryed the Mbam.exe file.
So I fallowed another set of instructions, which was to be quicker than the virus.
And to anyone who’s read that, copy the mbam.exe file, instructions. What the person means is open the program files folder and open the MalwareBytes folder, (as it’s installing) cut the mbam.exe file and paste it anywhere else before the virus reacts and destroys the file. (Its close to impossible with a fast computer.)
Well, after a good 48 tries, I cut and pasted the file before the virus attacked it.
Then promptly ran MalwareBytes Anti-Malware.
Things APPEAR to be back to normal, but don’t trust it for a second. The Virus is still in my computer and it’s still doing damage. Not only that but it tends to reinstall itself, and when that happens it will attack MalwareBytes.
I had to use a series of different tutorials to hide the Virus, and I’m not satisfied with just hiding it.
I want the virus out, but that’s not going to happen with anything advertised on the internet right now, unless you want to spend a couple hundred dollars trying out different programs.
MalwareBytes will only slow the virus, and if you run MalwareBytes a good 20 times per day, you shouldn’t have the virus bother you. But if you want to get rid of it, your best option is spending a retarded amount of cash to find the right program to delete it, or you just f-disk your computer.
Don’t trust for a second that its gone after you use MalwareBytes. It still has loggers in your computer and you will get your information taken.
Sorry to burst everyone’s bubble.
Thanks Nobody. It worked. I am running Malwarebytes.
If your computer does not let you install it, reboot your computer, and while it is restarting, hold F8. After you get to a screen with three sections of options, you want to use your arrow keys and hit enter on ‘Start Windows in Safe Mode With Networking’. You should be able to install it from there.
Hi guys, just got Security Tool a few hours. I downloaded MalwareBytes and tried to open up in Safe Mode, but so far no luck. It’s (1) preventing me from running MB’s install, (2) preventing me from opening MSconfig, and (3) I can’t seem to open Safe Mode. When I attempt to open Safe Mode, a bunch of files with the prefix “Multi(0)Disk(0)partition(0)…..” or something along those lines scroll across my screen, eventually ending in a blue screen stating:
A problem has been detected and Windows has been shut down to prevent damage to your computer.
PAGE_FAULT_IN_NONPAGED_AREA
at which point Windows suggests disabling some things in BIOS. The blue screen finishes by saying:
Technical Information:
*** STOP: 0×00000050 (0xc7E91094, 0×00000001, 0×80537009, 0×0000000)
If anybody knows what that means, or has any suggestions, I’d love to hear them. As noted, this only happens when I boot into Safe Mode. I can boot into Normal Mode fine, but of course, when I do so, SecTool prevents me from running even msconfig. Thanks!
have you tried Manny’s instructions above yet? That worked to get Security tool to stop interfering long enough for me to run MB’s install. Then when you install MB, have window’s explorer open to the MB folder while you are installing because security tool will delete the exe file as it’s installing so it won’t run. you have to be quick (it took me several tries) – when you see the mban.exe appear copy and then paste it to desktop. then copy back and you can run MB. this is virus is a real pain – I got it last night.
I believe that Manny’s instructions are designed to be run from Safe Mode. As noted, I cannot get Safe Mode to open on my computer; I tried doing that in Normal Mode, but nothing “pops up” inside the target folder – not even for a split second. Basically what I’m looking for is suggestions as to (a) possible ways of getting Safe Mode to work, given the error message displayed above, or (b) ways to fix this without using Safe Mode. Thanks in advance!
to get Malwarebytes to run change the install directory name(this will allow it to install correctly) then rename the file MBAM.exe doesn’t matter what to but this will allow it to install and run. It won’t matter what mode you run your computer in.
Oh, forgot to add, the program prevents me from running regedit, task manager, etc., as well.
With everyones help all together this page has helped alot…This is
a very advanced virus, it completely locked me out of all programs, Task Manager, my system settings, msconfig, and wouldn’t (and still wont) let me reboot in safe mode in any way…
renaming task manager didnt work for me but renaming msconfig did (first i copied the file), i renamed it to firefox and it worked,i shut down all start up processes, and restarted pc, i have a secure deleter that i used to delete all the secure tools and av2010 files i could find, looked up dll’s (on another pc) and hidden files and registry files, deleted all i could find. and still its still somewhere.
all these antivirus programs that are listed here(malwarebyes, spyware doc etc…) WILL NOT COMEPLETELY GET RID OF THIS, well it wouldnt with mine atleast… i’ve used registry cleanerS, and many
i repeat MANY different antivirus programs they all couldnt completey remove it…
everyones experience does seem to be different, there has to be different versions of this virus, but it names its key or core files randomly, and NO ONE can pin point exactley what YOU need to
delete, there are a couple of sites out there that tell you most of them, but I tried securely deleting all of the files listed, from dlls to getting into regedit and getting rid of registry files, so like some others are saying
your best bet is to start all over, wipe your hard drive.
back up your important files after disabling your start up processes and move on.
I also tried everything that was suggested but the more I did the more the virus seemed to spread.
Doing a System Restore is probably a good solution if you are positive when the virus got through and if you do it before you try a million other fixes, one of which, for me, was getting Malwarebytes to download properly, which never did work. I ultimately ended up with the Security Tool icon in safe mode and there were so many registry keys affected that I decided that was a good place for me to stop before I did permanent damage.
I’ve now learned that these damn viruses can mutate anyway so I agree that THE BEST SOLUTION IS TO BACK IT UP AND WIPE THE HARD DRIVE CLEAN. The hours I spent trying to fix this could have been spent reloading and tweaking.
Hate to disappoint all those negative-souled virus writers out there but although this was frustrating and tedious, it was an invaluable learning experience.
Hi everyone, just thought I’d share a simple way to get rid of SecTool for those who, like me, are prevented from booting into Safe Mode.
1. Start up in Normal Mode.
2. Immediately go to Start -> Run and launch MSConfig.exe. SecTool is low on boot priority and does not launch immediately; thus there’s a small window in which you can start this up before SecTool locks down new .exe’s.
3. Once this is done, disable all Startups and restart computer.
4. Your computer should now start in Normal Mode without SecTool running, clean up its files by:
a. Deleting all visible start menu and desktop icons
b. Deleting all files and folders from C:Documents and SettingsAll UsersApplication Date that consist of strings of random numbers (423134342.exe).
c. Opening regedit.exe from your Start -> Run menu and manually deleting similarly suspiciously numbered entries. Mine were found in HKEY_Current UserSoftwareMicrosoftWindowsCurrentVersionRun and HKEY_Local MachineSoftwareMicrosoftWindowsCurrentVersionRun. Yours will likely be here as well, but I’d recommend a full manual search to make sure there are no others.
5. Once this is finished, run an antivirus – AVG picked up a file I missed in my purge. Then reboot without Selective Startup and things should work fine. I still have a piece of adware floating around that I have to get rid of, but I’ll find it eventually.
Good luck!
THIS WORKED FOR ME:
When the Security Tool windows first started appearing, most programs worked as normal. Then the trojan started intercepting more and more programs and the only was I could get my PC to run anything was in Safe mode.
For those who are having problems installing Malwarebytes because they can not copy the mbam.exe file fast enough (before Security Tools deletes it), you can try to delete it yourself, then restore from the Recycle Bin.
Also, IF you are able to boot up in Safe Mode, a combination of Malwarebytes AND Spybot S&D worked for me this morning after 4 hours of going in circles yesterday.
I had this on a PC also. It had affected the ability to open task manager, it closed any command window I opened after about two seconds, and it also closed other windows I tried to open up. When I installed Malwarebytes, the ‘Security Tool’ would delete the Mbam.exe. I made a small batch file to rename mbam.exe to some other .exe file and I was able to run Malwarebytes that way. Malwarebytes detected and removed most of it and had to reboot.
However, after rebooting, the program reinitiated itself and one to three of the files could not be deleted. I tried booting into safe mode and the ‘Security Tool’ had installed a link to .exe’s so that when I tried to execute one, it would come up with the window that asks what program you want to open it with.
I ended up removing the hard drive and attaching it to my PC externally and moved the files from the hard drive. I then ran a Malwarebytes scan (Malwarebytes will not pick up the registry on an external hard drive, only the files) then installed the hard drive back into the original PC and did a Malwarebytes scan again and let it reboot. After the reboot, the files stayed gone. I also removed the registry entries in HKLM…Run that pointed to the missing files.
This will work.
Best way to do this is to make sure extensions for know file types are not hidden.
To show them, click on My Comouter, goto Tools, then Folder Options, then click on the View tab and uncheck the option “Hide extensions for known file types”.
Next install Malwarebytes into the default directory. Of course mbam.exe will disappear about as soon as it is installed. After the first install navigate to the directory at C:Program FilesMalewarebytes’ Anti-Malware and leave it open. Next re run the mbam-setup.exe and watch the install directory. Towards the end of the install, mbam.exe will show up in the window. As fast as you can, right click it, select rename, and type a character or letter like a. This will stop the application’s executable from disappearing. You may have to try this more than once depending on how fast you are. Close out any error windows and finish the install. Next, go back to the directory where your newly renamed executable is located, select rename again, call it whatever you want like abcd and add the .exe extension back to it. This will make it executable again.
Run the application by double clicking abcd.exe as normal. The first thing to do is update it. Next do a deep scan. You may also create a new shortcut if you like.
I hope this helps.
thanks man!!!!! you saved my life!!!! i have removed security tool!! thanks to you and malwarebites!!!
Thanks for all the advice on removing security tool. What a pain and what a blessed relief. Easy when you know how!
I already removed it 3 times (using the fast scan on Malwarebytes) but it keeps coming back after a while. I’m doing a full scan now, but I doubt it’ll remove it completely. Is there anything that I can delete that might help remove it completely?
Thanks in advance!
This will be the second time for me, how do we protect against it in the future?
I downloaded malware and it runs fine, problem is that security tool is making my PC randomly restart every 15-20mins
a blue screen comes up with some random info
(which i havent been able to catch) and then it restarts
so the quick scan by malware never finishes to give me the results, at the moment its been running for 10 mins and has found 13 infected items, if i abort the scan (before the PC restarts) will it give me a results page ????
Neither the quick nor the full scan on Malware work. I tried both and it fixes the problem temporarily. After 15-20 minutes it comes back. And this time it wasn’t only Security Tool, but also Windows Police!! I tried ComboFix just now, once again, it seems to have worked fine but I have to wait and see what happens. If it works well, I’ll let you all know.
Bill Hough’s solution worked, thank you Bill.
This virus is a fucking bitch just when I think its gone it reinstalls itself…..I dont want to clean sweep my comp but i think it might be coming to that
I found out that if I hit c-a-del, after I login, before it load all the start-up programs, I can get the task screen running, and when the virus does start-up, I can stop it. This allows me to run my virus scan and remove it.
I had the free version of AVG on the computer, but I am going to upgrade to a version which monitors in coming files and removes the viruses from them.
I hope this helps.
I finally figured it out! Can’t wipe my computer here, ran malware a few other virus programs. It caught all the keys, and told me to reboot to clean them. But, every time I rebooted, they came back.
Here’s what I did.
Ran msconfig
clicked start up menu
unchecked the blank line
rebooted and wa’la. All gone (at least for now, knock on wood)
Here is how I removed “Security Tools”:
My sons laptop got the nasty rogue called Security Tools. It was very slow as it was constantly being bombarded with pop-ups telling us that his laptop was infected and that we needed to purchase their product. He kept getting Security tool warnings. It also stole (actually just hid) his desktop icons.
This nasty rogue would not allow his computer to open in safe mode, nor would it allow him to download Spybot, Adware Se or Malwarebytes.
So from my clean computer I downloaded Spybot, Adware Se or Malwarebytes, all of them (saved them) to a thumbdrive and tried to sneak it on his infected computer via a thumbdrive,…no luck.
I download them again, this time renaming them before I download (a trick that sometimes work) ….still ….no luck. If you rename your anti-spyware or ante-malware the rogue spyware might not recognize the new name and let you run it. Unfortunately this spyware (System Tools) was to smart for that.
]Here is what finally worked
From my clean computer I downloaded “HijackThis” to a thumb drive but before saving HijackThis.exe, I renamed it to explorer.exe.
I stuck the thumb drive into the infected computer, and sent (HijackThis.exe) disguised as explorer.exe to the infected computers desktop.
Even though the computer infected with SecurityTools wouldn’t allow us to download SpyBot or AdwareSe or Malwarebytes, it allowed us to download HijackThis.exe.
Since this bad spyware Security Tool hid our desktop icons, I had to right click on the Windows task bar, and then click Show Desktop so that the desktop icons would appear.
Now that I could see the desktop icons I saw the icon for the spyware SecurityTools. Of course deleting the icon would do nothing but delete the shortcut. But when I right clicked on it and I found clues in the properties:
The nasty booger was…..
C:Documents and SettingsAll UsersApplication Data9434512694345126.exe
So now I knew where the spyware was and the important number 94345126 (note this number varies….your number will probably be an 8 digit number, just right click on the securitytools icon and write down your number.
As the desktop icons were now visible I clicked on the desk top icon for HijackThis.exe that I had falsely named explorer.exe and ran it. I did a system scan only.
I looked at the log and found
O4 – HKLM..Run: [94345126] C:Documents and SettingsAll UsersApplication Data9434512694345126.exe.
I put a checkmark in this and pressed the “fix checked” button”
After HijackThis.exe did its magic on O4 – HKLM..Run: [94345126] C:Documents and SettingsAll UsersApplication Data9434512694345126.exe. I could now run the Malwarebytes that I had previously downlowaded to a thumbdrive.
Malwarebytes found (4) problems which I fixed with malwarebytes. I then cleaned out my sons recycle bin.
His laptop is now free!!!!!!
I had never heard of HijackThis until today. (see Go.TrendMicro.com) I had used Malwarebytes a few years ago. I recommend downloading this from CNET, because you never know what you are getting anywhere else.
All I did was a “System Restore.” The viruses are gone, but the computer is really slow. I tried looking for anything related to Security Tool, or Windows Police but I couldn’t find anything. I ran Malwarebytes, and Ad-Aware.
Ok, well nothing suggested in this thread worked for me. My experience:
I agree – VERY advanced virus. Never thought I would resort to thoughts of joining the lynch party but I would honestly LOVE to see this MFer experience a slow and PAINFUL death!!!
I may have ran across a yet more advanced copy than most have dealt with here but I believe it is the same bugger. I did NOT experience the disappearing mbam.exe behavior some folks described during mbam install. Instead, mbam.exe stayed. What I DID experience was that it ran the first time, then closed once the scan was initiated. Subsequent executions of mbam would result in an access error, the exact message of which I can’t remember (sorry*). When you execute mbam.exe from the command line, it said access denied. Copying it quick to the desktop and all that stuff that worked for others did not work for me.
Symptoms
Everything is locked – we’re talking Registry editor, IE, you name it. They disabled it! EXE’s were rerouted so most Executables would not launch. Regmon, Procmon, superantispyware to name a few that I tried. Whether in Normal or any of the three safe modes, it still seemed resident even though procexp.exe, which it DID allow to run, did not shows signs of it’s presence. Obviously it rooted itself in one of the main system files.
What I did to get rid of this!
I downloaded and copied mbam-setup.exe and mbam-rules.exe to the root of the infected PC’s C: drive. I then removed the hard drive (I know, many of you have probably never done this) and slaved it off another PC with Malware and AVG installed. I had both security apps scan the drive and both found numerous file infections and cleaned them. I then brought the PC back up in command line safe mode, no internet acccess. I executed the mbam-setup.exe in the root and then the mbam-rules.exe and had it initiate a scan. This time mbam.exe did not close. It finished the scan and found numerous infections in the registry and some additional files. I then rebooted and came up in normal mode. I next ran superantispyware. It found infections right away (Jesus!) – ended up finding numerous registry infections and a couple files, cleaned, rebooted. Back into normal mode, ran full scan with mbam. It found 1 infected file and several more registry entries. Then ran ComboFix.exe. Between the three the thing is finally gone. Combofix found numerous items too. What a mess.
If you are experiencing the same thing, I would suggest slaving the drive on another PC and start with a file scan. Then move on to scanning within the operating system of the infected PC> Hope this helps someone! I lost some hair over this one!
This is a simple solution to get control back to your computer.
As I said before, as the computer booted up, I hit control-alt-del after it got into windows, but before had started up all of the programs. With the taskmanager windows open, I could shut down the ########.exe file when it started. I then bought a 3 copy version of mcafee, downloaded it, and installed it, because the free AVG stuff does not monitor incoming files, as does McAfee. AVG would delete the file, as I had this problem a week ago, but the virus came back.
I thought my system was free after doing the safe mode stuff & running MalwareBytes and a couple of others. I also used PC Tools, which indeed found them all but doesn’t fix them unless you pay for the package (which, in retrospect, would have been a VERY good idea….).
I had left the Registry Scan from PC tools running. NO APPLICATIONS were running; just the stuff in the system tray. After returning to the computer running in this state for 8 hours…Registry Scan had found over ONE THOUSAND changes to the registry. Now, it’s my understanding the registry should not change unless you make a change to an existing APPLICATION (not file), or add/delete applications and/or hardware/system settings.
I am not sure this drive is worth the effort to save it. I restarted machine in Safe mode, and copied my music files, word, excel, and photo files to a Passport drive. I am going to slick the C: drive and do a fresh install of XP. I will then scan my copied files from another computer before moving them back to my PC.
This bears repeating: I believe I got this virus IN AN INSTANT MESSAGE WINDOW, from a “user” in a chat room. This user had NO PROFILE; even knowing better, I accepted the IM anyway.
If you are reading this, its probalby already too late for you as well, but spread the word.
Once again, do a “System Restore.” I went back to a week before I got the viruses. Now the computer is working fine, it was slow at first but now it’s normal. I ran Malwarebytes, and Adaware and they didn’t fine anything! It’s been 12 hours since I did this and the viruses didn’t come back!!! =)
Okay just so you guys know I have fought with this virus for over a week. I have tried everything recommended and quite a bit not recommended. I am going on 24 hours virus free and I hope it stays that way but just on the off chance that you guys did not try what I did I am going to give you a little insight.
First, I have norton as my antivirus and I thought for sure that this was the best software and it would stop anything. Boy was I wrong.
I first got this virus off a banner on Hi5.com so anyone who uses this application please beware. I have an associates in computer networking and software and even this was well beyond my patience.
The first thing that I tried was running Malwarebytes after having to steal back the mbam.exe file and rename it to bytes.exe to be able to run it. It caught many of the virus but not all of it. 12 hours later the damn thing reinstalled itself.
This time I ran combofix.exe and then malwarebytes and it got all the infection but norton kept telling me I had a trojan.vundo which is part of this virus.
Finally when push came to shove I ended up doing this and am still crossing my fingeres to make sure that this works.
1. I downloaded Superantispyware and ran it-17 infections of the registry
2. I downloaded Norman Malware Cleaner and ran it- 14 infectious files.
3. I download ATF cleaner which gets all of the little files you miss.
4. I followed this path—-Start—Run—-Prefetch—-and deleted 121 instances in my prefetch file.
So far Everything seems to be working better and faster than before so please pray that this fixed the problem…..
Now i have for instances of anti virus on my computer and if this damn thing gets by now there is something wrong.
I have a purchased copy of Norton, Avast, SuperAntispyware
As well as spybot search and destroy the atf cleaner and norman maleware cleaner. I would recommend downloading these to prevent future attacks of this virus.
I have antivirus and am pretty careful, and can’t remember the last time I picked up anything that messed up my computer like this nasty thing. It takes over when you boot up, and won’t let you go into task manager or anything.
I got rid of it by going into safe mode (press f8 during boot) and looking at the properties of the shortcut on the desktop. It pointed to the executable file C:Documents and SettingsAll UsersApplication Data2418011624180116.exe.
I deleted this executable file and removed the desktop and startup-menu shortcuts. After I rebooted into normal XP mode I was back in control. I went into the registry editor and deleted the items HKEY_CURRENT_USERSoftware24180116 and HKEY_LOCAL_MACHINESoftware24180116.
The trick is to follow the Security Tool shortcut to the executable file. Once you delete it, you’re probably OK. I just wanted to remove all trace of it.
From what I have read, it generates a random number for the name of the executable file, so yours will probably be different.
I Cannot Install That File because he blocked the file -.-
I have tried multiple iterations of all of the above suggested remeides. Much as it disgusts me, I give in. Doing System restore from the restore CD’s I created when the machine was new. Meaning I will have to reinstall any apps I still need. Oh well. Learning experience.
THANK YOU SO MUCH !
the original method posted work for me !!
THANK YOU ,
now i dun have to bug my cousin to fix it anymore !
My boss sent me a link via email that has a small piece of software that may remove a number of these types of programs. I downloaded it but haven’t had a chance to test it yet. Here is a link to the article.
http://www.downloadsquad.com/2009/10/19/remove-fake-antivirus-cleans-up-personal-antivirus-antivirus-36/
100% got this bug from visiting the celebrity blog WWTDD – DO NOT GO TO THAT SITE.
As for trying to get rid of this bug, I had problems trying to boot up in safe mode and finally got msconfig to run upon a restart. I changed the setting there, and restarted. Now it seems I am in big trouble. The computer will not re-boot in safe mode and I am stuck in a circle of it re-booting. It wont do safe mode OR regular start OR last known working settings. While I think I had a huge problem before with the buy, now I am totally up the creek…
Don’t bother with that! read my earlier post!
Rick, I was on YouTube also when this sprang up…though the icon was on my desktop for quite a long time.
WWTDD is a site I frequent too….this must be everywhere!
so after scanning/removal of the specified virues from the use of malaware bytes, my computer won’t go to windows startup where the log in window shows ex.owner etc. Instead, just a blank black screen appears with the cursor. I don’t know what I should do can anyone help me??
Sometimes my PC does this when the harddrive overheats- too many add-on’s in a small case. It needs to cool for a few hours, and I’m sure the PC purists out there will cringe but I opened the case and use a small fan to cool it off when it misbehaves. I also re-directed a floor heat vent. This is a very low-tech solution but I was ready to buy a new MB when I figured this out. I spent all night re-booting the PC, finally got to bed, and the next morning it started like a charm.
Hi. My computer is in big trouble. So I couldn’t get it to restart into safe mode, so I tried to force it to manually go into safe mode by going into msconfig, boot.ini /safeboot. It still won’t safeboot, and now I can’t get it out of this mode, since nothing appears when I go into safemode still. Is there any way to get my computer out of this mode? Thanks.
I accidentally downloaded security tool, and everyonr says to download something else. But, I don’t want to download something else just to be safe. How can I get rid of the security tool virus manualy?
the download wont start up until you disabled the security tool.
as soon as your computer starts up, press crtl, alt, and del. when the tast manager, find the .exe file and end it’s process. then the download should start up without a problem.
For those of you frantically fighting against SecurityTools I will cut to the chase and provide to you what worked for me and some the hurdles/challenges I faced along the way. Further below I will provide some of my color commentary.
Challnges/Hurdles
– I couldn’t boot into safe made, got a blue screen crash/error
– Couldn’t get Malwarebytes to load correctly, Error Code 2 at the very end of the install process
– Every time I tried something different SecurityTools would quickly figure it out and slow my CPU down to a crawl and bombard me with pop ups and fake/false security notices/messages.
What I would do if I faced this again (based upon my own experience through trial/error/success).
– Restart windows/computer (hard boot – unplug and plug back in if needed)
– Launch task manager right away by Ctrl + Alt + Delete at start up, after Windows Log on for me (get task manager going as quickly as you can after start up before SecurityTools gets a chance to load).
– Look for program with a name listed as several random digits (may need to refresh to disable/kill it right away)
– As soon as the program with several digits shows up, end process for that program (as quickly as it shows up).
– Try to install Malwarebytes, if it doesn’t install Go to Start and then Run, then MSConfig and clicked on Startup Tab, deselected all so that no programs load/run at startup (including SecurityTools)
– Reboot after disabling the startup programs via MSConfig… then try loading Malware again, I had to quickly rename the program in the destination folder it as I downloaded it as well as renaming quickly as it installed to avoid the error message.
– Malware caught most of the bad stuff once I got it to run. Also make sure you have an antivirus program like Avira or similar running to keep the SecurityTools rogue from spreading as you try to fix/clean… Avira and others allow you to quarantine threats as they come up and not just want to find them as bad during a scan.
– Once I were to get my system some what stable, I would run ATF cleaner to get rid of the extra temp files accumulated from browsing the Internet (these cause the scanning software to slowdown/take longer).
– I would then run a few freebie spyware/malware programs to make sure you got everything… Spybot Search and Destroy, Superantispyware, combofix, (AdAware, Spy Doctor, Webroot, aVast – where all too slow for me and didn’t find much after waiting for ever to download, install, scan, reboot, etc). Panda, Fware and Trend Micro have quick web browser based scans that will do in a pinch if your system is in bad shape… won’t likely find the really hard to find things though.
– Going forward, I have decided to use Prevx… it downloads, installs, and scans very fast and protects threats in real time, around $29 to $35 a year and doesn’t slow down my computer.
– How my machine got infected by SecurityTools
My Windows XP desktop was infected by SecurityTools when I downloaded an email attachment on 10/27/09. It was a card from Hallmark, email address was “[email protected]). The email attachment was “Postcard.zip” and was 259KB in size. I was using YahooMail via Mozilla Firefox v3.5.3 and as soon as I opened the zip file and the subsequent PDF (Document.PDF or Postcard.PDF)… everything went bad in a hurry… pop ups, fake security messages, etc. I would normally not open this sort of thing, but it was two days before my birthday and seemed very plausible that a relative sent me a bday card via Hallmark.
I haven’t faced something like this in at least 3 years. I consider myself computer literate but by no means an expert who is going to be able to remove his hard drive and slave it to another machine to fix this. To be clear, this was a very frustrating ordeal for me and I lost a lot of time figuring this stuff out… 12+ hours easily. I think you could whip it in an hour or two if you don’t make the same mistakes I did.
Some things I learned the very hard way…
– Tried disable process via the Task Manager as my first and only line of battle against SecurityTools… I couldn’t get it figured out quick enough how to get around SecurityTools blocking/slowing me down trying to fix things… change the name of the programs/applications you need to run/scan is the key as is disabling SecurityTools via the task manager as soon as it appears (name consists of several random digits/numbers).
– Rescue CD from Avira was helpful to me once I had my computer so locked up I couldn’t do anything and could barely get it to boot up. You can boot directly off of the disk into a Linux GUI that avoids you needing to get hung up when Windows boots… my scan took nearly 2 hours but it did the trick to get me back into being able to boot into windows.
– Wasted time on some poor/slow scanning software.
– Thought I had it beat, then noticed all the redirects I was getting when using my web browser.
– Prevx is well worth it the $30… it runs very quickly and easily.
Many thanks to those of you have posted your feedback on this page, w/o your help I wouldn’t have been able to defeat this hanus rogue anti spyware called, SecurityTools. Thanks as well to SoftSailor for providing a page like this as a resource. It have spent several hours battling against SecurityTools and feel I have made very clear and definitive progress towards winning the war.
I got rid of this malware using ESET NOD32 Home anti-virus and spyware software. I didn’t go into safe mode or anything like that, just as well as that would have been scary! I simply scanned my drive, something was picked up and then I had the blue screen of death. The pc rebooted and scanned again and then the exe file was quaranteened, and cleaned. I then deleted it. Hope this helps. I can only presume that during the blue screen ESET did something to “security tool” because a large icon appeared on the screen and not the small ones that were in the bottom task bar that had usurped all my other desktop items. Four pcs protected for £46 a year. Can’t be bad.
Ok so i tried it in safe mode but i have the blue screen of death each time i tried in safe mode. What should i do now? Any help would be great.
Thanks,
My computer was infected with this Security Tool virus and I was unable to access my system restore or access Malaware (which I had already installed). I wasn’t able to start up in Safe Mode. My desktop was gone and the virus took over continuously prompting me to check for errors, etc. I couldn’t delete the file under c:/Documents and Settings/All users/Application data/ because the virus wouldn’t let me. I couldn’t stop the process in Task Manager because it wouldn’t let me do that either. This jerk of a virus is very tricky! THIS IS WHAT WORKED FOR ME: I finally managed to get to the Application Data folder again and i simply RENAMED the .EXE FILE and the FOLDER. (it was just a series of numbers- that’s how you know it’s this virus) By doing this, I was able to restart my computer, delete the file and folder I had just renamed and then finally run Malaware. Hope this helps!
Also, this thread helped a bunch of folks, particularly comment #24:
http://www.ibtimes.com/articles/20091008/security-tool-virus-removal-security-tool-removal-security-tool-malware.htm
Good Luck!
Guys!!! Thank so much for all your suggestions.. ,, finally I’ve remove this damn security tool virus.. MuuaaHhh..
None of this worked. cannont find the .exe nor the hidden folders avast and malwarebytes finds files out the ass but it will not go away regedit is useless due to the fact it will not find anything at all. the exe i found in the path name were 19418023.exe(impossiable to find, isnt any where on the computer at all) and Winhbt.exe(same as other) i’ve been fuckin with this for 9 and 1/2 hours and its not worth it any more. talkin last suggetions b4 i toss it and buy a new 1
Security tool still there. DLin Combofix and SpybotS&D still cant find the folder. found 1 with a bunch of #s but its been there 4ever and is also on other computers i’ve had so i’m not missin with it. got this damn virus from antivirus + WHAT EVER U DO DO NOT RESTART UNTILL U GET RID OF ANTIVURS + OR IT WILL CAUSE MORE ISSUES.
Reply
Hello all,
well, a friend of mine has also that sucks Security Tool virus on his pc. I went to his house and tried to fix it.
As at so many of you, the desktop items on my friends pc are also hidden. I found where the numbers####.exe is located, but couldn’t delete it. So, I tried to run the task manager ctrl+alt+del, msconfig, regedit, etc. but everything failed. The virus shows pop-ups that the files are infected. I tried safe mode over and over again but also failed. I downloaded Malwarebytes and other software but it is not possible to install them, the virus blocks every action. With other words… the pc is f*cked up.
I will try to rename that ######.exe and its folder. I hope to have than any access to go forward to delete this b*tch of virus in some way.
I have gotten malwarebytes to run, deleted registry values, and any files i could find pertaining to this virus. It seems to be gone.But now, my desktop icons and tool bars are completely gone and i get no pop-up when i right click on desktop. I can get a background up fom the properties menu(accessed thru taskmgr)but noting else!! Any ideas?
What I did was first open multiple task managers until it comes up, look for a series of numbers and then delete it within the processes tab then searched and deleted all files/documents called security tool.
I am really sad. I couldn’t get into Safe Mode and tried MSCONFIG. I unchecked everything except for REGEDIT. Not only did it not bring me to any Safe Mode screen, I got presented with the blue and green screens of death (green for when I hit ‘Last Known Good Configuration’ and ‘Start Up Normally’). Before I can continue my battle with Security Tool, can anyone help me at least boot back into Windows? I heard I need Windows XP CD for this.
Use the advice I put up there. No safe mode is needed and you also need to use malware bytes program called mbam to finish it off.
Hello, Just wanted to add my two cents here.
You can rename the mbam.exe file to something else like bbam.exe and the malware/virus will not pick it up.
These false av programs know the file names of all the true av programs out there and stops the scanning and detection, Renaming your av scanner should work to.
dee
THanks for hte headsup man
That was one nasty virus
you dont have to install additional programs after a couple hours you can find out what its linked which i found out was divx i uninstalled divx the the computer let me uninstall security tool i tried to reinstall divx security tool came back i uninstalled divx again the reinstalled security tool was easy to uninstall again i think divx is just trying to make a little extra money fuck them
Yeah, Security tool does no real bad thing, it is just really annoying and yes, they could take your money and DO NOT PAY THEM!!! It really isnt worth it at all.
Thanks… it works very well…
i cant get my computer to start in safe mode it sounds like the hard drive is running so fast that the computer shuts down i have malware bytes installed on it but just cant get it to stay on long enough to run it. please help
i have malware bytes installed but cannot get it to run this adware is making the hard drive spin so fast it shuts the computer down cannot start up in safe mode either or get into msconfig or start up in command prompt. please help me
BILL HOUGH IS THE MAN! Thanks for this SIMPLE & EASY fix! It worked like a charm…
Thanks a lot. I was able to remove security tool malware screen at every start up by “MalwareBytes Anti Malware” according to your instructions. Now I am very happy. Thanks you again. Best Regards.
Hey, i put malware onto a cd now what do i do?
Woke up with this virus on my machine today, i expect somebody on my network got it as I am generally pretty careful with how i browse.
Anyway, had malware byte’s already installed. Ran perfectly without any additional steps. Rebooted the machine as it couldn’t stop the already running process. Came back and the executable for the virus no longer functioned. I did some full scans with other reputable softwares to be safe including another mwb scan. No viruses detected.
Only damage done: lost my desktop background.
Not sure why everybody else had such issues with running malware bytes. Pretty wierd if you ask me. Regardless I’m going to be keeping a close watch on the situation in case something failed and the virus is still lurking. Which is completely possible.
If it matters im running windows XP.
Hold on, where do I find the mbam.exe file? I read the suggestion above to remove it from the install folder while being installed. What is the install folder?
I also got hit with this on a machine with Vista. This got past ZA but MS Defender noted it as Winwebsec. Unfortunately, using MS DEfender did not remove since, as has been noted, the trojan disables antivirus/malware tools. After trying a couple of things that did not work, I finally went to the control panelprogramschange startup programs and under the Publisher not available section found three odd files 64712323.exe, 99060024.exe and another numbered file I didn’t write down. I removed all three and rebooted. Seemed to reboot OK and no more prompts. I am going to do a scan with several programs.
Hope this helps someone else.
Thanks this worked like a charm. Luckily I had a separate account for my kids to use. I was able to log into my admin account which was not infected. Malewarebytes removed the virus in less than an hour.
OMG!! THANK YOU THANK YOU THANK YOU!! I TOHUGHT I WOULD NEVER GET THAT OFF MY LAPTOP… I COULDN’T DO ANY OF MY ASSIGNMENTS FOR SCHOOL… VERY HAPPY I FINALLY GOT IT OFF!
THANK YOU Bill Hough!!!!!!
=D
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
THANK YOU BILL HOUGH once again and again and again
May your wiseness lead you to your great future=)
=D
Hey Bill Hough
I saw many people from different sites that they are copying your instructions on this site to more sites.
=D
1.Right click “Security Tool” icon on desktop.
2.On Shortcut tab, follow the “Target”. Go to its folder (folder’s name was a bunch of numbers).
3.Open the folder.
4.Rename it.(any name)
5.Make sure that you have unchecked the “Read Only” check box.
6.Restart your system.
7.Go to that folder again.
8.Delete it.
Thank you Dr. Chris. Your solution worked for me on my daughters laptop with Vista home premium. Downloaded Malwarebytes afterward and it found four more objects. Everything seems to be back to normal.
security tool wont let me download malware or install it!
What i did with Win XP was to enter ‘safe mode’ by hitting F8 repeatedly while rebooting.
Then in Safe Mode go to system restore & restore windows to check point that you are sure was before you got infected. Then you can now reboot normally, go online & download Malwarebytes, install it update it,then clean out your computer by scanning with it. Should sort u out.
David.
THANKS!!!!!!!!!!!!!!!!!!!!!!! WITH EVERYONES PEOPLE LIKE: MARILYN ROXIE, BILL HOUGH, AND OF COURSE ALEX DUMITRU, MY LAPTOP IS DONE WITH THE HASSEL OF SECURITY TOOL. YOU GUYS ARE THE BEST!!!!!!!!!
I MEANT EVERYONES HELP
~
I have downloaded spyware doctor to a flash drive AND WAS ABLE TO download it in safe mode… when i click on run smart update it tells me UPDATE FAILED error downloading. Thought i was following directions well , but im really lost.
Can’t get rid of it. I’m only a kid and it affected my school computer. My mum and dad have both tried. I first had softcop on a differnt laptop and that wAs easy to get rid of using malware bytes but this one won’t work. It has completely blanked my desktop, I can’t see my icons so is there a way u can explain it to me but more simpler
I booted into “Safe Mode” where I had noticed that the Security Tool software did NOT automatically start. From that point I was able to Restore my wife’s computer to a previous date as recommended above. After the system had been restored, the Security Tool Icon was not there on the desktop, and it did not start. Thank You!!
For insurance, I downloaded and ran MalWareBytes and it found 277 infected files on her laptop. I deleted them all, and, so far, the computer is operating normally. I’ll hear about it if it doesn’t! I also downloaded and ran MalwareBytes on my desktop, and it found NO infected files. I use AVG Free daily. I give it credit for the excellent results.
I tried everything you said, and I thought I finally got rid of Security Tool. When I opened internet explorer, it seemed to be working just fine. However, the Security Tool icon was back on my desktop! I went in and deleted it again, emptied my Recycle Bin. I did a search to find that file, I put just the numbers in, and found nothing. Is it really gone, or is it going to keep popping up on my desktop each time I restart my computer? I had been ast this for weeks, and finally today there was Security Tool in my taskbar and that’s the only way I knew what I was dealing with.
Is there anyother way to delete security tool with out downloading any thing?
Jose,
Yep – see Bill Hough’s comment above (October 9, 2009 at 3:21 pm) and then in greater detail at (November 2, 2009 at 5:11 pm). Read it through first before starting. After six-hours of effort, I searched online, found his post, followed it exactly – based on what he was saying to do, rather than what I was thinking I should do. Worked the first time and at 0330 in the morning I finally got to bed. Good luck.
William
you have to download malrebytes’anti-malware after downloading it just unplugged the internet connection so that security tool will not appear in your screen then restart your computer. Open malware then click run and follow the instruction.
text 402-802-2828 saying “yell at your sister”
text 402-730-0366 “write a story on mlia. then text your friend whose initials are “KV” if you did it.”
Yeah, I’ve been fighting with this program all afternoon! It’s not a real tough malware program, but just extremely annoying. I’m not sure how people get away with making this stuff!
I fell for the fake viruses and purchased security tool, how could I get my money back or find out where it went
how can I get my money back or find out where it went if i purchased security tool already?
the secuirty tool wont let me do anything do i need to reboot
I had that stupid Security Tool and it kept popping up every minute! I followed these instructions and it got rid of the whole program. Thanks sooo much for this article!
if anyone has problems becuase security tool wont let them run malware i went on firefox safe mode and then when the download finished i pressed f4 and then it opened and it ran successfully. keep holding f4 tho until u get to the terms of agreement section
This is proving a real challenge, it wont let me stop the program from running using taskmanager as it keeps closing it down, any software i download to get rid of it wont open afterwards, ive located Where the Security tool file is but it wont let me delete it as the program is still running, any help guys?
For the record, my daughter picked this virus up from Facebook. BEWARE!
Hello
I ran my computer on the safe mode. Was able to download Malwarebytes, run the scan and clean the infections. BUT now the moment I switch on the computer, it switches off again after about 30 seconds – the same thing happens in the safe mode.
PLEASE HELP – AM GOING CRAZY !!!!!
Hi everyone,
well i got that security tool headaches too. got malwarebytes to find it and thought it was gone but it came back, ran malwarebytes again and found a few more files this time and cleaned/deleted all files found, but the real problem started after i tried to reboot..
now i can’t bootup windows in any mode, looks like mbr got damaged/erased. so after trying everything i can think of it looks like i’m in for a re-install of windows XP – has anyone had this problem?
i really wish the person who wrote this malware was sitting in my office right now as there would certainly be lots of re-Booting happening.
The security tool thing is on my computer and ive went to sevral websites on how to remove the virus and each time i tried downloading a anti spyware the security tool would pop up then a blue screen popped up and siad that i needed to turn my computer off in order to protect it. does anyone know how to get rid of it.???
When you start to look for ways to speed up your PC and optimize it’s performance, you’ll come across the option of using a registry cleaner, and with these programs comes many options as well. Maybe you are searching for freeware or maybe you are OK with spending a couple of dollars to get a quality product, but first you only need to learn how to choose the top registry cleaner software for your requirements. That is what we’re going to talk about in this piece, we’re going to go over the features that you need to be looking for when selecting a registry cleaning application. Click for more information.
if you cannot get into windows safe mode, here is a trick i used.
i was removing this virus/trojan/malware from a computer across the country, and luckily had installed remote access software (vnc). but this tip works if youre right in front of the infected pc too.
the symptoms that prevented removal were that anytime i ran ANYTHING, the “security tool” shut it down. so i would open a browser, and it would shut down. i would open a command prompt window, and it would shut down. i would open any number of antivirus programs, and they would shut down. adaware, spybot s&d, etc. they all shut down.
but i was able to click on the windows start menu and see the program list. i could see my option to RUN programs. but id i typed CMD in the run box, that window immediately shut down.
i had a flash of inspiration.
in the run box i typed
taskkill /fi “username ne SYSTEM” /fi “username ne LOCAL SERVICE” /fi “username ne NETWORK SERVICE” /fi “imagename ne explorer.exe” -IM * /F
and pressed OK (or hit ENTER)
what this does is it makes use of the taskkill command in windows xp (unfortunately its in xp pro and not xp home. it can be installed in xp home, but thats another story)
it stops all processes which are not vital system processes or network processes. it also doesnt stop the EXPLORER process. if we killed that process, we would lose our desktop interface (more or less). most of the time EXPLORER.EXE will restart if killed, but not always. so i was being safe here.
it worked!
it killed the rogue processes being run by “SECURITY TOOL”.
i was able to run CLEANUP40, MALWARE BYTES ANTI-MALWARE, then ran scans with ADAWARE, SPYBOT S&D, updated SPYWARE BLASTER, ran microsofts malicious sw removal tool, ran mcafees stinger (removes a subset of known viruses), cleaned all my temporary riles (again) with CLEANUP40, ran HIJACKTHIS to make sure there was nothing suspicious looking, and then looked manually for traces of “security tool”.
all gone.
rebooted, and it was good.
cheers,
disk demon.
Security Tool manual removal:
Kill processes:
4946550101.exe OR ANY series of numbers.exe
Delete registry values:
HKEY_CURRENT_USERSoftwareSecurity Tool
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “4946550101″
Delete files:
4946550101.bat 4946550101.cfg 4946550101.exe Security Tool.lnk Security Tool.lnk
Delete directories:
%UserProfile%Application Data4946550101
I got this too…and used Malwarebytes (free download). It took a couple of times to get rid of it in safe mode….but now I can’t access the Internet through my regular prompts…only through my verizon provider…then it keeps kicking me around before I can get to the Internet.
Is there something that was disabled by the Security tool for internet access…and where can I enable the settings I had before? I can’t access the Internet on the start-up menu that says “Internet”….error 404 or something like that…
Security Tool manual removal:
Kill processes:
4946550101.exe
HELP:
how to kill malicious processes
Delete registry values:
HKEY_CURRENT_USERSoftwareSecurity Tool
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “4946550101″
HELP:
how to remove registry entries
Delete files:
4946550101.bat 4946550101.cfg 4946550101.exe Security Tool.lnk Security Tool.lnk
HELP:
how to remove harmful files
Delete directories:
%UserProfile%Application Data4946550101
what i did for security tool virus is i ran an avg search. security tool detected it and turned off windows. i turned back on my laptop and searched through all the files for security t because security tool takes longer to search for. i renamed the files to all this random crap (like hglasadfljhg)and deleted them. after that i imediatly rebooted my laptop and luckily it was gone. the only damage that i know of is my desktop background was changed to black from a picture. i dont know if this method works because ive heard some people(like me) dont have much of the files with security tool bit ive also heard some people had alot.
I just got hit with this nasty virus on my laptop (XP Pro). A screen came up saying that “Security tools has successfully downloaded, although I didn’t download anything. I was just shopping for Christmas (some Christmas present I got!).
I figured it was one of those viruses, so I didn’t click on anything except I tried to bring up task manager so I could close the window. That didn’t work, it only brought up the full screen of this “security tools” and it started doing the fake scan.
I didn’t click anything, but just rebooted in hopes that I could get to either task manager soon enough to close down the program, or to explorer and get to a virus remover such as malwarebytes. That didn’t work either, the screen came up as soon as I rebooted, so I shut down again and tried going into safe mode. When doing that, the drivers only go halfway down and stop, then nothing.
I tried just rebooting normally, thinking if I signed up for that security tools with false info, at least I could get rid of the opening screen and access the net. Now when I try to reboot, I get nothing at all, just a black screen. Did I kill my computer by doing this the wrong way? Please help! Thank you in advance.
P.S. This is on my laptop and I do have my desktop that I’m using now. How can I safeguard (with strong preventative measures!) that something like this doesn’t happen on this one too?
Simplest way to remove it:
Go to Safe Mode.
ctrl-alt-del and choose task manager.
End the random number process.
Click Start->RUN and type MSCONFIG.
Click the STARTUP tab
Uncheck the item that is just random numbers (ex:612393219)
Go to your C drive and open C:Program Data(and a folder with random numbers again) and delete the numbered directory.
Run a virus scan
Reboot to normal mode and run the virus scan one more time. Worked for me.
Thank you very much Bruce!
I did exactly what you said and am now problem free. I can’t speak for other cases, but in mine this solution worked flawlessly. I would encourage anyone who has tried other solutions unsuccessfully to try this.
I think the virus has been improved to prevent some of the posted fixes from working.
I was able to start my computer in safe mode with networking and simply delete the files. I also emptied the recycle bin after deleting the files.
I started my computer in safe mode with networking and was able to delete the files. I also emptied my recycle bin after deleting the files.
Rebooted and all is well.
Jesse Hess gave the following advice which worked like a charm. Easy and Fast. Of course I already had AntiMalware from MalwareBytes (the tool that IP techs use) installed. You may have to download and install it after stopping the Security Tools processes. http://www.malwarebytes.org/
Forget the rest of these posts. Do this and you will be fixed in no time.
*Note, MalwareBytes can take a few hours to run a full scan depending on how much stuff you have on your hard drive.
Jesse Hess says:
October 11, 2009 at 9:09 pm
TO BE ABLE TO RUN YOUR ANTI MAL WARE PROGRAM WITHOUT SECURITY TOOL INTERFERING FOLLOW THESE STEPS.
1. Ctrl + Alt + Delete
2. Click on the Processes tab
3. THE PROCESS FOR SECURITY TOOL WILL BE A BUNCH OF RANDOM NUMBERS
Ex. 6341908843 ——- 7,000
4. Right click random number process and click end process tree.
5 After this you should have no problem running a program.
Tom’s note* After the first scan I would then reboot your computer and run Malwarebytes a second time.
This one works. My daughter just got a laptop for Xmas and got the “Security Virus” the same day. I did the steps above and it cleaned it. I was then able to put McAfee on the laptop for her. Really simple.
Thank you so much! you have no idea how much help you were in my laptop saving because the exact same thing happened to me as that guys daughter! i got a laptop for christmas and there it was, security tool.
God bless you, Tom Cooper! I could not get the Malwarebytes program to download due to interference from Security tool. Christmas is saved for my son and his new laptop! Thanks again!
This was great! Just wanted to mention that the software is at cnet.com a great website for quality software.
and what if Ctrl + Alt + Delete DOESN’T WORK (because it blocks that too)???? (How do I get to the task manager to end processes to be able to download the malwarebytes)
You have to start Windows in safe mode (this is easy, just search it in Google). Bruce’s fix (see above) worked well for me, I recommend you try it.
on the manual way i cant find the registry values
i found the file but i cant deleat it what do i do???
my computer became infected with this virus today and i have tried to get rid of it. every time i try to open an antivirus program, security tool tells me that it is infected with a virus that is trying to steal my credit card information. none of the solution suggested above have worked. i deleted all the files i can find that are related to security tool. any solutions?
Well when i was surfing the web lokking at game reviews i get this notification. It says “security tool is done downloading!”, THEN it tells me multiple viruses detected do you want to clean them out? I said no and it did it anyway. so i downloaded. Google anti virus pack, AVG anti virus and spyware. It helped hold back on some of the notifications and didn’t shut my computer down. it kept my computer up long enough to download two anti mal-ware programs and that was that.
I just got a new computer yesterday and after about 3 hours of use, it was infected with this very annoying virus. I tried everything suggested above to rid my computer of it but nothing worked. Finally, I started my computer in safe mode and chose a restore point from before the infection. It worked and the virus was gone.
1. Open file location on virus source. (Right click and go to properties and click ‘open file location’) 2. Right click virus source and go to properties. (Example. 45263672.exe) 3. Click security tab and then go down to the bottom and click advanced. 4. Click change permissions. 5. Find yourself as a user, in my case it was ( John (John-PCJohn) ) ; and click Edit tab. 6. Check DENY on all the tabs. 7. Apply and restart your computer. BAM your Security Tool Virus Free!!!.
Is this MalwareBytes a free software? Because I installed Spyware Dr., which found the virus, but the only way to get rid of the virus was to purchase the Spyware Dr.
MalwareBytes has both a free and a paid version. The only real difference is the paid version works in “real time” whereas the free version works only when you tell it to. I “think” you have to update the free version too, but the paid will update automatically.
You can find those here – http://www.malwarebytes.org/
I downloaded the free version and it worked amazingly! After I downloaded it to my laptop (after I reformatted and reinstalled xp) I did the full scan twice and it came back clean. I figured it should have, but I wasn’t taking any chances.
I had my computers networked, so I downloaded it to my desktop and it found 87 infections and 2 trojans! I’m not sure if this worked its way through the network to my desktop, or if it was already infected, but I’m just glad I did it to both computers.
A couple laptops I’ve serviced at work had this. The latest version of the virus won’t let you run any .exe’s, even taskmgr. Currently trying to login through safemode.
I tried all the above too and couldn’t get anything to work. After my previous post I got frustrated after several attempts of going to safe mode and simply reformatted and reinstalled xp. I hope you have better luck!
Thank you all for sharing these fixes too. There seems to be different versions of this same program and some fixes wont work for each version, but through the help found here, quite a few people are getting this fixed.
After experiencing these kinds of problems, I’m wondering what all of your thoughts are on the best set-up for keeping a system safe. On my laptop (XP Pro 2003) I decided to go with MalwareBytes free version, Avast and Microsoft’s Security Essentials.
On my desktop (Vista 32) I have CA Internet Security Suite and MalwareBytes, but I’m thinking of changing it to Avast and MSE too. Before I do, I’m just wondering if there’s a better combo, or what you all have had good luck with in keeping your system protected.
Thanks in advance for sharing ideas.
OMG thank you so much! worked like a charm!
matt, i had the same problem. a friend suggested i take out the power source for my computer and let it rest overnight. i did this and when i logged on the next day, the virus was either gone or it hadnt started acting up yet because i was able to run malwarebytes
I got Security Tool last night and it blacken out my screen completly rendering it useless. I couldn’t use safe mode or ANYTHING. I took it to the Geek Squad and they are now removing it. I don’t have an OS disk because The Sony VAIO did not come with a separate disk. So now I should have my laptop by tomorrow at the cost of nearly $200.00.
I have no idea what I’m doing. My mom put it on here and has left me with the task of removing it. Lucky, eh? I have no idea what I’m doing. Really, I don’t. I can get on the Internet and everything, I just don’t know what to do after I downlaod the malware thingy. Any help?
My daughters toshiba laptop was infected with Security Tool.
I removed it with Malwarebytes and now it works almost ok.
For some reason the laptop will no longer access gmail and google searches won’t work.
Google news, images, video etc all work.
Other search engines work.
Any website off the favorites list still opens.
But I can’t open a website by typing it directly into the browser.
This happens both in explorer and firefox.
I deleted firefox and reloaded it, still nothing.
Obviously Security Tool is still messing with her laptop.
Any suggestions?
I had the virus, and the same thing happened to me. I can’t do google searches (gmail works though), and I can’t log in to some websites. Have you found out how to fix it yet? I sure haven’t!
Got it!
Found this on another post:
Even after removing the malware I was unable to access Google &c. From another site I got a direction to look at C:WINDOWSsystem32driversetcHosts.
Opening it in Notepad, I saw that it had listed just about every variety of Google & Yahoo against IP address 127.0.0.1. I copied this file (to be on the safe side!) and then deleted all the entries and, bingo, worked fine.
I just tried this as well, and it worked!
Hope this is helpful!
it seems to have worked.
gmail and google search is back
thanks much
My husband’s computer had it and we were not able to access anything, not internet, not safe mode, nada. I used my non infected computer to download the rkill.com process killer and the antimalware software. Burned them to CD and then copied the rkill to his desktop. The malware would not let me run either. So I followed the advice above about starting the rkill before the malware had a chance to start after reboot and that worked (I had it on the desktop so I didn’t have to hunt for it). After it was clear the malware wasn’t going to start (I kept clicking on rkill over and over and over again until it I was sure it had stopped it) I put the CD containing the anti malware software in and ran that. It found a bunch of infected files and removed them. I am rebooting now…fingers crossed.
(but yeah, for me it was a matter of speed, beating the malware with the process kill file).
eta: it appears to have worked!
after hours of frustration and anger i came here, had to reboot in safe mode just to open task manager and end the process. then i rebooted normal and was able to download mbam w/out security tool’s interference. that did the trick. really appericate everyones’s help.
After my sons laptop was infected with Security Tools, it would not let me download Malwarebytes. It would not let me open malwarebytes even after downloading it from a clean computer to a thumb drive and transferring it to a thumbdrive. I even renamed malwarebtyes and it would still not fool Security Tools.
Here is how I removed “Security Tools”: (despite the fact malwarybytes wouldnt install or renaming wouldnt fool Security Tools)
My sons laptop got the nasty rogue called Security Tools. It was very slow as it was constantly being bombarded with pop-ups telling us that his laptop was infected and that we needed to purchase their product. He kept getting Security tool warnings. Security tools made the desktop icons disapeear (actually just hid) his desktop icons.
This nasty rogue would not allow his computer to open in safe mode, nor would it allow him to download Spybot, Adware Se or Malwarebytes.
So from my clean computer I downloaded Spybot, Adware Se or Malwarebytes, all of them (saved them) to a thumbdrive and tried to sneak it on his infected computer via a thumbdrive,…no luck.
I download them again, this time renaming them before I download (a trick that sometimes work)….still ….no luck If you rename your anti-spyware or ante-malware the rogue spyware might not recognize the new name and let you run it. Unfortunately this spyware (System Tools) was to smart for that.
Here is what finally worked
From my clean computer I downloaded “HijackThis” to a thumb drive but before saving HijackThis.exe, I renamed it to explorer.exe.
I stuck the thumb drive into the infected computer, and sent (HijackThis.exe) disguised as explorer.exe to the infected computers desktop.
Even though the computer infected with SecurityTools wouldn’t allow us to download SpyBot or AdwareSe or Malwarebytes, it allowed us to download HijackThis.exe.
Since this bad spyware Security Tool hid our desktop icons, I had to right click on the Windows task bar, and then click Show Desktop so that the desktop icons would appear.
Now that I could see the desktop icons I saw the icon for the spyware SecurityTools. Of course deleting the icon would do nothing but delete the shortcut. But when I right clicked on it and I found clues in the properties:
The nasty booger was….. C:Documents and SettingsAll UsersApplication Data9434512694345126.exe
So now I knew where the spyware was and the important number 94345126 (note this number varies….your number will probably be an 8 digit number, just right click on the securitytools icon and write down your number.
As the desktop icons were now visible I clicked on the desk top icon for HijackThis.exe that I had falsely named explorer.exe and ran it. I did a system scan only. I looked at the log and found O4 – HKLM..Run: [94345126] C:Documents and SettingsAll UsersApplication Data9434512694345126.exe.
I put a checkmark in this and pressed the “fix checked” button”
After HijackThis.exe did its magic on O4 – HKLM..Run: [94345126] C:Documents and SettingsAll UsersApplication Data9434512694345126.exe.
* * * I could now run the Malwarebytes that I had previously downlowaded to a thumbdrive. * * *
Malwarebytes found (4) problems which I fixed with malwarebytes. I then cleaned out my sons recycle bin.
His laptop is now free from this awful Security Tooks
I had never heard of HijackThis until today. (see Go.TrendMicro.com) I had used Malwarebytes a few years ago. I recommend downloading this from CNET, because you never know what you are getting anywhere else.
Please help I have windows 7 and I can’t follow the instructions given anywhere. I can’t download anything. Pleasegive me simple precise steps on how to get rid of it.
Woooow!! major cheers to BRUCE..his method helped me lots
!…now i can browse on my laptop once more!
Go to Safe Mode.
ctrl-alt-del and choose task manager.
End the random number process.
Click Start->RUN and type MSCONFIG.
Click the STARTUP tab
Uncheck the item that is just random numbers (ex:612393219)
Go to your C drive and open C:Program Data(and a folder with random numbers again) and delete the numbered directory.
Run a virus scan
Reboot to normal mode and run the virus scan one more time. Worked for me.
I need help. I got Security Tool on my computer and went to a different website and it told me how to remove it. I had Malwarebytes on my computer before I got security tool but I had to reinstall it. I got Security Tool removed, my icons back, and was a happy camper. Quite proud of myself that I could get it off by myself, too. But then I realized when I tried to reset my background picture on my desktop it wouldn’t let me. Every time I try to mess with the background color or the picture my computer freezes for a couple minutes and when I try to change it again, it freezes again. Now, this is not a huge problem but it’s just annoying! I ran malwarebytes again, and again, and it found nothing! So, if any one could help I would really appriciate it!
Hmm.. So i got this stupid security tool virus thing, and I ran my comp into safe mode- opened up Malewarebytes anti-malware and then after it was done it told me i needed to restart. After i restarted, my screen turned black completely (No windows logo). I restarted again trying to go into safety mode, and the same thing happens. black, no logo. I don’t have the windows XP cd, any suggestions?
Ok. Wife just got this bug and it is a little smarter than previous versions i removed. Right click on the Seccurity Tool Icon and figure out where the target is under properties. I am running Microsoft 7 fyi. Next you want to get to your folder options. For windows 7 right click the widnows button or hit the folder to bring up windows explorer. Next click on organize and find the folder options. Click on the view tab and check show hidden files folders and drives to ON. My target for the file was c:\ProgramData\98767776. Delete the .exe file you found as your target and this will stop the process. Next Run Mawarebytes. http://www.malwarbytes.org I have malwarebytes running now so this is as far as i have gotten. Should clean it though once you get the process stopped.
I got infected as well. I had anti-maleware on my computer so i ran a scan and nothing came up. I restarted my computer and windows will not start up in safe mode, i just keep coming to a black black screen.
Any ideas?
I have the security tool virus on my computer and turned it off the other day and now the computer will not restart. i turn it on and all i get is a half lit black screen staring at me. How do i fix it?
Thanks for this article and download link. Really helped.
just want to say thank you for the great sharing! Lucky me, I tried using System Restore and everything backed to normal within a few minutes.
I had the same damn problem it took me 2 hrs to solve It disabled myt webroot so i went into the start menu and clicked on it I got it to run and when i saw 3 items in the items area I stopped the webroot and delt with those main 3 little buggers 1 was a rouge the other was a security tool malware and 3rd was alot internet tool device after i got rid of them I ran a full system sweep/ trust me it was hard but it can work
I was lucky i found a forum that told me to spyware doctor. I worked, took it off right away and nomore problems.
good luck
Hi. I just picked up this very annoying virus or something very similar to it on my XP-SP3 machine. I was able to remove the annoying virus using some of the steps listed on this thread, so I thought I’d share what steps I took.
My virus was a little different that what was commonly described here, but my two main symptoms were:
1) Annoying (fake) security pop-ups in the form of balloon notifications, fake Windows security center, corner-desktop notification (like outlook), a splash-screen like (not a draggable window) warning .. omg!!
2) I couldn’t run virtually any exe’s … not MalwareBytes, not TaskManager, not Notepad … not anything! … omg!!
However, the way that my virus differed was that there were no random numbers in my application data or a running process with random numbers. Also, my desktop/icons were not affected by the virus.
——–
To resolve this virus, with help of some of suggestions on this page, here are the steps I took:
1) I plugged in a flash drive and installed MalwareBytes on that.
2) Ran MalwareBytes from the flash drive to scan my hard drive. (Took 2 hours) (I did rename my mbam.exe to iexplore.exe, but at this point, I’m unsure if this was required)
3) Launched my TaskManager by (copying and) renaming it to iexplore from my “C:/windows/system32″ folder. I matched the malicious items list found by MalwareBytes, and killed the malicious item from my TaskManager. My item was named “ilymsysgaurd.exe” (instead of random numbers). I’m not sure if this step was necessary, but it was nice to kill the process.
4) Removed all of the malicious items found using MalwareBytes, and rebooted my computer.
——–
These steps seem to work for me. My virus’s exe was named
“ilymsysguard.exe”, but a search for that on Yahoo/Google netted no results. I think the “sysgaurd” base name is the virus you can search for online. This exe was sitting in “C:Documents and SettingsOwnerLocal SettingsApplication Dataiyxjahilymsysguard.exe” for me. the “iyxjah” part seems like the random bit for me, instead of random numbers. You may want to check there if you can’t find it in the locations described by other people.
I didn’t reboot my computer in SAFE mode to do this, because I had read other posts that stated that they could no longer get back to Windows after they rebooted, so I didn’t want to take that chance without running MalwareBytes. I backed up my important data (just in case) after I scanned using MalwareBytes, but before I rebooted rebooted.
Anyway, After scanning with MalwareBytes, removing malicious items using MalwareBytes, and rebooting, my computer seems to be back to normal. I didn’t do a system restore even.
…
I really appreciate this thread and all of the people posting, because it helped me tackle this virus (the iexplore.exe renaming trick was nice). So thank you everyone! I hope my post may one day help anyone else battling this virus. Good luck. Thank you.
So what happens to the information that one put in when downloading the security tool like the credit card information and how can one get their money back if it is charged?
Bill you are the bomb!!! Thank you so much for the info, this virus showed up on my business computer after I looked at a celebrity website. I can not repeat the words I used when trying to get rid of this nonsense!! Once again you are a lifesaver!!!! I hope you get have awesome luck in life!!
What a pain. I got infected and it took hours to delete the program. With God’s help, I went into C documents and found those numbers the program was installed under. When I tried to delete it-I could not. It took trying to delete it several times and then rebooting my computer before it fianilly disappered. A petetion needs to be signed to run the people who started this false program off the internet. If I ever see anything like this again, I will shut my computer off before it has a chance to infect my system. What a PAIN.
I hate security tool!!!!!!!!!!!!!!!!!!
OH MY GOD
why didnt i see this before
i hate myself now
u see i paid the security tool for scanning my computer and it worked a few days that security thingy didnt harrass me for a few days and today it came again so i wanted to get the registration so i googled it and found this………. i think i made the biggest mistake ever…… oh…. sob sob
I used Cheri’s advise for getting into safe mode and she screwed me. Now I can’t even get into windows. Can anyone help with getting in?
i got this virus a good week and a half ago, i did my usual and deleted it. I thought i was all right..
i was wrong, it came back yesterday, not with popups but it was messing with my browsers and exe files
i ran combo fix, then i deleted the numbered folder and i did the cut and paste malware bytes exe trick. I seem to have removed all traces of it.. atleast i hope i did
this is a pretty nasty virus, the worst one i ever got
i was trying to watch how i met your mother from tv duck and got it while trying to enter one of the links…thx for the advice worked perfect from the first time
I simply went to system restore and restored my pc to an eariler date. It worked like a charm!
I too got that awful virus SYSTEM TOOLS and all I can say is…………IT WORKED! THANK YOU SOOO MUCH!
I tried everything I could for hours and the MalwareBytes download was the only adviced that worked.
Thanks again
I am just speechless…..all I can say is Thank you!
the MalwareBytes download worked! After hrs and hrs of trying to remove the awful virus System Tools I feel lucky to have come across this website.
Thanks again!
is this software safe? should i download it??? please reply, im worried about my pc
Purchased Security Tool and now i can’t get it to run
What can i do to fix the problem ?
I found out a easy way to use MalwareBytes Anti-Malware when Security Tool is up. all you have to do is go into safemode. the virus can not pop up in safemode. then you can use MalwareBytes Anti-Malware.
This website has helped me tremendously, to remove security tool. Thanks a million!
ok guys i fixed my laptop what u do is u go to safe mode than go to this website and dont go to the first safe mode there should be three of them 1 on top 1 in middle and 1 on bottom press the second one becuz with the first one no internet ok so once u pressed on the second safe mode go to this website and donwload malware once u did that quick scan your computer once malware is downloaded after that click show results and than it should say delete all or erase all something like that once ur done with that just restart ur computer it should be fine good luck and thank you to whoever made malware and i hope the guy who made security tool gets into a car crash and gets paraltzed
I had a hard time trying to figure out what remedy was the right one to use. I had to download the malware program on a sd disk because the security tools was not allowing me to download it on my infected computer. Before I tried to load it on my computer via the sd disk, i tried the other remedy first which is to press f8 at start up and choose the option to start windows in safe mode. Once windows started in safe mode I was able to go to system restore which is usually located at the performance and maintenence location which can be found in the control panel. Once the system restore screen came up I made sure I chose a date back before I got the securtiy tool headache. To my delight my computer was restored back to that point I chose and now computer running fine. Hopefully this info helps you out if your not sure what to do.
Thank you sooo much! this worked like a charm, although at first my computer wouldnt let the malware software open, i finally got it to, and dont know how i did! Thank you!
A friend was using my PC & this “Rogue Devil” / “Security Tool”, put itself in. It had ate my icons & flashed it’s little warning box every 2-3 seconds. I tried everything to get rid of it with my Malwarebytes & Avast Anti virus. It would not let me even pull these up. I couldn’t get to my Restore, TaskManager, or Flashdrive. It blocks EVERYTHING!! I went to my search & it wouldn’t allow me to delete it. So I called my friend who is a PC Tech & he couldn’t right off hand figure all this out. Then I found all of your comments. Funny thing, this Rogue let me online while still warning me to register it’s product.
I shut down my PC & when it booted up I kept pressing F8 over & over. It finally asked if I wanted to go into safe mode, which I did. Once there all I had to do was a system restore to about a week earlier. Then after I did that, my Malwarebytes worked & got RID of it. Then I went into search & found what little remained. So far I’ve not seen the $#@%@%$# that kept me frantic for a good 3 hours!
I just wanted to add that before you run your Malwarebytes be sure to update it. Both the paid for & free versions have this. It’s just with the paid version it’s automatically updated for you.
I followed Jeanne’s instructions and it worked great.
Simple and quick.
Thanks Jeanne!
yeahh like when im trying to run the MalwareBytes Anti Malware, the stupid security tool pops up saying that the file is trying to send my credit card details and blahh. what do i do now?!
SECURITY TOOL WAS AN ICON ON MY DESKTOP I RIGHT CLICKED IT AND SENT IT TO THE RECYCLING BIN AND THEN DELETED IT. THE SECURITY TOOL HASNT INVADED MY FILES…. YET….. BUT IT DID GO AWAY. IS IT GOING TO COME BACK?
This people are a bunch of theaf ,who they send you a virus ,to damage your computer and that way they can steal your money ,after you realize the transaccion,you never can contact them,the phone number 800-469-9689,is not a working number they make your wait for a long period time and them they hang out the phone,is any way you can comunicted them,this have to be reported to the FBI,in usa ,because this company is not even existed,just to people know ,and probably this people who make statment about this company are fake too,but i will work very hard to the authryties ,catch this fucking theaf
they are the virus people,we need to reported to the FBI<and tomorrrow i will do that,give them all the information about this fake comapny and phone number they provided
You can go to techjaws.com for specific instructions as to how to remove the Security Tool virus. I followed the instructions and was able to remove them( I had 2 separate Security Tool apps). The key is to hit the Cntrl/Alt/Del keys as soon as the desktop appears. Then you can go to task manager and disable it. From there you can follow the rest of the instructions to remove it. Don’t look for “Security Tool.” The app will be a series of numbers ie: 68345228.exe. or 57817129.exe or any other variation of numbers. Hope this helps. I know it’s frustrating/
My computer has the system tools virus and whenever I go to system restore, the virus pops up and doesnt allow me to restore. Can anyone help
My computer has the system tools virus and is killing my system.Every time I try to restore my computer the system tool virus blocks it from happening. Can anyone help?
If you do not have access to safe mode due to drive encryption the removal instructions can be found here (or if you have Windows 7 and just want to clean it quickly)..
http://www.thegremlinhunt.com/2010/02/22/security-tool-removal-without-access-to-safemode/
tried lots of other sites but this was the only one that helped. you’re awesome, thanks!!
I had to remove this from my friend’s PC. What I did was I found the Security Tool program listed in Start->All Programs. I right-clicked on it to determine it’s location on the HDD. In my case it was in c:ProgramData73478920. In that folder was 73478920.exe. I changed the file extension from .exe to .trash then restarted the PC. On restart Security Tools did not start. I then deleted the c:ProgramData73478920 folder and removed it from the recycle bin.
To get rid of “Security Tool” I held down the F8 key as I rebooted. Eventually, a screen appears w/several choices.
Choose “Safe Mode”. You’ll come to a screen which offers the choice of resetting your computer to an earlier date: choose this option and pick a reset date before the malware showed up. That’s it.
Thank You Jeannie! This bug got on my work computer, with your advice I had it off in just a couple minutes
Hello, i have the same problem with seaad, i need to open my computer but it is not possible anyhow. please a slotion….
When I am trying to start computer in Safe Mode the following things are popping up on the screen
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32ntoskrnl.exe
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32hal.dll
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32KDCOM.DLL
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsyste32BOOTVID.dll
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32conifgsystem
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32c_1252.nls
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32c_437.nls
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32l_intl.nls
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32vgaoem.fon
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32drvmain.sdb
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32DRIVERSACPI.sys
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32DRIVERSWMILIB.SYS
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32DRIVERSpci.sys
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32DRIVERSisapnp.sys
And after that nothing happens.
Now when I shut down computer and restart, I can hear sound of processor running but screen is blank.
I will appreciate your help in this regard
yeah you se when the window logo appears right before your screen turns black?well as soon as that windows starts singing, tap that F8 till it works hun,even if you think its not working while your doing it, rest assured it may take you maximum 1 try but after that you know what to do, as soon as you log in go to MY COMPUTER , get to your flashdrive or whatever your using specifically and pull that folder to the desktop ,get reflexes and when it tell you to hit a button you better zoomby for everytime yu screw the guy just might make it harder and worse for you, anywho after it tells you to hit the quick scan and etc,. choose quick scan he wont know what hit you i promise. well anyways, m sure that worked for you if not heres my number ,call or text,407 780 0999 and ill help anyone. just call and im here (: i dont bite, (:
Thannk’s for the guide,,
You are AMAZING! THANK YOU, THANK YOU, THANK YOU!!!!!!
Let me say thank you for this tutorial, I fixed my computer intalling the malwarebyte.org and this was an excellent proces, and also I have to download rkill.exe and was great, my computer was fixed just in 25 minutes,, thank you again and I am happy beacause I save $200 dollar to fix it, well that;s Best Buy store was asking to fix my computer, REMEMBER YOU CAN TAKE OUT security control from your pc for YOURSELF…
I HATE THIS!!!! After figuring out what happened to my NEW laptop, I installed Malware, ran it, cleared up…or so I thought. All programs ran really slow. Then the black screen. I went through all these postings and was elated that others may be able to help.
I am experiencing the same problem as Saeed (Dec. 21, 2009) and Semaa (March 12, 2010)
When I am trying to start computer in Safe Mode the following things are popping up on the screen
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32ntoskrnl.exe
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32hal.dll
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32KDCOM.DLL
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsyste32BOOTVID.dll
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32conifgsystem
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32c_1252.nls
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32c_437.nls
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32l_intl.nls
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32vgaoem.fon
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32drvmain.sdb
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32DRIVERSACPI.sys
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32DRIVERSWMILIB.SYS
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32DRIVERSpci.sys
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32DRIVERSisapnp.sys
And after that nothing happens.
PLEASE HELP!!!!
Thank you to all those who have posted about this virus.
after one week of nerve wracking experience with this virus, i finally have it removed…i tried everything based on the instructions of different people having this sort of problem but to no avail, probably i have the worst case here, thanks to my spanish journalist friend! she told me to create another user account, because vst virus is usually attached to the user account, so i did, when open the new user account, i didn’t encounter the virus, but just to make sure, i scanned my hard drives using malwarebytes and avast and found several viruses, after deleting the virus i reboot to my previous user account just to check if the virus is still there, thank GOD….finally, VST IS ALL GONE! hope this will work for you also….. thank you TERESA! HEAVEN SENT ANGEL.
The method mentioned was awesome! Thanks
I got the Security Tool virus on Sunday. I have followed a removal process, and I’m pretty sure it’s gone, but now other things on my laptop don’t work. First I was to download the rkill download. Then I had to download the Malwarebytes’ Anti-Malware (and rename it?). About 50mins into the scan a pop up told me that MBAM could not continue? So i started it again, let it go to about 50mins, and stopped it and then deleted what was there. This process I found is now telling me that I have to download hostsperm.bat, because Security Tool changes the permissions on the computers HOSTS file? I did that and it isnt doing anything. The process then says I have to download a default HOSTS file for my computer, but I have to delete my old one, which I cannot find of my computer. The pop ups from Security Tool have stopped, but I cannot download anything (and for some reason my Java Script thing was gone and now it is apperantly not turned on? – not sure how to fix + things like Facebook wont show the whole screen). Not sure what I should do? Help please!
I found this method to work:
- download the software
- restart you operating system
- as your computer is booting up make sure to hit “F8″ before the windows splash screen comes up
- You should get several options for running windows in safe mode
- Make sure to select “Run in Safe Mode with Networking”
- Once windows starts up you should be able to install any anti-virus/anti-malware software
- Once the desired software is installed, run the application and begin scanning your hard drive to remove the virus/adware/malware.
Hope that help. C ya.
im not very good with computers but i understood the what to do and the links but the security tool wouldnt let me download any of the links
My son let his security expire on his pc and came to me complaining about Security Tool. After several attempts, I had success using this tutorial; http://www.bleepingcomputer.com/virus-removal/remove-security-tool
I’m a carpenter. If I could do it, anyone should be able to.
I was able to get rid of the virus by booting up in safe mode and removing the suspect files, removing start-up command from msconfig, etc.
However, I located these additional files in my registry (HKEY LOCAL MACHINE>SOFTWARE>MICROSOFT>SECURITY CENTER>SVC): AntiSpywareOverride, AntiVirusOverride, FirewallOverride, VistaSp1, VistaSp2.
When I try to delete these keys Windows tells me it is unable to delete them.
What’s up with that? How can I remove this from my registry?
Fix worked great – thank you so much for this post. Good karma coming to you soon.
I just had this same issue yesterday. It actually got downloaded onto my desktop so i went onto windows website and downloaded the security essentials it found the virus and i deleted it but the icons are still on my desktop and in My Programs… But my computer is no longer acting funny… how do i get the icons to delete.. or do i still have something wrong with my computer
before u delete the icons on ur desktop open the my computer folder, look for the names of the icons in either the Program Files folder or Temp folder which can be found in your hard drive folder C. delete them from there if you find them, then delete the icons, and try rebooting.
my friend computer is infected with security tool rogue virus. here’s what i tried
1. unable to access safemode or safemode with networking it just boot loop repeatedly to advance boot option. computer windows xp home edition. internet connection available but limited cause security tool always popup
2. cant access msconfig, cmd, regedit, taskamager, proccessxp (third party taskmanger) malwarebytes, super anti spyware, trojan remover, portable super ant spyware file name as random numbers with .com file extention it just flashes for a sec then close down automatically then security tool popup saying msconfig and all the application listed saying that it is infected
3. tried renaming file extention. to .com .bat .scr .pif same error security tool popup saying the file is infected conitinue unprotected?
4. tried running rkill same error. even tried online scanner didnt work unable to run.
5. also tried renaming regedit.exe to regedit.com or .bat no luck
6. system restore unavailable its disabled. no restore point available
7. export HKEY_CLASSES_ROOT .exefile entry and renamed it to blah.reg from another computer and transfer the file over to the infected computer. same thing security tool popup saying blah.reg is infected.
im out of possible solution. any inputs?
a friend off mine told me to create another user account, because vst virus is usually attached to the user account, so i did, when i open the new user account, i didn’t encounter the virus, but just to make sure, i scanned my hard drives using malwarebytes and avast and found several viruses, after deleting the virus i reboot to my previous user account just to check if the virus is still there, thank GOD….finally, VST IS ALL GONE! hope this will work for you also
Security tools was not letting me play with my PC. It kept popping up and didn’t let me do anything with my PC. So I was going to buy it until I googled it and saw that it was a scam. So I searched the web and found so thing calledSpyware Doctor and they wanted money too. So I didn’t want to buy it so what I did was:::
I shut down my PC and started it again and pressed F8 then it sent me to a screen where I picked the option safe mode with networking.
Then when the PC started I right clicked on the Security tools icon.
Then I went to properties and found the file data and copied it.
Then I hit the start menu and in the search box I pasted the file data.
The security tools file will come up and then I deleted it.
Then I deleted the security tools icon from my desktop.
Then I deleted the security tools icon from my program menu.
Then I went to the recycling bin and deleted all 3 security tools icons. Then I restarted my PC.
And this worked for me, my PC is back to normal.
I think I have it romoved… But some programs are not working gives me tons of errors… All different, games, programs, fire fox, tons of things… Any help would be great.
Just restart your computer when it gets to the desktop when no fales are loaded press ctrl+alt+delete and end prossces that is in full numbersand your free to start malaware now
I just used a system recovery on my ccomp and it seems to rid it of the virus,
Please follow simple instructions below. You dont have to install any software or follow any complicated manual steps.
1: Click on my computer TOOLS>Folder Options>View>Show Hidden files and folders
2: go to c:/Documents and Settings/All Users/Application Data and there should be a folder by name 50400342 or similar folder.
3: Rename 50400342 to any desired foldername like test
4: Restart Your Computer
5: go to c:/Documents and Settings/All Users/Application Data and DELETE TEST or Renamed FOLDER that contains the virus file.
6: Now you should be able to start task manager by pressing ALT+CTRL+DEL…..look for any suspicious processes like any file with just numbers on it and carefully review all the processes
The reason behind doing this is simple. The Security Tool software is just and exe file located in the above mentioned folder. It simply acts as an antivirus and closes all the exe files as soon as it is opened. In this process we are just fooling the program by renaming its home folder and stopping it to load in the memory upon restart. After we stopped the loading of the file from the memory, we are just simply deleting the virus file of existance.
IF IT SOLVED YOUR PROBLEM, MAIL ME @ [email protected] with your comments or you can directly mail me if you have any other computer related problem in the mail
#1 Restart computer in safemode, when it’s loading press f8, choose start in safemode with networking.
#2 Find Security Tool icon on desktop and delete to the recycle bin,
#3 Click Start, go to search and type in Security tool in C Drive, If it does not find anything be sure to search hidden files as well.
#4 Once it locates all 4 files, delete them all to the recycle bin. 2 of the more files may have attached itself like a parasite to another program in your system, if this is the case continue with the deletion, it is one of it’s last attempt’s to act camouflaged. Delete to recycle bin!
#5 IMPORTANT!! Go to Recycle bin and delete all contents out of the recycle bin This will ensure that it wont try to reinstall itself!
#6 Restart the Computer Normally!
**Note** I used 3 Registry Cleaners 2 Anti Spyware Programs/Software my Virus Protection, which none where able to Detect Security Tool! Security Tool cannot be deleted from add remove programs because it’s not even a program, it’s pure malware! One of the worst ones Ive ever had to deal with so far! Just follow my directions above and you will be cured!
Question to Damon at [email protected]
I had the same problem. The virus block me from using Malwarebytes and safe mode. I got it fix with Avast Anti Virus freeware
like others have said..just rename it..download walwarebytes antispyware..reboot computer,,do a guick scan..and remove all infected files..thrn reboot again problem fixed..took 15 mins..now all fixed..
im having this same problem right now its drvin me crazy someone please help
PLEADING WITH ANYONE!!!
I have triec the advice above but cant even get into any form of safe mode and i get
multi(0)diskrdrive etc over and over like a couple of other posters above. please any suggestions!??
Thank you so very much
My husband suddenly had this Security tool thing this morning and with your help I was able to fix it
Fingers crossed it stays that way
Got this today on HP with vista… this worked to fix
http://www.bleepingcomputer.com/virus-removal/remove-security-tool
Sadly this hasn’t been my first run in with a anti virus – virus. So luckily, I had rkill ready to go, scanned with mbam, etc…
This seems to always be a great 1, 2 punch to a virus (rkill followed by mbam)
I really need to stop letting my brother on though…
Anyway, great article
Type your comment here… very good!!!
SHOW!!!
It’s people like you that this world needs, helping others to help themselves. Thanks for the advice, all power to you.
omg it works i’m greatful dont know what happened this thing is deadly. thanks for your help.
Many thanks. You save my life. Easy instructions and problem was fixed.
omg ty so much i would have had to pay $500 to get my computers fixed :]
Security tool SUCKS! it deleted most of my files and it all ways pops up out of nowhere can someone tell me how to delete it
For those with startup problem!!!! Black screen when starting windows.
When I am trying to start computer in Safe Mode the following things are popping up on the screen
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32ntoskrnl.exe
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32hal.dll
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32KDCOM.DLL
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsyste32BOOTVID.dll
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32conifgsystem
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32c_1252.nls
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32c_437.nls
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32l_intl.nls
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32vgaoem.fon
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32drvmain.sdb
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32DRIVERSACPI.sys
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32DRIVERSWMILIB.SYS
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32DRIVERSpci.sys
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32DRIVERSisapnp.sys
Do this
I fixed it !
It is not problem with isapnp.sys. It’s problem with pciide.sys which is loaded after isapnp.sys
Step :
Start Recovery console (boot with XP setup CD).
go to c:windowssystem32drivers
type “expand d:i386isapnp.sy_” for expanding isapnp.sys
after that type “expand d:i386pciide.sy_”
Those commands expand from setup XP CD files isapnp.sys and pciide.sys into c:windowssystem32drivers folder.
Just to explain : if boot sequence stop at one file *.sys, it doesn’t mean there is problem with THAT file. It could be problem with driver which follow last shown driver.
If found at one forume one more step : While using recovery console, go to c:windowssystem32drivers folder and start “dir” command. Check, if there any *.sys file with 0 length. Just delete it.
Best and easy way to remove Security tool is restart your computer and go to safe mode by pressing F8 before computer start and go to system restore and restore computer from earlier time. Restart your computer! Good Luck!
Worked on Vista.
Download Avast free anti virus its the best protection I have come across.
am I supposed to be paying for this? because I d don’t have money for it.
Security Tool won’t even let me run msconfig to start in safe mode! What do I do?!
I can’t even begin to explain how thankful I am! And to all the people that commented aswell.
When starting yor computer keep tapping f-8 , start in safe mode . Go to explorer and download REVO-UNINSTALLER for FREE . Type in Security tool on Revo and delete all files . Restart !! Your welcome .
A group has been started on facebook to raise awareness of this awful virus and to prevent people from losing any money like sadly many have. please join and spread the word.
anyone who has this virus…put your computer into safe mode by starting your computer up and as soon as you see it come on press F8 repeatedly until it comes up and then click on safe mode with networking so that you can work on the internet without interruption,then you will need to download Malware-Bytes,after you have that downloaded then you should see that security tool has an icon on your desktop,right click on the icon then go to delete and click on it,then click yes i want to send it to the recycle bin,after you have sent it to the recycle bin you will need to click on the recycle bin icon on your desktop and go in and delete security tool from there,then run malware-bytes to clean everything up,DOWNLOAD AVAST SECURITY TO MAKE SURE YOUR SAFE FROM NOW ON!I KNOW THIS LOOKS LONG BUT IT WORKS BETTER THAN THE OTHER SUGGESTIONS TRUST ME!
I tried all of the above but none worked i downloaded spyware doctor it cost £25 but worked straight away, and u can get a discount code good luck
This thing Is AWFUL !
I Spent Hours Believing It was Real.
To Get rid Of It Go Into safe mood ( To Do That hold F8 when the laptop or computer is starting up. In some cases holding it wont work so just keep taping it ) when you are on safe mode right click on ” Security Tool ” and go to bring me to file. Once you get into the file were it is saved, Put it in recycling bin and delete it from the bin also. Then restart the laptop. Hope it helps
Thank you very much. The download was easy for me to find and operate. did not take long and was effective. You saved me a huge headache.
I did nothing and my screen went blank in blue with writings saying something like “there is an error on your computer”. My computer then restarted and the security tool went away and was gone. Then everything worked properly again. Does this mean that I am fully safe from security tool?
hi there i installed the malware remover and the rkill . the malware remover found 4 threats after the full scan so i clicked remove all and then i was told to do a restart but when i did the windows welcome screen comes on then all i get is a blank screen please help !!!!
Easiest method to get to a “Safe” point where you can use the pc with security tools trying to run is do this:
- Hit f8 continually on startup and select safemode
- Use System Restore and go back to an earlier point before you got the malware.
Then run MalwareBytes to remove.
If you cant do this or cant remember when you had a safe time on your pc when you didnt have this problem then run a search for files (while in safe mode) and delete anything modified that day that you didnt create yourself. Use some care with it not to break things but you should be able to tell whats dodgy and what isnt by looking at the file location
I rebooted in safe mode used system restore went back before my virus restarted and gone. so far so good
i have a security password and user name for my computer ….i dnt kno wht happened ..yesterday when i started my computer by entering the password as usual ..i wasnt able to find the task bar and also i am not able to right click …d screen is empty .only d arrow is shown
can any1 pls help me?any idea whts d problem?
i have a security password and user name for my computer ….i dnt kno wht happened ..yesterday when i started my computer by entering the password as usual ..i wasnt able to find the task bar and also i am not able to right click …d screen is empty .only d arrow is shown
can sum1 temme wht is d exact problem?
any solution?
plzzz help
What if your computer won’t boot at all? Mine opens with a black screen that says the driver is missing….
nooooooooo need for safe modeeeeeeee
Alright, well I was doing a bit of web-surfing and I got hit with this virus. It honestly wasn’t too awful. I already had Malwarebytes running, along with Avast and My Computer. So I had everything open, maybe that’s what kept it from eating my face off.
Anyway, so I started running my Malwarebytes scan like a happy little bunny, getting out my laptop to continue my work there. But then my computer restarted. I was all “Okay.”
So I hit f8 and restarted it in safe mode, running a Malwarebytes scan there to get rid of this thing. It worked. Easy. I’m running one final scan with Avast just to be sure, though. But I did’t have a lot of trouble with this virus.
I just battled with this freakin malware for a couple of hours. I hit alt+crl+dlt as soon as I could when i started up my pc normally. Since the malware hadn’t loaded yet, I was able to keep task manager up. ISHOWIBTSSD.exe was the name of the program. I shut it down and went about cleaning my pc, and of coarse setting up as much protection as I possibly can now
Good luck to all.
ok guys, i need a miracle worker, i got on my laptop and got this virus that everyone here its trying toget rid of, but now my laptop wont even let me open up windows anymore! SOMEONE PLEASE HELP!!!! any adive will be taken
we all hate this virus so can we just kill the guys who made it? just putting it out there…. i just got this virus time and time again so annoying even though i dont really go on any weird sites..
if all instructions failed you might want to try these steps:
(When i tried to go to safemode, my laptop cant get to windows and and it auto reboots i tried to go to Safe mode, safe mode with networking, safe mode with command prompt.
i also tried to use MBAM and pctools’ spyware doctor but those did not work for me either.)
Only this one worked for me:
1. locate the security tool by pointing your cursor to “Security Tool” as listed in your start menu
2. go to that folder and RENAME the file
(it did not allow me to delete the file directly from the folder. if it does not allow you to directly rename the file, create a copy of the security tool in the same folder then delete the original file)
3. Create a new folder then MOVE (NOT copy) the security tool file into that new folder
4. Move the folder to your desktop where it is easily accessible
5. log off from your account then log back in (OR restart your pc)
6. after logging back in/after restarting and AS SOON as you can access your desktop,and the security tool is still not active (not showing in your system tray) delete the whole folder and empty recycle bin.
if you will delete it while security tool is showing as active in your system tray, you wont be able to delete the file.
Hope this helps
I ran two virus scans last night, one by TrendMicro and one by CA Security after a trusted IT person sent me a link via his Facebook account. The link produced some system errors and I ran the A/V scans as I suspected foul play. System was pronounced clean last night.
This morning, I come in and find this malware running and all my other programs shut down.
Could not open Taskmanager (it would shut down in 1 second after opening) and I could not access any internet virus scan sites.
My solution was hit reset and load up my Norton Ghost image.
Whatever this malware is, it is undetectable by two of the popular online virus scanners.
diese firmer di dieses Program entwikelt sind echte wixa arschlöcher ich kan jetzt windows mediaplayer nict mer öffnen nund arbeitsplatz geht auch nima Danke du Scheiß firmer
Found a easy way to get the program installed and removing the “”virus”.
downloaded the program, started windows in safe mode, installed the program and runned the search. However the search resaulted in finding a shortcut to “Systemtool” and it did not remove the virus, however, when i was in safemode, i too the shortcut and found the original location, most likley c:usersyouruseraccountnameappdatalocal
and deleted the entery there. restarted the computer, runned scan with a few virus programs, that now worked, found one virus and deleted it. No problem the last week so thats my method of doing it clean and easy.
Good luck hunting.
I did a different method bc it was not in my processes on task manager nor was it showing up on the “Startup” tab stuff
What I did was start up your computer – press F8 before the windows to get the ability to start in safe mode – continously press it to open this option
Once there you can click on security tools program icon to open its location and then i just deleted it and then deleted all temp internet files from the time it was starting – they usually are a .exe file that is named with #s
once i deleted all those no more problem
good luck
The virus is gone but my internet doesnt work anymore
So ihad this same proble happen to me today, and it would even let me do a system restore so what I did turn off my computer then turn it back on and quicky as soon as I logged on I noticed most of the boot up programs take about 30 sec to load including this virus. So I quickly went to my start up menu typed in system restore as fast as I could then went down to the restore for 2 days before and it worked! So in my case it was all about beating the clock before the virus had time to start.
I want to thank all the people on this web-site who posted their multiple “Fixes” for the “Security Tool” malware virus. My laptop running Vista 64-bit (I think) got infected by this yesterday, 8/11/10. The following is what worked for me, an above average business computer…or computee, whichever works for you. I’m certainly not a MS certified user like some of you seem to be!
1. Turn computer on and hit F8 key repeatedly until you get into Safe Mode.
2. Choose Regular Safe Mode option.
3. Click Start button
4. Click All Programs
5. Security Tool should be listed…if not, enter “Security Tool” in Search and it’ll find it (shortcut, I think).
6. Right Click, Click Properties
7. This should show you the path where this malware is.
8. Mine was: C:UsersownerApp Data Local327355.exe
9. The problem I encountered was I had no “App Data” file in that string. But I saw the 327355, which is what you’ll need…so write it down. Note: When I moved my cursor over the Security Tool icons on my Taskbar, this number appeared, but at the time I didn’t know what it was.
10. After you click Properties, Click Rename. I Renamed it “dickhead” as homage to the asshole who developed this pain in the ass.
11. Then go into your major File Search tool, sorry, not really sure what I did there or how I found it. Enter Security Tool and it will find Security Tool hopefully with that file with the number (mine was 327355). Change that file name again to “dickhead”.
12. Restart your computer and let it go to Normal mode, not Safe Mode.
13. Hopefully Security Tool will be bypassed and won’t interfere now. Log onto the Internet and Download “Malwarebyte’s Anti-Malware” program (the FREE one). When you Google this, Download from CNet’s web-site, as these can be trusted for the most part.
14. Once downloaded, close all programs and Windows on your computer.
15. Double-click on the icon on your desktop named mbam-setup.exe.
16. When the install begins, keep following the prompts in order to continue with the install. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebyte’s Anti-Malware and Launch Malwarebyte’s Anti-Malware checked. Then Click Finish.
17. MBAM will start and you will see the message that you should update the program before performing a scan. As MBAM automatically updates after install, you can press the OK button to close that box.
18. On the Scanner tab, make sure the Perform Full Scan option is selected. Click Scan button to start scanning for infections. My Scan took 1 hour 45 minutes.
19. When Scan finished, this message box appears, “The scan completed successfully. Click ‘Show Results’ to display all infected objects.” Click the OK button to close message box.
20. You should be back at Scanner screen. Click the Show Results button.
21. Screen displays all the malware on your computer.
22. Click the Remove Selected button to remove all the listed malware. MBAM will delete all the files and registry keys and add them to the programs quarantine. If MBAM displays a message that it needs to reboot, allow it to do so. Once your computer has rebooted, and you’re logged in, continue with rest of the steps.
23. When MBAM is done, it will open the scan log and display it in Notepad. Review the log if desired, then close Notepad window.
24. Exit MBAM program.
I hope this helps some folks who get this damn virus. I couldn’t do most of the fixes, either too complicated or the virus wouldn’t let me open anything. Happy Computing, The Big Show
THIS WORKS IN A FEW SECONDS!!!!!!!!!!!!
************DO THESE THINGS******************
1. CNTRL ALT DEL
2. TASK MANAGER
3. PROCESSES
4. LOCATE THE OBVIOUS NAME-TONS OF NUMBERS THAT DON’T MAKE SENSE
5. END PROCESS-IT WILL STOP IT IMMEDIATELY
6. LOCATE SHORTCUT FOR VIRUS ON DESKTOP
7. RIGHT CLICK-IT WILL GIVE YOU THE EXACT LOCATION OF THE VIRUS.
8. CUT AND PASTE THE LOCATION
9. COPY IT INTO SEARCH (COMPUTER)
10.FIND AND DELETE IT OR IT WILL START AGAIN
11.YOU MUST DELETE THE SHORTCUT ON YOUR DESKTOP NOW
11.
I did all the above but nothing seem to work.
What did work though is the following.
1. Restart computer, click F8 and select safe mode with networking.
2. Start run and type %temp%, delete everything in the folder that opens.
3. Download malware bytes (free version), install and run a quick scan.
4. When done click show results and click on remove selected.
Now this will fix this specific problem but means that you are open to these kind of malicious software so I did the following also:
5. Download and install Spyware doctor and register (yes register means pay).
6. Run a full scann and remove all remains.
7. Set scheduled daily runs at least for next few weeks.
8. Run malware tool embeded with spyware doctor every so and then to make sure nothing is crawling back in.
I hope that the bastard who create this malware go to hell with the rest of the bastards that pull similar crap.
To remove Spyware Tools: EASY – Shut off the computer for 30 seconds and REBOOT. When you hear it coming on (after 1 or 2 seconds) Start to hit the f8 key every 2 seconds or so until you get an Options Menu. Choose to Boot in SAFE MODE. Spyware Tools will not be able to run in SAFE MODE so you will then be able to delete it. Look in Documents and Settings/All Users/Application Data. Delete it and empty the Trash. Then you MUST run Malwarebytes’ Anti-Malware or another reliable spyware tool (SuperAntiSpyware or AntiVir). If you don’t have these then download them. You will not be able to use the internet in SAFE MODE unless you also chose SAFE MODE with NETWORKING, something like that. Otherwise you another computer to download the file and then transfer it with a key onto your computer, install it and run it. This will take care of Spyware Tools. Once you have run a FULL SCAN with Malwarebytes delete the nasty files that it has found and the simply reboot your computer, it will reboot into NORMAL MODE and you are finished. Run a good Registry Cleaner like CCleaner or Regscrub both available from majorgeeks.com. Clean your registry. Good luck! This worked for me.
Thanks to those who posted the easiest!!! SYSTEM RESTORE TO PREVIOUS DATE!!!!!! TOOK 5 MINUTES…THANK YOU!!!
The malwarebytes work for me. Thank you so much
i too cant turn my laptop on to safe mode. any help would be welcome.
julia, thans you so much!
I’m running windows 7 and it won’t boot normally, it can’t repair itself and I can’t boot in safe mode. I’m running AVG ISO and it is finding infected files and is giving me the option to delete or change the file structure. Problem is it’s in the system files and I don’t know how to correct it without trashing my system. And like a dumbshit I never made a boot disk for my windows 7.
help!!!!
USE THIS ONE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
THIS WORKS IN A FEW SECONDS!!!!!!!!!!!!
************DO THESE THINGS******************
1. CNTRL ALT DEL
2. TASK MANAGER
3. PROCESSES
4. LOCATE THE OBVIOUS NAME-TONS OF NUMBERS THAT DON’T MAKE SENSE
5. END PROCESS-IT WILL STOP IT IMMEDIATELY
6. LOCATE SHORTCUT FOR VIRUS ON DESKTOP
7. RIGHT CLICK-IT WILL GIVE YOU THE EXACT LOCATION OF THE VIRUS.
8. CUT AND PASTE THE LOCATION
9. COPY IT INTO SEARCH (COMPUTER)
10.FIND AND DELETE IT OR IT WILL START AGAIN
11.YOU MUST DELETE THE SHORTCUT ON YOUR DESKTOP NOW
11.
hi to all of you. i have gone through the several infos about getting rid of the security tool. my problem with it seems to be a bit special. when starting the computer i cannot switch to the safe modus via hitting the F8. nothing happens…..
i can enter to the safe mode when stopping the start-up while it is working and starting it again immediately. but i cannot choose anything using the up/down cursor. it seems that the keyboard is death..
can anybody help me?
Ok… sooo I have a virus that just like this.. but it looks a little different on my other computer. Since that computer has Windows XP and Windows 7 OS (Windows XP being infected and not 7) I was wondering if I could install malwarebytes onto my flashdrive and running it on the 7. Would that work?
By the way the 7 doesnt have admin rights so I need a password to install anything which I dont know.
What a killer virus. I tried the instructions from bleepingcomputer.com, but couldn’t get the executable files to run, due to the virus. It also blocked ctrl-alt-del and wouldn’t let me access via the Run mode either. I also was unable to run Windows in safe mode. System restore was also blocked.
In the end, I beat the virus by doing the following:
1. Find the Security Tool icon by going to Start – All Programs
2. Right click on the icon and choose Properties. In the Shortcut tab, the Target window shows the path to where the executable file is. Mine was in C:Documents and SettingsOwnerLocal SettingsApplication Data576789.exe
3. Go to that location by cutting and pasting the path from the Target window into the Address screen to go to the location. You can also browse there through the Explorer, but it is a hidden folder.
4. When you find the executable file, change its name.
5. Restart your computer
6. Follow the instructions on bleepingcomputer.com for running Malwarebytes’ Anti-Malware process. An alternate approach at this point might also be to do a system restore to an earlier version of your system. This is probably simpler if you aren’t concerned about losing recent files, but I didn’t think of that until after I started running the Malware program.
I hope this helps you.
First of all, DO NOT accept OR confirm anything within this malicious software apart from “Continue Unprotected”.
I cannot thank you enough for the help to remove this evil software. Thank you!
At the time I had this virus I was prevented from opening any software on my laptop apart from Internet Explorer, or any other Browser. I could not continue with any program installtions or even the simplest tasks such as opening Task Manager.
To everyone experiencing the same problem, this is how I rectified my situation:
I first of all used another PC to download Malwarebyte’s Anti-Malware and save the installer to an external flash drive. I then started the laptop in SAFE MODE with NETWORKING (if you wish to access the internet) and continued the installation. I ran the Malwarebyte’s Anti-Malware and removed this virus, followed by a clean up of the registry to make sure no trace of this vindictive software remained.
If you are unable to access another PC to download whichever Malware software you choose (I suggest using Malwarebyte’s Anti-Malware), I suggest attempting to save the installtion file to an external flash drive and then boot the PC into SAFE MODE to continue your installation and then following the above steps. I hope this helps everyone as much as it did for myself.
Thanks once again, a great help indeed!!!
What I did was go in to safe mode, and delete it. Seems a little too easy to me, like back in the old days. What do you guys think?
thank you julia
i got the security tool virus on my laptop that was running vista, but now it wont turn on, it gets to the point of saying ”starting windows” but then it just turns off and does it repeatedly, i know next to nothing about computers and i really need help on this
Anybody get back to you on this post? what was the solution?
Thanks so much this seems to have worked perfectly! The only thing was it originally didn’t let me open the malware thing. I wanted to try just running it in safe mode without putting it onto the flash drive like someone said to do, and it worked fine. I ran it again out of safe mode to make sure and it was gone. There was still a little icon left at the bottom and it said that windows was preventing a program from starting, but that all went away with the rkll.exe program.
All pretty fast and painless for me and it took care of what my virus protection didn’t. I’m going to keep these two programs on my computer and if I ever have problems again I’ll just run the scan in safe mode like I did for this.
safemode
and delete security tools in what folder it save
i do it
and it works
I’m not sure how I picked this up but, running system restore in safe mode did the trick. I keep waiting for it to reoccur but so far nothing.
Ok, I have the exact same security virus in my computer and tried everything that was listed in even the forums. The problem I am having is that my malewarebytes program is not even picking it up. I ran my computer in safe mode and regular start up. Now what should I do?
I have done everything that has posted on the forum, problem is Maleware is not picking it up. It is exactly the same Security tool that has infected my computer. Any other ideas?
When I am trying to start computer in Safe Mode the following things are popping up on the screen
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32ntoskrnl.exe
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32hal.dll
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32KDCOM.DLL
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsyste32BOOTVID.dll
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32conifgsystem
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32c_1252.nls
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32c_437.nls
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32l_intl.nls
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32vgaoem.fon
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32drvmain.sdb
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32DRIVERSACPI.sys
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32DRIVERSWMILIB.SYS
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32DRIVERSpci.sys
multi(0)disk(0)rdisk(0)partition(1)WINDOWSsystem32DRIVERSisapnp.sys
And after that nothing happens.
Now when I shut down computer and restart, I can hear sound of processor running but screen is blank.
I found a way to remove Security Tool in 2 steps , without MBAM
Hey, i ran the software and its scanning now. The Rkill.com does that just make it where the pop ups stopping coming up. cuz once i downloaded it i just clicked it and the pop ups stopped and it made it where i can load up the anti malware. so after i remove everything. it should be ok right? i was reading somewhere else that i should remove the host file or something. and restore it to default host. have you heard anything like that or can i just leave it and as long as i remove the virus from the anit malware program?
Here is another easy method(manual) of removing the security tool..
1. If you have norton anti virus on your system, when you goto Norton Insights you can see the current files running on your computer..
2.Generally Security tool file name will be a 6 or 7 digit number..Get the file location from by double clicking on the exe found in Norton insight(Top right corner you can see Locate file)
3.Restart the windows in “Safe Mode” and go to the location and delete the file.
4.now restart the computer in Normal mode and you no longer see the virus…
It worked for me…hope this helps…
It’s very simple to delete it and you won’t have to download anything..
1. If the virus left an icon in the desktop, right-click it
2. Choose to open file location
3. Select the program icon
4. Change the file’s name
5. Restart your pc
6. Go to the file again and delete it.
7. Restar again.
8. Enjoy a virus-free pc.
That’s it. Hope it helps…
@ Bill or anyone who his fixed worked for:
What if you deleted (when I was panicing) the system tools icon??
Hi,
I used MalwareBytes’ Anti-Malware and it removed several spywares and malwares altought i needed to remove SecurityTool manually by deleting it all this in SafeMode.
I have the Security Tool virus and have downloaded the Malware software but the virus won’t let the software run. What can I do?
Thank you!
plzz i need all the help i can get
Go into Safe Mode with Networking and everything will work as intended.
i need help it wont let me run it and im not sure wat to do
Thanks to all involved with your site. That you provide a solution for free is greatly appreciated. I managed to download suggested software by temporarily disabling Security tool by quickly invoking Task Manager during start up and deleting the Security Tool process (the one with all numerals). I was then able to perform suggested downloads and run MalWareBytes software as described by you.
Any chance that you guys can infect the a###holes at Security Tool with a virus? (Just kidding…. maybe!)
Again, many many thanks.
Look technical geeks it’s simple…system restore lol wow don’t get caught up in the F8 crap…system restore that simple…don’t waist your money buying PC Doctor or whatever the hell it is lmao
i removed the virus in safe mode but, now i can’t enable my task manager which was disabled by the virus
hi ther ive struggeld wth ths for bout 2 houers and noyhing.. if u need to work on the PC asap. then what u can do is a system restore NOTE make backups of your work that u have done in the past 2 days or so dapending on how long u have had this virus on ur pc.. choose a date that is about a day before u got this virus and restore..
how to.. click on start – all programs – Accessories – System Tools – System Restore and follow the steps..
hope this helped u
if your task manager wont open just restart your computer and press ctrl+alt+del as soon as windows opens and treminate the process that is all numbers i.a.23867.exe then run malawarebytes from flash drive saves alot of time
hi i want remove all the infected files which has come frm a site.it appear on a desktop that ur system has been infected . pls suggest me to remove virus frm my pc.
So in thinking I averted the problem, things are worse.
This softwares stops my antivirus software, the adaware software and more
I go into SAFE Mode and cannot seem to install anything from my flash drive, nothing – I am sooo close to tears right now.
I found mbam_exe, but I cannot get it to run from my flash drive.
I thought it was legit, so in not paying too much attention I let it delete files. How do I get those files back? I am stuck right now, and angry.
Does anyone know, what to do, if Windows XP doesn’t start anymore? I also had that Security Tool -problem, mut this time it’s more serious.
When I start Windows, it just boot itself after the Windows logo.
I can go safe mode options with that F8, but when I choose for example “Safe mode with network settings”, Windows moves on, but nothing happens after that Windows logo and it’s reboots itself again. So what the hell?
I don’t want to reinstall my Windows. Thanks for any help!
You guys really saved me this time!
I kinda used a few of the suggestions, let me see if I can recall exactly how I got rid of it…
1) Downloaded and ran “rkill.com”
2) In Normal Mode went to All Programs and saw System Tools on them, I right clicked on it and looked at “properties” and was able to locate it and see its name
3) Turned off computer then turned it on in Safe Mode by hitting F-8 over and over ( learned that here)
3) Went then to My Computer> C Drive > Documanets and Settings > All Users > Application Data > BJAnj something ( dont remeber exact name but it was the same as when I right clicked on it and chose properties before)
4) In Safe Mode I was able to right click on that folders and the files in it (one of them was an Icon of a lock and was an exe file, I think it was System Tool.exe) and I deleted them! Hooray!!
5) Then I rebooted my Computer in normal mode and its back to normal. I am presently Updating my Anti Virus/Spyware program ( Microsft Security Essentials) and running a FULL scan
Thnx again guys/gals you saved me at least an $80 repair!
PS I think I got the Virus off “My Space” cause it happenned when I went to a My Space profile then clicked on Music
I just must sing my praiss to Julia. Her method worked perfectly when nothing else did!
Well there is this program that just poped up out of no where, andi cant exit it. I tried to download antivirus but it says its denied to download. This all happeneded while my mom was gone and shes gonna be mad at me but i didnt do anything wrongi t just likke poped up out of no where and the program is telling me to buy it to keep safe but i know its fake. Can anyone helppp me please and Fast!! I would really apprecaite it as soon as possible thank you (:
I’m fairly sure I got rid of it, but it seemed a little too easy… First I hard shut the computer down when I saw it was infected.
I ran the computer in Safe Mode (already had MBAM installed previously) with no problems, deleted the files manually, then ran MBAM to make sure I had cleaned up everything. But I never found any registry keys altered, and nothing seems to have been added to it. There was no problem running MBAM or updating it at any point.
Everything seems to be all right now – even my desktop picture is still there. Did I get rid of it? I’m a little baffled by the lack of trouble…
Am I doing something wrong or did the creators of this nasty virus figure out a way to make it more complex? First off, I’m using Windows Vista. I tried following the steps in finding the folder and deleting it, except the file path doesn’t give me any number series like everyone here is mentioning, nor does any number series appear in my task manager.
Instead this is what I find…First I did the whole Start, All Programs and right clicked on the Security Tool folder to locate the location under Properties. The folder is located in C:UsersMyUserNameApp DataRoamingMicrosoftWindowsStart MenuPrograms
So, I started up Safe Mode since it wouldnt let me pull up the Task Manager in regular mode. I looked for the number series like everyone mentioned when I pulled up the Task Manager, but nothing. Since I didnt see any number series I decided to look for the virus file path instead and sure enough I located it under Description, under the Processes tab,…but strange thing was that in the Image Name instead of numbers it gave me Limewire as the name of the task??? So I’m wondering if the virus is trying to hide under Limewire or if it was created by Limewire (even though I haven’t used it in MONTHS! and I just got the virus today). I killed the process anyway, but when going back to safe mode again that darn virus pops up again and wont let me run task manager nor run the malware scan. Can anyone help please????
I’m following everyone’s directions, but I dont know why I dont get the number series like everyone else!
Ok people… here it is… I don’t use MBAM or any other software packs to remove software… it’s simple to do manually!
Here is some GUIDELINES that can be used in almost ALL infections (ie. System Tools 2011, Antispyware 2010… etc…)
1. Boot into safe mode by pressing F8 constantly after a starter (choose Safe mode with networking)
2. Look for a program shortcut in your start menu (ie. System Tools 2011) and right click, then Properties. Get a pen and write down the EXACT date and TIME the file was created (ie. December 15th @ 9:55am)
3. DO not delete the shortcut yet. Open up your search option (start>>search) … or F3 in most cases. Ensure to locate the ADVANCED search options where it allows you to specify a DATE. You DO NOT have to input a file name to search for as of yet, rather looks for ALL files created on the date you just wrote down
4. Once the search is complete, view the files in a “Details View” so that it shows the “LOCATION” and “DATE CREATED” (you may have to add these columns in manually by right clicking on the heading bar above and adding manually). Now look for all files CREATED within the same minute (give or take 1-2 minutes) or the one you wrote down… these WILL be file associated with your virus.
5. Write down on paper the exact file name and location they are in BEFORE you delete them.
6. Next, open up the registry editor (click start, run… then type regedit).
7. Search your registry for EACH file you just wrote down. This will locate the registry keys that will keep repating and infecting your system. Delete EVERY key found.[IMPORTANT TIP - Before starting the next registry search, scroll to the TOP of your left pane and click on "COMPUTER" at the top, this ensures that you are searching the ENTIRE registry rather then the last folder you were in and beyond].
8. Once all the keys are deleted, close the registry. Go back to your program menu group and delete the folder (ie. system tools 2011 or whatever) now.
9. We are almost done. We now need to clean out all the “temp” items from certain locations on your computer. Below is a list that applies to Windows XP, Vista and Windows 7. Delete ALL items INSIDE each folder (don’t delete the actual folder). You MUST modify your folder view settings first before doing the below. Open up MY COMPUTER and click on TOOLS from the menu (if you don’t see it, press the ALT key), now goto FOLDER OPTIONS. Goto the VIEW tab and make sure that “Show Hidden File/Folders” HAS a check mark in it. Below that, look for “Hide Protected Operating System Files” and REMOVE the check mark (you will get a warning, click YES). Click OK to close the window. Now goto the folders below.
-C:WindowsPrefetch
-C:WindowsTemp
-C:Documents & Settings[your profile]Local SettingsTemp (win XP ppl)
-C:UsersAppDataLocalTemp (Win 7 ppl)
I appologize to the Windows XP people as I was trying to remember that location off by heart as I am a Win7 users… but in there will be a TEMP folder with crap in that needs to be deleted.
Now… this should have completed removed your infection. Reboot your machine and TADA… problem should be solved.
For Windows 7 users… there is 1 more location where malware is attacking and that is in our C:Program DataMicrosoft … read all of the folder names in there.. I found one that wasn’t supposed to be there. Cross reference it with files you wrote on paper.
Anyways… I hope this bit of information saves you some time and money in the future from this BS world of malware!
Happy Holidays!
-Luke
Thank you so much for the original instructions, Alex! I was in a panic, but your simple explanation did the trick, and I was back up and running within an hour.
Thank you!!!!!!!!!!!!!!!!!!!!!!!!
Oddly enough i managed to stop it by logging off and logging back on. Also found the file but need to find a way to destroy (terminate) it since it can’t be deleted or cut out from the folder that it is in.
hi… i have a toshiba laptop.. i keep tapin on the f8 key but its takin me to safe mode.. can someone pls help me
I need to download the software from the website but the system tool won’t let me open the internet (using a friend’s computer to do this), how do I work from that?
if youre a computer dummy like me, heres the best way to remove mr. system tool.
worked like a charm…..
i cant believe how difficult you all make this. Understand how the program works. find a work around to open task manager(copy and rename the exe) launch it, terminate the malignant processes, then search your registry and system files for the culprits(regedit) you can ususally find the exe file responsible as the same name as the process. good luck!
Here’s a quick and easy way to remove the “System Tool” from my Window Vista. The whole process took about 10min, and without the need going online or use any malware removal tools; and it is free: cost-free and hessal-free!
Step 1. While the infected laptop/comupter is on, push the power button to turn it off.
Step 2. Push the power button to turn on the power, and press the F8 key (once per second) until the screen comes on letting you choose the start mode: safe start, etc (there are 4 options). Choose the “Safe Start” – usually the 1st option on the top.
Step 3. Now your laptop is on and without any infection. Perform “System Restore” to recover your computer to a pre-infection date. (If you never performed the syetem restore before, you can search for it on your computer and find the instruction.
After 3-5 minutes, you should see the confirmation indicating System Restore Successfully. You know then your life is back to normal. Good luck!
Yeah I just got this today, its called system tool now and its a pain In my butt, hope security essentials will find the root problem. Thanks for your input guys
The anit-virus software works. You should download Malware. I fell for this virus, I even entered my credit card info like a dumbass. The whole stopping blocking thing didnt work for me because i actually purchased it…. So what happened was the program was running smoothly on my labtop unaware of anything else. I downloaded Malware and Rkill and it terminated this entire thing from my labtop without safe moding or anything like that however I called my Debit card company and had to C/X and send another card to me… -.- i am currently deployed soldier and so this plays a REALLY tuff part on me…good luck g uys with htis crapy virus
hey guys,
i recently downloaded a file which said it contains serial for a software. when i ran it, it tried to access net but i blocked it. what happened next was that the file was gone.completely gone. kaput!!!!! i didn’t delete it.tried to search it later but in vain.. i am worried that it might have been a virus or a trojan. i have the latest antivirus installed in my system and i scanned the file before running it and it came out clean.. can anyone tell me what might have happened with that file??????
The virus made my computer screen turn black. I tired turning it off then on and it works up to a point then goes black again and won’t let me sign in. What can I do about this? The computer is not worth paying to fix but I would still like to use it.
Hi.
I just wanted to say thanks becouse you really saved my ass. It’s not even my computer.
Well anyway, no need to answer this, just wanted to send you my best !
bye
Julian
BLESS YOU!!! I can’t tell you how many “solutions” I tried before this one finally worked.
ok so absolutely none of the above recommendations worked for me but then i tried this . . .
restart computer and keep pressing F8
start computer in SAFE MODE
click START
ALL PROGRAMS
ACCESSORIES
SYSTEM TOOLS
SYSTEM RESTORE
click on an earlier date and then the computer will automatically restart and everything should be fine
Luckily, I figured this out on my own bc i couldnt get on the internet. something was just telling me not to trust “their” antivirus. Sharon has it correct took all of 5 mins and was back to normal. Make sure you install a trusted antivirus such as Norton from now on.
No need to download antispyware, U can get back system by restore point.
check it out first
it works
this thing is a real bummer. i got ride of it real easy. 1 restart in safe mode and use the networking option. 2 download malwarebytes anti-malware. i got it for free download. run it and it will remove the bugger. restart and done.
what a gr8 website, same happened to me , got the system tools trojan,got rid of it by starting in safe mode with networking by continually depressing F8 on start up and then downloaded the MalwareBytes free software off a USB and running the application,which automatically downloaded a 6MB update, then ran the scan, took aprox 30 minutes to scan the whole computer although the MalBytes found the files almost immediately, quarantined the 2 files and Bingo , all fixed.
Big thx to Soft Sailor and MalwareBytes AntiMalware
‘they’ the agressive marketers’ are commononly known as pond life downunda
get a life
It is as easy as 123 to remove. When you start up your computer, imediately press F8 key. When the menue appears, scroll down to “Directory Services Restore Mode.” The rest is easy; just restore to an earlier date. Make sure it is a date before the virus entered your system and it will be gone. Your computer will be back to normal.
hi guys,
I run my computer in safe mode after my screen went blank because a malware/trojan … nothing happens… any sugestions?
thanks
At Ken, Trend is one of the few A/V programs that work against Rogues. I find it to be better than Malwarebyte’s.
Ok so check this weird trick out.
The software will not let you remove the folder its in… you can still rename it though???
So I renamed it and rebooted and the thing didn’t show up… it allowed me to run malwarebytes and all that other stuff… beautiful
generic bactroban
Luckily, I figured this out on my own bc i couldnt get on the internet. something was just telling me not to trust “their” antivirus. Sharon has it correct took all of 5 mins and was back to normal. Make sure you install a trusted antivirus such as Norton from now on.
Quality articles or reviews is the crucial to attract the people to go
to see the web page, that’s what this web site is providing.
Hi there, this weekend is good designed for me, as this
point in time i am reading this great educational article here at my residence.
What’s up to all, how is everything, I think every one is getting more from this web site, and your views are nice for new users.
My brother recommended I might like this web site. He used to be totally right.
This submit truly made my day. You cann’t believe simply how so much time I had spent for this information! Thank you!
I must say that it is a superb post..Really we are impressed out of this post?.the one who create this post it had been an amazing human. I put one of the links to your blog inside my site, we do hope you don?t mind? meble drewniane olsztyn http://intimboard.net/db/user/Pronklizor/
A motivating discussion is worth comment. I do think
that you need to write more on this issue, it may not be a taboo subject but generally folks don’t speak about such topics. To the next! Best wishes.
Visit my homepage – Twitter Software
I got this darn thing a couple days ago, who knows where. It stole all my icons and desktop picture.The pop ups from it were relentless. I read all these posts before deciding what method I was going to use. It seems I was lucky, I first went in safe mode and right clicked the security tool icon, I found it’s 8 digit number under properties so I could look for anything with that number on my computer. Next I renamed the icon. I then went under programs from my start button and found the security tool program was also renamed there too. I deleted both the program and icon and then ran a virus scan using my own avg virus software. On the first scan in safe mode avg found 8 trojan viruses with this 8 digit number attached. After the scan I rebooted and the computer rebooted fine no pop ups or any warning from security tool. I then ran a second scan in regular mode avg found 1 more trojan with the same number in it. A third scan showed up nothing. I can’t seem to find any trace security tool was there in any part of my computer. lastly I reset my desktop picture which had been switched to “none” by this stupid virus. So far so good, this seemed easy copared to what some people have to do but it also might be an easy fix for someone else too.
I got that system tool thing yesterday and my machine would not do ANYTHING.. except sit there and look at me.. I have McAfee and scanned the whole thing and it showed no virus.. don’t understand THAT.. anyway I restarted in the safe mode and then did a system restore to two days prior.. and it worked great.. I understand that it is possible to store the virus in that restore date and that I need to remove that also and will be doing that too as soon as I figure out how. =)
I got this stupid Security Tool tonight on my laptop. I can’t believe I fell for downloading it, but anyway SuperAntiSpyware seems to have worked to get rid of it. It has a free version; my permissions (this is a work laptop) wouldn’t let me get in the registry or install the above mentioned program to remove it. It let SuperAntiSpy install then I rebooted and really quick started the scan before S.Tool could interfere and it worked. I hope.
Val use the malware link above click the one that deletes all malware in 60 secs, then download another anti malware and an avg anti virus progam and to be safe get a google anti virus pack then scan again for trogans or anything possible.
ook this method worked great…the only annoying thing is having to reinstall itunes -_-
Security Tools cost me a whole weekend of trying everything to get rid of it!! Finally, I found a suggestion that worked for me…Trend Micro Housecall. I downloaded it to a USB stick on a clean computer and ran in on the infected computer in Safe Mode with Networking from the stick. Did “whole system” scan and it found all of the bad files. Fixed them and now my infected computer is back to normal. Hope it works for you.