My computer at work has been taken over by a thing called "Security Tool"

it has rendered the computer inoperable. Anyone have any success in getting rid of it? Sorry if this is posted in the wrong forum but I searched them all and figured this to be the best...

:cry:

the part time wee one but thanks :-)

The virus even infected the boot process so she couldn't even boot in safe mode.

That way you should be able to maintain internet access. Once you're logged in, try downloading malwarebytes or similar antimalware software and then run a full scan. Hopefully that will do the trick.

 
http://www.democraticunderground.com/discuss/duboard.php?az=show_topics&forum=242
 

figure it out!

This may help

http://www.howtogeek.com/howto/9505/how-to-remove-security-tool-and-other-roguefake-antivirus-malware/

Good luck

And I got rid of it within 10 minutes.

DO a search for all .exe files on C:\ drive.

When the search is finished, click on the date column to sort the entries by date.

Look for entries that have been added to the list about the time you started having problems.

Prefetch files are included in the .exe file list. Delete all of those with a date close to when it happened.

I'll continue.

by going to the list of programs. Hovering over the "Security Tools" entry displays the location.

Go to that location and looks for am .exe file with a name that does not make sense - and with a date/time about the time you had the problem.

If it is running you cannot delete it - but I was able to rename it, and then rebooted the computer, and since it could not find the name, did not run.

Thereafter, I ran SuperAntiSpyware, and it found and got rid of the virus.

The most important thing is to stop it loading - either by renaming or by deleting the prefetch file.

After that, scan the computer with SuperAntiSpyware or possibly MalwareBytes.

your fix and Malware stuffy...thanks oodles! :hug: :-)

Here's my 2 go to solutions posted from my notes: BTW so far I've never had any big problems with ComboFix - got the info about it from a local PC support company's geek. If you can't get to the internet from your PC download to a USB drive from a clean PC.

MalwareBytes
They have a free version & a paid version.
Malwarebytes is a site dedicated to fighting malware. Malwarebytes has developed a variety of tools that can identify and remove malicious software from your computer. When your computer becomes infected, Malwarebytes can provide the needed assistance to remove the infection and restore the machine back to optimum performance.
http://www.malwarebytes.org/
If you can’t get to internet explorer from the infected PC then download on a clean PC and copy to a USB drive & install.
Update MalwareBytes to latest Spyware Rules
1. From a known clean computer, install (if it's currently not installed) and update Malwarebytes' Anti-Malware
2. Next, navigate to:
XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\
Vista: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware
3. From that directory, copy the rules.ref file and move it over to a flash/thumb drive
4. Plug the flash/thumb drive into the infected computer and paste the rules.ref file into the appropriate folder above
Note: Be careful as your flash/thumb drive can become infected when using it on an infected computer.

This will ensure that you get the latest definitions onto the infected computer.

ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a report that can be used by trained helpers to remove malware that is not automatically removed by the program.
Please note that running this program without supervision can cause your computer to not operate correctly. Therefore only run this program at the request of an experienced helper.
http://www.bleepingcomputer.com/download/anti-virus/combofix
Read the instructions first.
http://www.bleepingcomputer.com/combofix/

software, including malwarebytes. Launch malwarebytes
from a thumb drive. Also microsoft security essentials
is a pretty good free security program.

You may also have to turn off the system restore, before removal, after removal, reboot and turn the system restore back on.

MalWareBytes is available at http://www.filehippo.com/search?q=malwarebytes

there are already links here for it. One suggestion, after you install it, reboot your computer and run it in safe mode. Then use the malware bytes software to remove the virus. You'll get a cleaner removal.

There are a number of viruses like this these days, they jam up your system and claim if you download their software they can remove it. They are clever too, they remove admin access, right click functions, system restore, and anything else you may be able to use to work around it.

Your employer needs to invest in some good anti-virus and spyware.

If you are interested do a search for Cameyo. You can make your own portable tools.

We have McAfee at my office and it quite often misses the latest threats. And yes we keep it updated.

at what the serious gamers are doing. They use top of the line stuff and have a large community that shares info. McAfee is about the worst AV software there is. Norton is not much better. Try this:

http://www.bitdefender.com/media/html/gamesafe.html

It's what I use, haven't had a single problem since I installed it. And I have 3 teenagers who are online constantly.

like Greek to me but not to her...thank you so much! :-)

After days of using all these tips over and over, every time I restarted, it was back. I tried System Restore, but I could only go back 2 days and the bug was downloaded 3 days ago.

So, I decided to right click on Security Tool under All Programs in the Start menu, clicked properties, and clicked the Find Target tab. This opened up windows and highlighted the Security Tool icon. I right clicked on it and then clicked delete which sent it to the recycle bin. Then I emptied the recycle bin, restarted the computer and it is GONE!

But did not think to delete the icon - great idea.

I just renamed the exe, and rebooted.

Glad it worked for you, tabatha.

If you can get to your start page, then quickly (and I mean as fast as you can) get to programs - accessories - system tools - system restore. Then set the restore date to any date before this happened.

Restart the machine and everything should be cool.

If you can't get your start page up, there are other ways to go, but they could be risky, as they involve digging around in your registry. And you should have a pro talk you through that procedure.

Good luck.

I think these people who do this sort of thing should be strung up.

If you're not computer savvy, it's probably best to have someone who knows their way around a computer help you out. Viruses can damage your Windows OS and the removal process makes it distinctly possible that Windows will get crushed in the process. So, OF COURSE, back up whatever you can.

Boot into safe mode with networking (press the F8 key while your computer boots to get the startup menu). Back up whatever you can.

Follow these steps:
http://www.softsailor.com/how-to/8723-how-to-remove-security-tool-virus-malware-removal-guide.html

How to remove Security Tool:
Download MalwareBytes Anti-Malware.(http://www.malwarebytes.org/)
Download rkill.com ( rkill.exe ).
Install the mbam-setup.exe file.
To install it, just press next and don’t edit any options if you are not sure what you’re doing.
After the installation is ready, MalwareBytes Anti Malware will start automatically and will require you to update the software, so just press OK.
Go to the Scan tab, select “Perform Quick Scan” and press “Scan.”
MalwareBytes Anti Malware will now scan all your PC for malware, including the Security Tool.
You will see a “The Scan completed successfully. Click ‘Show Results’ to display all objects found” prompt once the scan is finished. Press OK.
Now press “Show Results.”
You will see a list of malware applications, including the Rogue.SecurityTool. Be sure to select them all and press “Remove Selected.”
After MalwareBytes Anti Malware finishes the cleaning, you can close the program and be sure your PC is clean.
As a caution, you should also use rkill.com ( rkill.exe ) to terminate malicious processes.

Then download Spybot S&D and run that.
Then run a full virus scan, use another virus scanner other than the one on your computer. It's most likely compromised and will need reinstalled. Here's a free online one from Trend Micro: http://housecall.trendmicro.com/

Viruses can be tough to get rid of these days. You may have to run scans over and over to clear them all out and if you're lucky your computer hasn't caught a stealthed virus that is dropping these infections. Those are ridiculously hard to remove.

used the procedure you advocate. I will take the additional measures you mentioned tomorrow morning. Once again, thanks! :-)

Suggest you download MalwareBytes, update it, and then run it once a day for a week or so and then update the definitions & run it weekly. It's free & it's a great program. I downloaded the paid version and that one won't even let me go to an infected website.

F8 takes you to a recover mode. you can choose an earlier date in the pc history on which to recover (like if you got hit on nov 10, go back to nov 8). I got one a couple of weeks ago and that fixed it.

is to burn the AVG Live Rescue CD on a different PC. Other antivirus software makers have their own - the AVG CD is free and can download an updated definitions file, if your PC is on a network. The worst trojans and rootkits take steps to prevent their removal and detection on a running Windose system, so the best way to remove them is when the system is not actually running. A virus removal rescue cd will boot on your PC, running from read-only binaries on the CD (meaning it can't be stopped or fuxx0red with by the virus/trojan that your system has been infected by), and then it scans your Windose for the malware, which it will then remove.

Read instructions for using a Live Rescue CD at the publisher's site before using. Normally, they are very simple to use.

Whereto get AVG live rescue cd:
http://www.avg.com/us-en/avg-rescue-cd-download

Howto use AVG live rescue CD
http://www.avg.com/us-en/226386

you might have to download it to a memory stick on another computer and transfer it

security tool is a VERY nasty virus!