Security Tool - can't get rid of it

hi there -
so i started up my computer yesterday and found the lovely little program "Security tool" has basically hijacked my machine. I've read through the process on this site to DL and install malwarebytes to get rid of it, but I was only able to install but not actually launch/run it. I can't get into the task manager either. Any other scanner/anti-virus programs that I try to run or install won't work either. Any help or direction to getting this removed and my computer cleaned our would be hugely helpful!
Thanks in advance.

update: After reading through some of other posts with similar problems, I seem to be getting nowhere. I've tried to install RootRepeal as well, but even after getting it onto my machine, when I try to open it, it seems that Security Tool forces it shut, even after trying to rename it, as I saw suggested in one post.

Edited by runningman4895, 06 October 2009 - 07:02 PM.

Can you get into safe mode to try to run malwarebytes?

Some types of malware will disable MBAM (MalwareBytes) and other security tools. If MBAM will not install, try renaming it.

Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and

save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first
***
Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above.

Then double-click on it to run..

Can you get into safe mode to try to run malwarebytes?

i've tried a few times to start up in safe mode but the computer just freezes up

Some types of malware will disable MBAM (MalwareBytes) and other security tools. If MBAM will not install, try renaming it.

Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and

save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first
***
Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above.

Then double-click on it to run..

thanks for the tip. i'll give it a try when i get back home tonight

Im having the same problem. security tool showed up on my computer yesterday and i cant get rid of it. i tried to start windows in safe mode but it gave me the blue screen of death no matter what. I tryed in regular safe mode, safe w/command promp and safe networked. all three times i got the blue screen. if i cant get to safe mode to try to install the malware program do i have a chance of fixing it? if i cant get it working soon im gonna just take the hard drive out back and smash it with a sledge hammer.

I'm still working through the problem, but this may help with the issue of not being able to run the software: At the first opportunity, I did ctrl-alt-del, then closed an exe file that started with a 5-digit number - i.e., it was something like "4385.exe." It was using about 10 meg, if that helps. Apparently, the exe name of the virus changes to a random number each time.

Now I just need the right program to kill it. Anyone know of a good free one?

Edit: It was key that I got to task manager as soon as I booted.

Edited by obaslg, 07 October 2009 - 09:08 AM.

Looks like you're not the only one, you may be able to share useful information. Below is the link to the other thread on this topic:

http://www.bleepingcomputer.com/forums/t/262550/security-tool-virus-is-shutting-me-down-in-safe-mode/

Hello to all in this thread.
It looks like there is a rootkit variant in this log. The rootkit itself is a protection module used to terminate a variety of security tools by changing the permissions on targeted programs so that they cannot run or complete scans. There are some new variants of rootkits in the wild right now that will require custom scripts to remove the infection, the process must be completed by HJT team members or above.

Failure to follow the proper removal process can and will cause serious damage to a machine. Recovery of the machine may be difficult, if not impossible.


Download this Utility and save it to your Desktop.
Double-click the Utility to run it and and let it finish.
When it states Finished! Press any key to exit, press any key to close the program.
It will save a .txt file to your desktop automatically. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as part of the reply in the topic you will create below..

Next please go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post the above Win32kDiag.exe log.

Let me know how that went.

i was able to DL the utility, but it seems that ST shuts this down too. i've tried renaming it to something else as well but still no luck. any suggestions?

If you have a second computer, install the malware program on that computer, remove the infected hard drive and install it into the 2nd computer. Scan. That should do it.

no extra computer around that i could do that with. i've tried a few other tools, but all seem to have the same problem - even if i'm able to install (either as is or with a different name/file extension) they all still get blocked.

any other ideas??

This should work run System Repair Engineer

• Please download System Repair Engineer from here
• Unzip/extract sreng2.zip to a folder on your desktop
• Double-click on SREngLdr.EXE to launch System Repair Engineer
• Click the Smart Scan Icon
• Click Scan
• Wait for the scan to finish
• Click on the Save Reports button
• Save it to your desktop, using the recommended name of SREngLOG.log
• Close System Repair Engineer
• Use notepad to open the SREngLOG.log file
• Copy & paste the contents of that file as a reply to this topic
• Note: The log may be long, and you may need several posts to post all of it
• If you are using a custom HOSTS file, please leave out the HOSTS File section, as it will make the log far too long

Next please go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post the Rootrepeal log and the above log.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.

Let me know how that went.

the way i got rid of it was i went into safe mode and did a system restore to a day before it got onto my system it is simple, effective and does not cost to do

i also saw befoe that some said run programs in safemode, that does not work due to the fact that security tool is dormant when in safe mode so restore to an earier date and dont fall for those advertising to do a programme to remove it as they are sometime associated with the virus and are scamming money of you to get rid of something they put there