Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Tool - can't get rid of it


  • Please log in to reply
13 replies to this topic

#1 runningman4895

runningman4895

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 06 October 2009 - 06:34 PM

hi there -
so i started up my computer yesterday and found the lovely little program "Security tool" has basically hijacked my machine. I've read through the process on this site to DL and install malwarebytes to get rid of it, but I was only able to install but not actually launch/run it. I can't get into the task manager either. Any other scanner/anti-virus programs that I try to run or install won't work either. Any help or direction to getting this removed and my computer cleaned our would be hugely helpful!
Thanks in advance.

update: After reading through some of other posts with similar problems, I seem to be getting nowhere. I've tried to install RootRepeal as well, but even after getting it onto my machine, when I try to open it, it seems that Security Tool forces it shut, even after trying to rename it, as I saw suggested in one post.

Edited by runningman4895, 06 October 2009 - 07:02 PM.


BC AdBot (Login to Remove)

 


#2 Shandley

Shandley

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 06 October 2009 - 07:36 PM

Can you get into safe mode to try to run malwarebytes?

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:08 AM

Posted 06 October 2009 - 07:54 PM

Some types of malware will disable MBAM (MalwareBytes) and other security tools. If MBAM will not install, try renaming it.

Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and

save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first
***
Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above.

Then double-click on it to run..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 runningman4895

runningman4895
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 07 October 2009 - 08:31 AM

Can you get into safe mode to try to run malwarebytes?


i've tried a few times to start up in safe mode but the computer just freezes up

Some types of malware will disable MBAM (MalwareBytes) and other security tools. If MBAM will not install, try renaming it.

Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and

save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first
***
Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above.

Then double-click on it to run..


thanks for the tip. i'll give it a try when i get back home tonight

#5 nofomg

nofomg

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:08 AM

Posted 07 October 2009 - 08:57 AM

Im having the same problem. security tool showed up on my computer yesterday and i cant get rid of it. i tried to start windows in safe mode but it gave me the blue screen of death no matter what. I tryed in regular safe mode, safe w/command promp and safe networked. all three times i got the blue screen. if i cant get to safe mode to try to install the malware program do i have a chance of fixing it? if i cant get it working soon im gonna just take the hard drive out back and smash it with a sledge hammer.

#6 obaslg

obaslg

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 07 October 2009 - 09:07 AM

I'm still working through the problem, but this may help with the issue of not being able to run the software: At the first opportunity, I did ctrl-alt-del, then closed an exe file that started with a 5-digit number - i.e., it was something like "4385.exe." It was using about 10 meg, if that helps. Apparently, the exe name of the virus changes to a random number each time.

Now I just need the right program to kill it. Anyone know of a good free one?

Edit: It was key that I got to task manager as soon as I booted.

Edited by obaslg, 07 October 2009 - 09:08 AM.


#7 DanCandy

DanCandy

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa, FL
  • Local time:07:08 AM

Posted 07 October 2009 - 09:11 AM

Looks like you're not the only one, you may be able to share useful information. Below is the link to the other thread on this topic:

http://www.bleepingcomputer.com/forums/t/262550/security-tool-virus-is-shutting-me-down-in-safe-mode/

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:08 AM

Posted 07 October 2009 - 09:27 AM

Hello to all in this thread.
It looks like there is a rootkit variant in this log. The rootkit itself is a protection module used to terminate a variety of security tools by changing the permissions on targeted programs so that they cannot run or complete scans. There are some new variants of rootkits in the wild right now that will require custom scripts to remove the infection, the process must be completed by HJT team members or above.

Failure to follow the proper removal process can and will cause serious damage to a machine. Recovery of the machine may be difficult, if not impossible.


Download this Utility and save it to your Desktop.
Double-click the Utility to run it and and let it finish.
When it states Finished! Press any key to exit, press any key to close the program.
It will save a .txt file to your desktop automatically. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as part of the reply in the topic you will create below..

Next please go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post the above Win32kDiag.exe log.

Let me know how that went.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 runningman4895

runningman4895
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 07 October 2009 - 08:01 PM

i was able to DL the utility, but it seems that ST shuts this down too. i've tried renaming it to something else as well but still no luck. any suggestions?

#10 Shandley

Shandley

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 07 October 2009 - 08:03 PM

If you have a second computer, install the malware program on that computer, remove the infected hard drive and install it into the 2nd computer. Scan. That should do it.

#11 runningman4895

runningman4895
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 12 October 2009 - 07:24 PM

no extra computer around that i could do that with. i've tried a few other tools, but all seem to have the same problem - even if i'm able to install (either as is or with a different name/file extension) they all still get blocked.

any other ideas??

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:08 AM

Posted 12 October 2009 - 07:52 PM

This should work run System Repair Engineer
  • Please download System Repair Engineer from here
  • Unzip/extract sreng2.zip to a folder on your desktop
  • Double-click on SREngLdr.EXE to launch System Repair Engineer
  • Click the Smart Scan Icon
  • Click Scan
  • Wait for the scan to finish
  • Click on the Save Reports button
  • Save it to your desktop, using the recommended name of SREngLOG.log
  • Close System Repair Engineer
  • Use notepad to open the SREngLOG.log file
  • Copy & paste the contents of that file as a reply to this topic
  • Note: The log may be long, and you may need several posts to post all of it
  • If you are using a custom HOSTS file, please leave out the HOSTS File section, as it will make the log far too long
Next please go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post the Rootrepeal log and the above log.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.

Let me know how that went.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 sephiroth250285

sephiroth250285

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 07 July 2010 - 06:10 AM

the way i got rid of it was i went into safe mode and did a system restore to a day before it got onto my system it is simple, effective and does not cost to do

#14 sephiroth250285

sephiroth250285

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 07 July 2010 - 06:13 AM

i also saw befoe that some said run programs in safemode, that does not work due to the fact that security tool is dormant when in safe mode so restore to an earier date and dont fall for those advertising to do a programme to remove it as they are sometime associated with the virus and are scamming money of you to get rid of something they put there




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users