Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Residual browser redirection from Security Tool (probably among others) infection

  • Please log in to reply
1 reply to this topic

#1 MJovar


  • Members
  • 1 posts
  • Local time:02:59 AM

Posted 22 October 2009 - 10:50 PM

so here's the story:

yesterday, i open up my computer and Security Tool, the bastard, pops up. i figure it's a virus, and somehow i'm able to shut it down without it affecting my options for opening up security programs, firefox, and such. i run the most up to date malwarebytes anti-malware and it does remove a bunch of nasty sounding infections. in the log i saw things like rogue.security tool, etc. so i figure miraculously malwarebytes took care of it completely. for the most part it has, but now i am still getting browser redirection. also, the light blue background that wiped my desktop is still there, the desktop pic i had never came back, but all the icons are there. really, the only problem i've noticed with my computer is browser redirecting.

i'm getting it in firefox and safari. i don't even bleep with IE. here's everything i did:

full virus scan on my free avast av- nothing, still redirects
updated the hell out of malwarebytes, full scan- nothing
spyware doctor- ran it a few times, fixed the problems, otherwise nothing
windows malware program- nothing
ran combo-fix, using the popular method- still didn't fix the browser redirection
ran SFC /scannow- still redirecting
updated to firefox 3.5 ( but remember it still gets to safari also)

basically, all the scanners that i'm using are saying that the computer is clean, yet the browser redirecting continues. the nature of the redirecting is similar to what i've read about from other posts with people suffering this virus- definitely happens on keywords like "security" and "virus," but it will alot of times redirect on links in google and yahoo not related to malware/securitytool/etc. if i manually enter a website, it won't redirect.

i can't think of anything else to do short of reformatting, but that seems so drastic for a minor problem. apparently i haven't created any restore points (good job), because i'm not until now, reading all these forums, very good with computers. for all intents and purposes, security tool is gone, but the component that redirects the browser is not.

does anyone have ideas on what to do, or do i need to take this sucker into the repair shop? also, with this type of situation, a browser redirection virus, with the previous known associated viruses that malwarebytes supposedly deleted, should i do password sensitive things like email, bank stuff? are there more possible backdoor and what have you trojans?

BC AdBot (Login to Remove)


#2 garmanma


    Computer Masochist

  • Members
  • 27,809 posts
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:03:59 AM

Posted 23 October 2009 - 04:49 PM

Welcome to BC
Let's run a few scans


We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.


Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High

Also try: right-click on rootrepeal.exe and rename it to tatertot.scr



Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.

:thumbsup: Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users