Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SecurityTool infection


  • Please log in to reply
5 replies to this topic

#1 dieselmann

dieselmann

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 07 November 2009 - 09:49 PM

Hello,

I found this forum searching for information on a trojar infecting my computer. It is SecurityTool, and I have read some of the solutions here. I've downloaded rkill, but it won't run. I've downloaded DDS, but it won't run. In both cases, the black box comes up, then disappears, and then the SecurityTools window opens. Everything I try to open initiates a Security Tool Warning. I can't even open my system information (it's Windows XP, but I don't know if it is SP2 or 3). I tried restarting in safe mode, but that's not working either. Any help would be appreciated.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:07 AM

Posted 07 November 2009 - 09:53 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 dieselmann

dieselmann
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 07 November 2009 - 11:48 PM

Thank you, I thought I had posted too the correct forum. I don't know if I could even post a log with the way my computer is acting. I tired contacting McAfee support using my other computer, and their technical chat couldn't help and referred me to Virus Removal. It took several attempts to get their as the links kept getting hijacked to other sites. I can't download their on-line scan or access chat on the infected computer. I tried to download Malwarebytes on the infected computer and keep getting hijacked (I can't open the Malwarebytes already on that computer).

#4 dieselmann

dieselmann
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 08 November 2009 - 03:39 PM

I've made progress this morning. I tried running a search for "Security Tool" instead of "SecurityTool". One of the results was Removal-Tool.org. They had insructions on how to block SecurityTool from the task manager. I still could not download their Spyware Doctor removal tool because my browser was still being hijacked to other sites (like an extended heath care facility in San Francisco). But, I was able to run rkill, then update and run Malwarebytes. It found and deleted two items. I then updated and ran McAfee, and it found and quarantined two items (one of which was rkill). I can use the computer again, but I am still being re-routed to other sites by thefeedwater.com when I click on links. When I use the back button I get redirected to a fake virus warning page that looks like the My Computer wwindow. I'm going to try running Spyware Doctor, since I was now able to download it. If you have any other suggestions, please let me know.

#5 dieselmann

dieselmann
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 08 November 2009 - 09:27 PM

I ran Spyware Doctor, and it found a bunch of stuff, but that's all the free download will do--scan. You have to subscribe to remove the items. I still can't start my computer in safe mode, but I downloaded and ran SUPERantispyware, then Malwarebytes again. They are finding and deleteing things, but I still have thefeedwater problem, unless I refresh the page severa times before clicking any links. I'm also getting a run.dll error on start up. I'll be willing to post a log, if someoen would tell me what they need (and how to go about getting it).

#6 dieselmann

dieselmann
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 14 November 2009 - 11:04 AM

I am still having issues with my computer, and awaiting any suggestions/help. I believe I have most of the problems resolved. I still cannot restart my computer in safe mode. Apparently the Opachki.a trojan that started this whole mess deleted the safe boot registery key (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot). Does anyone know how to reinsert it?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users