Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Tool Virus


  • Please log in to reply
35 replies to this topic

#1 Carissa_Carlson

Carissa_Carlson

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 05 December 2009 - 01:30 AM

I got the Security Tool Virus on my computer. I'm trying to get it off, but the problem is, it won't let me even download and run the RootRepeal and DDS thing. It lets me save them on my computer, but then it won't let me open them and run it. Is there a way to get the Security Toold Virus off my computer without having to have those two log things??
I need help :thumbsup:

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:10:59 AM

Posted 05 December 2009 - 10:17 AM

Try running rkill first
It may take a few times

Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer or you will have to run it again
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Carissa_Carlson

Carissa_Carlson
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 05 December 2009 - 05:46 PM

I tried to download the Rkill thing and it keeps telling me "Windows cannot access the specified device, path, or file. You may not have the approptiate permission to access the item." I tried to open all 4 of the links and they all said the same thing. My computer has never told me this before and since I got this virus, it tells me this for practically everything I try to open, download, or run.
Also, you said not to reboot my computer, but something actually makes my computer restart about every half hour now. It turns into this blue screen and says "A problem has been detected and Windows has been shut down to prevent damage to your computer." There is more, but I never really have time to get much farther than that.

#4 Guest_computersplus_*

Guest_computersplus_*

  • Guests
  • OFFLINE
  •  

Posted 05 December 2009 - 07:00 PM

Try GMER it will usually run

http://www.gmer.net/

#5 Carissa_Carlson

Carissa_Carlson
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 05 December 2009 - 08:09 PM

OK so I tried GMER and if I click on the "Download EXE", that gets me to the little option that says run, save, or cancel. If I hit save, it just disappears and doesn't do anything (no options for where to save it or anything like that). If I hit run, it looks like its downloading or doing something real quick, but then it disappears and I usually get another pop up from Security Tool.

#6 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:07:59 AM

Posted 05 December 2009 - 08:17 PM

Please try this

:trumpet:
Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.
--------------------------------------


:flowers: Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.

=========================

:thumbsup:
Please download RSIT by random/random and save it to your Desktop.
Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
  • If using Windows Vista, be sure to Run As Administrator.
  • Click Continue after reading the disclaimer screen.
  • Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.
If RSIT did not work, then reply back here.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#7 Guest_computersplus_*

Guest_computersplus_*

  • Guests
  • OFFLINE
  •  

Posted 05 December 2009 - 08:45 PM

GMER you just hit scan it will scan the computer usually fast if there are any rootkits present they will be in red but even if there are no rootkits you should still see a short list of drivers on the system which appear in black.

something else to do:

1. make sure you turn off system restore
2. start/run type msconfig go to start up tab and un-check all entries then apply
3. restart in safe mode tap f8 key onstart up
4. run SuperAntiSpyware

bluevonda is spamming the forum it appears

#8 Carissa_Carlson

Carissa_Carlson
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 05 December 2009 - 11:20 PM

It actually isn't letting me download the Win32 one either. I don't know what to do because it will not let me run, open, or save things. It says the same thing "Windows cannot access the specified device, path, or file. You may not have the approptiate permission to access the item." And I have tried all the links that I have been given. It isn't letting me do any of them.

#9 Guest_computersplus_*

Guest_computersplus_*

  • Guests
  • OFFLINE
  •  

Posted 05 December 2009 - 11:44 PM

time for a bootable rescue disc

http://www.techmixer.com/kaspersky-rescue-...2009-using-dos/

#10 Carissa_Carlson

Carissa_Carlson
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 06 December 2009 - 02:44 AM

I guess I'm a little confused about what all this is for. I am more than willing to give anything a try right now because I really need to get this fixed, but all these download things, are they to help get rid of the virus or just to find out the problem in the first place?

#11 Guest_computersplus_*

Guest_computersplus_*

  • Guests
  • OFFLINE
  •  

Posted 06 December 2009 - 02:48 AM

if you can manage to get the rescue cd made and boot from it more than likely it will disinfect your pc kaspersky is really good

#12 Guest_computersplus_*

Guest_computersplus_*

  • Guests
  • OFFLINE
  •  

Posted 06 December 2009 - 02:50 AM

there are many infections that are hard to remove while being booted into windows itself and as a professional I myself use live cd's like these all the time.

#13 Carissa_Carlson

Carissa_Carlson
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 06 December 2009 - 02:55 AM

Well I guess it doesn't help that I have no idea what I'm doing, but I downloaded that last link and I'm pretty sure it won't let me make a CD from that program because it won't even let me open it and run int.

#14 Guest_computersplus_*

Guest_computersplus_*

  • Guests
  • OFFLINE
  •  

Posted 06 December 2009 - 03:00 AM

what machine are you using for internet for this forum the infected one?

#15 Guest_computersplus_*

Guest_computersplus_*

  • Guests
  • OFFLINE
  •  

Posted 06 December 2009 - 03:07 AM

did you boot into safe mode and try to run GMER or anything




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users