Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Disabled "Security Tool", but not sure system is clean


  • Please log in to reply
1 reply to this topic

#1 SCCAC Instructor

SCCAC Instructor

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 23 February 2010 - 01:20 PM

My friend has a computer running Windows 7. As soon as it got past the login, the Security Tool window displayed, followed shortly by the scan (or "scam!!!") results. I tried to open Task Manager, but it closed as soon as it opened. I found Security Tool on the Start menu. I right clicked on the icon and clicked properties to find where the target file was located, as well as its name. It was located in a hidden folder. Because the Security Tool windows were in the center of the desktop and I did NOT want to click on them (afraid I would download further problems) and try to drag them to one side so I could see the Start menu better, I used Search to get to Control Panel. From there I clicked on Folders and made hidden folders visible. Then, back to Search and found the folder identified from the Properties on Security Tool. I did a SLOW double click on the folder name and changed it to GARBAGE. I then opened the folder and did the same with the file in the folder. I opened Internet Explorer and deleted all temporary internet files and cookies. I then restarted the computer. Security Tool did not start. I then was able to delete the GARBAGE folder and the shortuct and then emptied the recycle bin. I have not been able to reactivate the PC Tools antivirus which was disabled by Security Tool. I haven't deleted the registry entry HKEY Current User/Software/Classes/Virtual Store/Machine/Software/WOW6432 Node/8607629. I suspect that the first line (ab icon (default) REG_SZ (value not set)) is what disables PC Tools. BUT, don't want to delete when I'm not sure. There is only one other line in that registry entry. It has an icon with 0s and 1s, the name Grep, and type REG_BINARY.

Should I delete these entries? Would this leave my system clean of this "Security Tool" infestation?

BC AdBot (Login to Remove)

 


#2 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 23 February 2010 - 01:41 PM

It is generally not a good idea to go deleting registry entries.
It is much safer to use automated removal tools to do scans, and allow the reputable malware scan programs to find/fix things of this nature, in order to assure complete removal.

Remove Security Tool and SecurityTool (Uninstall Guide)
Posted by Grinler

http://www.bleepingcomputer.com/virus-remo...e-security-tool

Run Rkill:
http://www.technibble.com/rkill-repair-tool-of-the-week/
Description copied/pasted from technibble.com's website:
"Rkill is a small, freeware and portable tool designed to terminate active malware processes allowing you to use other removal tools. Rkill is made by a Microsoft MVP “Lawrence Abrams” and is available in 4 different extensions. An .EXE, .COM, .SCR and a .PIF file.
The reason why Rkill comes in 4 different versions is because some malware will block .EXE files in an attempt to prevent you from running other malware removal tools, so this gets around that problem."

Scan with Malwarebytes':
link to download Malwarebytes' included in
Remove Security Tool and SecurityTool (Uninstall Guide)
Posted by Grinler

http://www.bleepingcomputer.com/virus-remo...e-security-tool

Do the Hostperm.bat thing as described in the Remove Security Tool and SecurityTool (Uninstall Guide)
Posted by Grinler
.

Follow remaining steps in the Remove Security Tool and SecurityTool (Uninstall Guide)
Posted by Grinler
.

If you have not followed those instructions yet, please follow ALL steps in removal guide and report back with the results of the Malwarebytes' scan (copy/paste the entire contents of the log into your next reply).
If we don't change the direction we are going,
We are likely to end up where we are headed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users