First off, this is my first post here, so a big HI and pre-emptive thanks!
I was hoping someone could guide me through how to get this hellacious infection off my computer. It's Security Tool, and it's apparently on my computer to stay. It appeared about an hour and a half ago, after some pop-ups from a megavideo window I had open were hard to close. I guess it snuck in with those.
So, now to the facts and what I've done so far:
1. I'm running Windows 7
I started by trying to run AVG Free 9.0, but that wouldn't happen. So I researched the Security Tool virus/malware and found your guide. Thus, I downloaded rkill and tried running it. No such luck, as it is immediately terminated (the black DOS-box appears for a few seconds, but then closes and no log appears). So I downloaded both rkill and the MBAM setup file onto another laptop, put them onto a flash drive. I then booted my infected computer up into Safe Mode, and ran Rkill (both as rkill.exe and .com, renaming them as the bleepingcomputer guide suggests). The log that popped up indicated that the only program terminated while running Rkill was rkill itself.
So, I installed MBAM and ran it. It found three infections, one of which was the rogue spyware. I proceeded to remove all issues, and then booted into normal mode. Lo and behold, I get that pesky "Do you want this program (MBAM) to make changes to your hard drive?" dialogue box, and before I could even click yes, Security Tool was present again. I did click yes to allow MBAM to make changes, but I suspect Security Tool killed MBAM before it had a chance.
So, I downloaded the manual-update of MBAM's definitions onto my clean laptop, transferred them to my infected one, and then I got an error message that I WISH I had written down. From what I recall, it was something along the lines of "Windows has encountered an error, and will restart in 60 seconds". Windows then restarted (as promised), and DSKCHK ran. The infected computer is now running in normal mode, with Security Tool hassling it as per usual.
I am going to try to boot into safe mode and update MBAM and will run it again, if Windows lets me do that without encountering errors and restarting. I will update with results from that, although I suspect it might be useless...
...all I can say is PLEASE help me. I'm seconds away from gnawing through my wrist because of this, seeing as my infected laptop has loads of important stuff on it (resumes, cover letters, letters of recommendation) that pertains to my job-search.
EDIT: I've also tried terminating Security Tool via Task Manager. That gets shut down too, as I'm sure you would all guess.
EDIT AGAIN: Safe Mode works again, I succesfully ran the MBAM rules setup and scanned with MBAM. Found 5 infected files, two were marked "Trojan.Dropper", one was "Rootkit.Dropper", one was "Trojan.Clicker", and the last was "Rogue.SecurityTool". I cleaned 'em out, fixed it, rebooted, and the same thing as last time happened: I got the dialogue box asking me if I wanted to let MBAM make changes to my computer, I clicked yes, and then Security Tool popped up.
Again, Thanks in advance.
Edited by jshell06, 28 July 2010 - 10:01 AM.