Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Stubborn Security Tools infection

  • Please log in to reply
2 replies to this topic

#1 jshell06


  • Members
  • 2 posts
  • Local time:06:12 PM

Posted 28 July 2010 - 09:46 AM

Hi all,

First off, this is my first post here, so a big HI and pre-emptive thanks!

I was hoping someone could guide me through how to get this hellacious infection off my computer. It's Security Tool, and it's apparently on my computer to stay. It appeared about an hour and a half ago, after some pop-ups from a megavideo window I had open were hard to close. I guess it snuck in with those.

So, now to the facts and what I've done so far:

1. I'm running Windows 7

I started by trying to run AVG Free 9.0, but that wouldn't happen. So I researched the Security Tool virus/malware and found your guide. Thus, I downloaded rkill and tried running it. No such luck, as it is immediately terminated (the black DOS-box appears for a few seconds, but then closes and no log appears). So I downloaded both rkill and the MBAM setup file onto another laptop, put them onto a flash drive. I then booted my infected computer up into Safe Mode, and ran Rkill (both as rkill.exe and .com, renaming them as the bleepingcomputer guide suggests). The log that popped up indicated that the only program terminated while running Rkill was rkill itself.

So, I installed MBAM and ran it. It found three infections, one of which was the rogue spyware. I proceeded to remove all issues, and then booted into normal mode. Lo and behold, I get that pesky "Do you want this program (MBAM) to make changes to your hard drive?" dialogue box, and before I could even click yes, Security Tool was present again. I did click yes to allow MBAM to make changes, but I suspect Security Tool killed MBAM before it had a chance.

So, I downloaded the manual-update of MBAM's definitions onto my clean laptop, transferred them to my infected one, and then I got an error message that I WISH I had written down. From what I recall, it was something along the lines of "Windows has encountered an error, and will restart in 60 seconds". Windows then restarted (as promised), and DSKCHK ran. The infected computer is now running in normal mode, with Security Tool hassling it as per usual.

I am going to try to boot into safe mode and update MBAM and will run it again, if Windows lets me do that without encountering errors and restarting. I will update with results from that, although I suspect it might be useless...

...all I can say is PLEASE help me. I'm seconds away from gnawing through my wrist because of this, seeing as my infected laptop has loads of important stuff on it (resumes, cover letters, letters of recommendation) that pertains to my job-search.

EDIT: I've also tried terminating Security Tool via Task Manager. That gets shut down too, as I'm sure you would all guess.

EDIT AGAIN: Safe Mode works again, I succesfully ran the MBAM rules setup and scanned with MBAM. Found 5 infected files, two were marked "Trojan.Dropper", one was "Rootkit.Dropper", one was "Trojan.Clicker", and the last was "Rogue.SecurityTool". I cleaned 'em out, fixed it, rebooted, and the same thing as last time happened: I got the dialogue box asking me if I wanted to let MBAM make changes to my computer, I clicked yes, and then Security Tool popped up.

Again, Thanks in advance.

Edited by jshell06, 28 July 2010 - 10:01 AM.

BC AdBot (Login to Remove)


#2 kat6987


  • Members
  • 2 posts
  • Local time:11:12 PM

Posted 28 July 2010 - 11:12 AM


Edited by rigel, 28 July 2010 - 11:25 AM.

#3 jshell06

  • Topic Starter

  • Members
  • 2 posts
  • Local time:06:12 PM

Posted 28 July 2010 - 04:06 PM

I finally got rid of it. I think.

What I did was go for broke on this: boot up in normal mode, then QUICKLY hit ctrl-alt-del as soon as the desktop appears. I start task manager and then kill the process that is just a bunch of random numbers - it should be on top of the list. Once that's done, you can run MBAM and update it without a problem, then scan, and fix everything.

It's a shaky method, because you have to be fast. But it worked for me.

Anyway, it seems like this piece of malware has evolved a bit since those guides posted here on bleepingcomputer don't really apply anymore. Just a thought.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users