Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


New Ver of Security Tool - Extremely Difficult to Clean

  • Please log in to reply
1 reply to this topic

#1 andrew-bcm


  • Members
  • 1 posts
  • Local time:10:28 PM

Posted 06 August 2010 - 01:48 PM

Hi There,

Long time reader, firs time poster.

Hoping that one of the wizards here can help me with a major problem I'm having with what seems to be a particularly defensive new version of the Security Tool malware. I'm not a professional but have had a good deal of experience in cleaning malware, adware and viruses from computers over the past year or so for friends and family and can usually find a way around the standard defenses.

I've encountered Security Tool in the past and been successful in eliminating it. What's exceptional in this case is that I'm unable to run _any_ type application that i would normally use to attack this - Security tool terminates all 4 versions of rkill (including the iExplore and eXplorer versions), MBAM.exe, superantispyware, the CMD box and TSKMGR in normal mode. I cant even run hijackthis.exe to get a log.

I've booted up in safe mode (networking) and am able to run these applications, which identified Security Tool as well as some other malware files. However upon reboot Security Tool still launches. The other malware appears to be gone.

I've gone into msconfig and tried disabling all startup items and non-essential services in varying combinations to try and get MBAM running in normal mode that way, but Security Tool is still there when booting up in normal mode. Going back into the msconfig I see that all startup items are still disabled except for an entry called "syscron". There are actually 2 syscron entries - one enabled and one disabled.

I've tried the blitz approach whereby i try to cut straight to tskmgr at start up kill the processes before Security Tool fully loads, or i start rkill 10 or 12 times right at launch, but this sucker appears to have evolved from past versions as none of these work either.

Perhaps most concerning through all of this is that if i just let the computer sit idle for a half hour or so in normal mode windows will crash and I'll get the blue screen of death. The cause will be a "non-page error in a paged area" or "page error in non-paged area". I cant remember what the specific process that was associated with this is, but for the time being i've got the computer powered down until i get some new ideas as i dont want to mess with the blue screen if i can avoid it.

Any suggestions or help that anybody can provide would be extremely appreciated. The infected machine is my primary work computer. I've just returned from vacation and while i was gone the kids got me good.


BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,490 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:01:28 AM

Posted 07 August 2010 - 08:51 AM

Hello have you changed the Hosts file??
You can find Security Tools files and the specific way you'll need to change the Hosts file here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users