Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Wife's compute has Security tool virus


  • Please log in to reply
16 replies to this topic

#1 dmowery

dmowery

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 10 September 2010 - 05:05 PM

My wife's computer has the Security tool virus. I need help removing it. Please let me know what I need to do.

(Moderator edit: thread moved to more appropriate forum. jgw)

Edited by jgweed, 10 September 2010 - 10:19 PM.


BC AdBot (Login to Remove)

 


#2 dmowery

dmowery
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 10 September 2010 - 05:07 PM

How do I download Combofix on my computer and use it on hers??

#3 rolltide101

rolltide101

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mobile Alabama
  • Local time:09:53 PM

Posted 10 September 2010 - 05:15 PM

Get avira free antivirus or avg free antivirus and run a scan and im sure it will be removed or you could try system restore to before you had the virus.

avira http://www.softpedia.com/progDownload/Anti...nload-6527.html

avg http://download.cnet.com/AVG-Anti-Virus-Fr...4-10320142.html

I prefer avira to avg but here are links to both of them

You could also try spybot if those dont work (but im sure they will)

http://fileforum.betanews.com/detail/Spybo...oy/1043809773/1

Also if your willing to pay for a antivirus/spyware security suite. Zone Alarm is the best (I think so anyway)
http://www.zonealarm.com/security/en/cdn/2...paign=CoreTerms

Edited by rolltide101, 10 September 2010 - 05:23 PM.


#4 dmowery

dmowery
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 10 September 2010 - 09:22 PM

The problem is the virus on her computer won't allow us to download anything on it. How do I download on my computer and then transfer. Can I put an antivirus program on a flash drive?

#5 MrBruce1959

MrBruce1959

    My cat Oreo


  • BC Advisor
  • 6,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, Connecticut. in the USA
  • Local time:09:53 PM

Posted 10 September 2010 - 10:07 PM

Hello and welcome to Bleepingcomputer.

Please click this link and tell me if this is the program your wife has on her computer.

http://www.bleepingcomputer.com/virus-remo...urity-tool-2010

If this infact the security tool you speak of, follow the instructions provided, this will explain how to remove the rouge program from your infected computer.

It also mentions remodies for computers that can not download authentic malware removal programs.

Kind regards.

Bruce.

Edited by MrBruce1959, 10 September 2010 - 10:19 PM.

Welcome to Bleeping Computer! :welcome:
New Members: Please click here for the Bleeping Computer Forum Board Rules
 
My Career Involves 37 Years as an Electronics Repair Technician, to Which I am Currently Retired From.

I Am Currently Using Windows 10 Home Edition.

As a Volunteer Staff Member of Bleeping Computer, the Help That I Proudly Provide Here To Our BC Forum Board Membership is Free of Charge. :wink:

#6 dmowery

dmowery
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 11 September 2010 - 02:00 PM

Bruce, thanks for your reply. Yes this is the virus we are fighting. We have been trying to run the suggested fixes just about all day and are not having any luck. The Virus will not allow us to download Malwarebytes nor Combofix. I guess we can run Combofix...it runs for a few moments and then the entire computer turns off. We are so frustrated. She is preparing for a major test and needs to access info on her computer and we cannot do anything!!!! Any other suggestions?

#7 MrBruce1959

MrBruce1959

    My cat Oreo


  • BC Advisor
  • 6,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, Connecticut. in the USA
  • Local time:09:53 PM

Posted 11 September 2010 - 02:17 PM

The following procedure requires a wired connection to either the router or modem, do not attempt to use a wireless connection, this will not connect in most cases when using safe mode, because the drivers for your wireless device will not be loaded.

Once the infected computer is wired directly to router or modem, please follow my instructions below.

Please reboot the computer, watch the screen, just after the BIOS screen appears and just before the windows logo splash screen would appear press and repeatedly hit the F8 key.

If you are successful you will see boot options displayed with white lettering on a black back-ground.

If this does not happen, re-boot again and try the F8 key again.

Look for SAFE MODE WITH NETWORKING scroll down and choose this option and press enter.

This should prevent the rouge program from starting up, but also will allow you to have a connection to the Internet.

Please follow the instructions below.

Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1
Download Link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


Please post your log in your next reply as instructed above.

If you are not able to perform this download and install of MalwareBytes Anti-Malware please let me know, we need to get this computer on line to successfully clean this machine of its infections.

Once you have successfully gained access to the Internet a trained member of the Bleepingcomputer Malware Removal Team will assist you further.

Bruce.

Edited by MrBruce1959, 11 September 2010 - 02:23 PM.

Welcome to Bleeping Computer! :welcome:
New Members: Please click here for the Bleeping Computer Forum Board Rules
 
My Career Involves 37 Years as an Electronics Repair Technician, to Which I am Currently Retired From.

I Am Currently Using Windows 10 Home Edition.

As a Volunteer Staff Member of Bleeping Computer, the Help That I Proudly Provide Here To Our BC Forum Board Membership is Free of Charge. :wink:

#8 dmowery

dmowery
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 11 September 2010 - 03:13 PM

Bruce,
I've been able to get Malewarebytes to work....but about 2 minutes into the scan, w/7infected files found, the computer turns it's self off. Thoughts.

#9 dmowery

dmowery
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 11 September 2010 - 03:19 PM

It's not turned it's self off 4 times in a row at the exact same place. aaauuuugggghhhh!!!

#10 MrBruce1959

MrBruce1959

    My cat Oreo


  • BC Advisor
  • 6,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, Connecticut. in the USA
  • Local time:09:53 PM

Posted 11 September 2010 - 03:55 PM

There may be an infection that is attempting to stop MalwareBytes from finishing its scan.

Then again you may have a hardware issue here as well.

One of the hardware issues that comes to mind is heat related.

I do not know how long this laptop has been in use, but over a period of time dust from the atmosphere can get sucked into laptops and eventually builds up, this dust can trap heat and cause heat sensitive components to shut down.

Do you have any idea if there may be any dust that has accumulated inside the laptop?

Sometimes you can see evidence of it in the air vents, it usually accumulates in the processors heat sink.

Blowing the laptop out with a can of compressed air (found in most computer and electronics shops) will remove enough dust to return things back to normal again.

If this is not the case, you may have more than one infection on your computer and this one tends to run when the computer is booted.

If this is the case, then a trained Malware Response Team member will have to recommend a program that will kill the program from running.

In the link I provided for you above, the program Rkill is supposed to be ran to stop possible Malware from running that is in return preventing the safe Malware removal programs from running, detecting the infection and thus removing it. Some Malware or rouge programs are written to stop their removal or detection by legitimate programs.

Please re-read this page.

http://www.bleepingcomputer.com/virus-remo...urity-tool-2010

Bruce.

Edited by MrBruce1959, 11 September 2010 - 03:59 PM.

Welcome to Bleeping Computer! :welcome:
New Members: Please click here for the Bleeping Computer Forum Board Rules
 
My Career Involves 37 Years as an Electronics Repair Technician, to Which I am Currently Retired From.

I Am Currently Using Windows 10 Home Edition.

As a Volunteer Staff Member of Bleeping Computer, the Help That I Proudly Provide Here To Our BC Forum Board Membership is Free of Charge. :wink:

#11 dmowery

dmowery
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 11 September 2010 - 04:52 PM

I've run the rkill program every time. There isn't any dust problems....it's a fairly new computer. I'll keep trying.

Thanks

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:53 PM

Posted 11 September 2010 - 05:44 PM

Hello, let me suggest this..
Is this an XP,Vista or Win 7 PC?


Reboot into Safe Mode with Networking
How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Run MBAM (MalwareBytes) as instructed earlier and also post back that log.



Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 dmowery

dmowery
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 11 September 2010 - 08:41 PM

Thanks for this. I tried this and it was working beautifully. The scan had run nearly 20 minutes, found 23 threats....and then, the computer just turned off. I have it plugged in...I didn't touch anything, it just turned off. I started the scan again....and it turned off again.. I am trying again as I type this. Hopefully it will run

#14 dmowery

dmowery
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 11 September 2010 - 08:43 PM

Nope....computer turned off again.. aaauuuggghhh!!! I'm so frustrated with this.

#15 dmowery

dmowery
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 11 September 2010 - 09:31 PM

I think I finally got it to work..
I ran the scan one more time...had 25 infected files after 27minutes, I got a blue screen saying computer was shutting down. Restarted...ran scan right as 25 items were found again, I stopped scan and quarantined. After rebooting it looks as if it's gone. Here's the log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/11/2010 at 10:23 PM

Application Version : 4.42.1000

Core Rules Database Version : 5490
Trace Rules Database Version: 3302

Scan type : Complete Scan
Total Scan Time : 00:06:03

Memory items scanned : 443
Memory threats detected : 1
Registry items scanned : 8707
Registry threats detected : 21
File items scanned : 392
File threats detected : 3

Trojan.Dropper/Gen
C:\USERS\JOANIE MOWERY\APPDATA\LOCAL\34933.EXE
C:\USERS\JOANIE MOWERY\APPDATA\LOCAL\34933.EXE

Adware.MyWebSearch/FunWebProducts
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version

Rogue.SecurityTool
C:\Users\Joanie Mowery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.lnk
C:\Users\Joanie Mowery\Start Menu\Programs\Security Tool.lnk


Thanks so much for your help. I'm going to run the malware bytes scan again. Hopefully I've got it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users