Security Tool infection...
My system: Windows 7
I just cleaned this infection from one of the computers in our small office network (three computers) YESTERDAY. I had exactly
the same problems you describe: "SECURITY TOOL" virus warnings and multitudes of pop-up warnings of a "worm trying to send my credit card details using...", the blue screen, restarts, pop-ups making it difficult to read anything behind it, etc. Like you, the infection would not allow me to run rkill at all, let alone get to the anti-malware application. Here's what I did:
Using another computer, I downloaded the following FIVE files to a USB flash-drive:
- rkill.com MS-DOS Application file ... stops the SECURITY TOOL infection from interfering with cleaning procedure; that's what's happening when you see the rkill black box pop-up and then is immediately shut-off by infection
- mbam-setup.exe Malwarebytes' Anti-Malware Application file ... will locate infected files and quarantine (remove) them
- Malwarebytes Anti-Malware 2nd (replacement) Application file don't forget to write down the random filename ... will replace a core part of Malwarebytes the infection will destroy before Malwarebytes gets it
- hostsperm.bat a Windows Batch File ... Security Tool infection changed your Windows "Hosts" file to keep you from going in and changing 'their' settings; this file changes the permission back to you!
- appropriate hosts file for your operating system ... to replace the infected files you will have deleted with these new CLEAN files
Of course I was worried about downloading and introducing even more problems to that computer so was VERY cautious about copying the above five files. Fortunately, my new BEST FRIEND & SUPER HERO (he doesn't know it) Grinler had detailed instructions, including safe links to download the files I needed, in the forums of this web site: http://www.bleepingcomputer.com/virus-removal/remove-security-tool
NOW: The ONLY WAY
I could use rkill was to open the computer in safe mode. I left the computer in safe mode all the way through the instructions detailed by Grinler and had no problems. Peace and quiet helps because there are a fair amount of details (sounds like you've been there though). It worked: malwarebytes found 5 files infected. That computer doesn't have a huge amount of information on it and took about 50-60 minutes to run the full scan.
After the infected files were removed, I regained permissions to change my hosts file, deleted the old hosts file and replaced it with the new hosts file for my version of Windows.
I was feeling pretty confident in fixes but was still super-relieved when I restarted computer in regular mode and did NOT have pop-ups: Hallelujah!
I DID have one problem that gave me additional worry: when I tried to connect to internet (we use a wireless router connected to satellite) I kept getting this message: The remote device or resource won't accept the connection. The device or resource (www.microsoft.com) is not set up to accept connections on port "The World Wide Web service (HTTP)".
It was late and I was exhausted so stressed about it most of the night. After an online search, I found that security fixes or updates can change the way your computer connects to the internet and located this wonderfully simple fix:
•ie > tools > internet options > connections > click on lan > uncheck the proxy server settings > make sure auto detect is checked > ok
Everything appeared to be working great but I decided to follow the advice I'd read on another site to run the malwarebytes one more time to be sure there were no more infected files: I just ran the mbam-setup.exe file and found no other infected files.
The forums on this site have helped me NUMEROUS times and though I had never registered, when I saw your post I knew it was pay-back time!
I truly hope this helps you.