Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Security tool virus

  • Please log in to reply
3 replies to this topic

#1 robertllr


  • Members
  • 5 posts
  • Local time:10:05 AM

Posted 22 March 2011 - 08:44 AM

Our laptop computer (Dell Latitude D 600, XP Pro) has several accounts. Mine (administrator) seems never to pick up viruses, but my daughter's account frequently does. I have Mal-wareBytes (MB) and I update it daily. When her account gets infected, I can always get to my account and run MB from there. MB always clears up the problem. Invariably, however, within days or weeks, her account gets a similar virus--always the fake AV ones.

Yesterday, she picked up the Security Tool virus. I ran MB as usual, both full and quick scans, but it never identified or cleared the infection.

I tried going the manual removal route, which is given in many posts on the net, but none of the files mentioned were found in the registry.

I just ran MB again this morning, and still it doesn't recognize the infection.

Is there a new, resistant strain of this virus out there?

BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,561 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:09:05 AM

Posted 22 March 2011 - 01:13 PM

Hello,This infection is a bit different. It infects your Hosts file.

Please follow our Removal Guide here Remove Security Tool and SecurityTool .
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system

Edited by boopme, 22 March 2011 - 01:15 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 robertllr

  • Topic Starter

  • Members
  • 5 posts
  • Local time:10:05 AM

Posted 23 March 2011 - 01:25 PM

Thanks for the reply. The one part I had not done was to replace the host file. That step got rid of the infection, even thought MB still showed no infection after running as instructed. Teh virus came up again on start up, but my AVprogram—AVG--killed it at once.

My only problem now is one that has plagued me every time I get a virus and MB gets rid of it. Internet Explorer doesn’t run anymore on the previously infected account for some reason. I’ve been deleting the account and setting up a new one, but I’d rather not have to do that.

Is it normal for MB to somehow affect IE this way? Or is it an after-effect of the virus? Is there an easy way to restore IE to that account?

Thanks so much for you help.

Below are the RKill and MB logs.
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/23/2011 at 8:59:55.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:


Rkill completed on 03/23/2011 at 9:00:06.
Malwarebytes' Anti-Malware

Database version: 5363

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

3/23/2011 9:49:53 AM
mbam-log-2011-03-23 (09-49-53).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 349574
Time elapsed: 40 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0

#4 robertllr

  • Topic Starter

  • Members
  • 5 posts
  • Local time:10:05 AM

Posted 23 March 2011 - 01:35 PM

Never mind. I googled the problem, got an answer, and all is well.

Thanks again so much to you all at BC. You are great!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users