LocostBuilders - powered by XMB

Security Tool

Dusty - 13/4/10 at 09:54 PM

Ars*. Daughters laptop (Dell, Windows 7) has picked up Security Tool malware which is telling her it's infected with 50 certain death bits of malicious software! Warning beeps and windows almost every keystroke. Dell had preloaded Macaffee which didn't stop it. I asked her to download Malwarebytes which she has but it won't run. She is not very good with this sort of stuff and I have no experience with windows 7.
She is 300 miles north of me at the moment.
Last time I had something like this it was my sister in Oz with a similar bit of malware.
Can anyone advise please.

cerbera - 13/4/10 at 10:12 PM

A friend had this recently and we managed to sort it using the info from this link

It uses Malwarbytes but before trying to install it gets you to run a reg fix, which I assume overcomes the problem installing Malwarebytes.

It says to follow the step by step instructions carefully, but it worked fine for us.

HTH

[Edited on 13/4/10 by cerbera]

jambojeef - 13/4/10 at 10:14 PM

Funnily enough security tool got me last week despite Norton internet security running the whole time.

This thing is by far the most aggresive virus that ive come across - it had hijacked the browser, attempted to uninstall my norton software, prevented my using ctrl/alt/delete to control running processes - automatically restarted the PC lots and threw warning windows up continaully the whole making it very hard to do anything to try and remove it - took me hours!

I recovered it eventually with good old spybot search and destroy and then adaware but because of the browser hijack I had to save spybot to a memory stick using dad's PC then run from there.

If you do a google search you'll find some better instructions on removal but make sure you get adaware from the lavasoft website and spybot fromt he right place - seems as though there are loads of fake programs with similar names containing even more viruses!

Good luck and I hope that helps? Security tool is such a pain in the ar$e.

[Edited on 13/4/10 by jambojeef]

mangogrooveworkshop - 13/4/10 at 11:06 PM

Sounds like the thing that got into the workshop computer that I have still to deal with.....

Is this any good http://www.2-spyware.com/remove-security-tool.html

[Edited on 13-4-10 by mangogrooveworkshop]

Dusty - 14/4/10 at 01:17 AM

It is a cunning little bu99er. Seems to be able to stop programs it doesn't like from running. Trick seems to be to temporarily disable it and then install malwarebytes, update and use it to remove. Some of the net fixes suggest it won't be running in safe mode but malwarebytes can.
Will report back when daughter next surfaces. ie when she needs money or help but not before 2pm most days, not while there is a club or pub open, not while there are any fit looking blokes within range,etc.

mangogrooveworkshop - 14/4/10 at 07:43 AM

quote:

Will report back when daughter next surfaces. ie when she needs money or help but not before 2pm most days, not while there is a club or pub open, not while there are any fit looking blokes within range,etc.

Sounds like you need more than anti virus, You need a sucker....

cd.thomson - 14/4/10 at 07:47 AM

quote:
Originally posted by Dusty
not while there are any fit looking blokes within range,etc.

Where is she? I'll go and be "computer repair man" if necessary

coozer - 14/4/10 at 07:58 AM

FORMAT C.

DavidR - 14/4/10 at 08:27 AM

Hi

From another PC If you go onto the AVG website you can download a bootable CD image

Create a CD , boot your problem system with this CD and it should clear the problem ?

Cannot remember the exact details but its pretty intuitive to use

iDENTITi - 14/4/10 at 12:57 PM

quote:
Originally posted by cd.thomson

quote:
Originally posted by Dusty
not while there are any fit looking blokes within range,etc.

Where is she? I'll go and be "computer repair man" if necessary

Damn, you beat me to it.
Best bet would be spybot search&destroy installed on a memory stick. I managed to beat a similar virus into submission on XP recently..

_luke - 14/4/10 at 03:01 PM

On a related note, once you get the system cleaned up make sure you update Firefox - I've seen it get in that way on a couple of systems (including mine )

[Edited on 14/4/10 by _luke]

Dusty - 14/4/10 at 03:35 PM

How do these scammers get away with it. It's like stealing someones wallet and offering to give it back to them for 50 quid.

mangogrooveworkshop - 14/4/10 at 05:10 PM

quote:
Originally posted by DavidR
Hi

From another PC If you go onto the AVG website you can download a bootable CD image

Create a CD , boot your problem system with this CD and it should clear the problem ?

Cannot remember the exact details but its pretty intuitive to use

Im afraid even trusty AVG got caught with their pants down. Ive got Avg and it still go in

Marcus - 14/4/10 at 05:37 PM

I've had this and run AVG etc. You need to start in safe mode, go into windows config file and delete a program with a weird name with lots of numbers in it. Download malwarebytes, update it and run it. Killed it stone dead on my pc.