Getting really sick of 'Security Tool' virus!

crampo_2

Try this , Its called Process Explorer By Microsoft
http://download.sysinternals.com/Files/ProcessExplorer.zip

barjam_2

i had this too i found a solution to mine i had to install another file i'm not sure exactly what it was for and i ant even remember the name i think it began with an 'F' i think it was something to keep programs running then i was instructed not to try and close the xp antivirus it was important that it was opened then i just ran malaware and it worked a treat i'm going to try and find what this other file was called or someone maybe might come along with the name

sorry i haven't been much help


found it...i know you've been on bleeping computers but this is the way i sorted it by the using the fixexe reg etc...

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010

hope you get it sorted

RussJK

These are non-specific approaches you might take if a straight-forward scan fails:

1/ Try safe mode with networking and use malwarebytes
2/ try some of these from http://www.pendriveapps.com/software/portable-antispyware-malware/
3/ try the Microsoft post infection scanner (http://onecare.live.com/site/en-us/default.htm)

If not, you can take other measures:
4/ Make a anti-malware LiveCD - boot your computer from a CD with antivirus/antimalware programs on it, in no particular order:
a. Kapersky Live CD (http://ftp.kaspersky.com/devbuilds/RescueDisk/)
b. F-Secure Rescue CD (http://www.f-secure.com/linux-weblog/)
c. Dr Web LiveCD (http://www.freedrweb.com/livecd) *freezes for me
d. Using many Linux distro CDs (http://njlinux.blogspot.com/2008/01/virus-scan-windows-using-linux-live-cd.html) *old post but gives you the general idea
e. Hiren's Boot CD contains MBAM and many other antimalware programs (I won't link due to software copyright violations);
f. HawkPE lets you start in the pre-windows environment and run antimalware (won't link due to same reason);
g. Ultimate Boot CD
You can also many of the the above with USB disks, using UNETBOOTIN, but if you have an active virus then it might alter the files. I'm thinking that the .iso files used to burn a CD should be safe, unless you have a program active that treats .iso files like folders. If you have another (virus free) computer to burn the LiveCD with, then that would be more ideal though.

5. Scan your harddrive with another computer
a. If you have other computers on a (safe) local network, then you could share the entire hard drive and let another computer on the network do a remote scan. I last used this method more than ten years ago, but should work today. You may have to "map network drive" with the other computer.
b. If the above proves is impossible, then you can take out your HDD out (easier if it is a desktop computer) and put it in an external casing/caddy and scan the contents with another computer. Obviously make sure that the other computer has a decent antivirus active so you don't just end up with two infected computers;
c. If you don't have an external casing, then you could stick the HDD into another computer if you are confident with that process, and obviously make sure that you don't boot up the infected drive.

Linbox

I've already posted details of how to get rid of this a couple of times. But a lot of people are missing the FixExe part. Down load this first and run it and accept the changes. Then run malwarebytes, update and do a full scan - it WILL get rid of the problem.

barjam_2

Linbox wrote: »

I've already posted details of how to get rid of this a couple of times. But a lot of people are missing the FixExe part. Down load this first and run it and accept the changes. Then run malwarebytes, update and do a full scan - it WILL get rid of the problem.

thats what i used i mentioned in my post earlier it was so easy if you have another pc/laptop to download it onto mem stick,then transfer it :j

flossy_splodge

I managed to follow some of the advice on here and got my DD's laptop into safe mode with networking.
I couldn't update Malware bytes so ran it as was (last updated 18th March).
It found 6 threats including 2 references to 'Security Tools'.
I follwed instructions and removed them.
I then successfully logged on but it seemed to go into safe mode without my doing anything.
I downloaded andinstalled 21 MS updates that hadn't been done, there were i think 3 or 4 that failed.
I shut down for the night and now i try to log on it says 'automatic log on can't be found' or some such message.
Help.
This is now worse than before.
What did I do and what to do now?:(

flossy_splodge

Anyone any ideas they can offer please?:o

fwor

It sounds as though the system is configured to automatically login one of the system users at startup, but the login information itself is missing or incomplete.

Which version of Windows is the laptop running? How you rectify the problem depends on this.

flossy_splodge

Hi fwor.
Thanks so much for answering.
The lappie is running Vista Home Premium.
I'm glad to say that after working long into the night (wipes fevered brow) and searching for info I have resolved problem!!:T
More by good luck than knowledge I know but the acid test is when it goes back to my DD later today and we see if all is well.
Think she'll keep the protection up to date now;).
Still interested in what you were thinking if you wouldn't mind, so I can learn more?:)

fwor

Glad you sorted it out.

What I was thinking is that in XP onward you can access more user login option through Start, Run and typing in "control userpasswords2" (though I think the actual procedure changes in Vista). There is a tickbox that if unticked leads to another dialogue box to specify username and password to automatically log in at startup.

If something had caused the auto login to be selected but had not entered a valid user/password combination, you would get the type of error message you were seeing.

Anyway, a bit academic now...