Eeek security tool scareware infection

nanokitten

I've picked up the security tool scareware on my XP laptop :-(
I've been following the steps on the malware removal guide (already had all the recommended software installed).
Have booted into safe mode and run MBAM (as nothing will run in regular mode even when renamed) and it picked up a rogue security tool (which I then deleted). I then rebooted in normal mode and the infection is still there, is there something more I should have done?
Lx.

fiddiwebb

Are you scanning with the latest version of Malwarebytes which is 1.46 also did you update the virus definition files before running a scan?

spakkker

Can you run it in normal mode now? When I've had these I run malwarebytes then combofix.

debitcardmayhem

Post your Malwarebytes log that would give us a clue

nanokitten

Thanks for replying so quickly!
- Nope, because I freaked out and switched off the network card the moment I knew something was up! MBAM seemed to pick up the infection anyway but maybe not everything?
I'm currently booting into safe mode with networking and will update MBAM and re run the scan.
I'll let you know how I get on
Lx.

fiddiwebb

Don't run Combofix unless advised to by a qualified user.

spakkker

"Don't run Combofix unless advised to by a qualified user" -why do you say this?

nanokitten

debitcardmayhem wrote: »

Post your Malwarebytes log that would give us a clue

I've not worked out how to update mbam as the infection blocks the program from running in normal mode and I can't seem to access the internet in safe networking mode.
here's the log run in safe mode:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4903
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
10/11/2010 20:22:48
mbam-log-2010-11-10 (20-22-48).txt
Scan type: Quick scan
Objects scanned: 149970
Time elapsed: 18 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Administrator\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.

Knarf44

You can download the MBAM update directly from here. Suggest save it to Desktop then just click of mbam-rules.exe to install.

nanokitten

OK I have updated MBAM I also found this guide to removing securitytool and have followed the instructions running rkill then mbam however after mbam removes the rogue security tool and restarts the securitytool program is still there on return to normal mode. am I doing something wrong? should I follow all the steps before rebooting?

nanokitten

Fingers crossed I thing the update may have done it, it has picked up a registry entry which wasn't picked up before.
I can now use my security software in normal mode so am updating everything and will rescan everything overnight.
So thank you very much for your help folks.

I currently have all the programs on the malware removal guide list (mbab) spybot s&d, windows defender, adaware, ccleaner, and am use firefox for browsing and have all the recent windows updates) and run the free version of avira as my main antivirus software is there anything I shuld be doing anything differently?

I am pretty sure I didn't click on anything stupid, but the attack happened immediatly after I reinstalled the adobe reader plugin (via the firefox website) and the bleeding thing installed the mcaffee security scanner dispite me unchecking the box I'm not sure if it's connected, I would havew expected the firefox/adobe websites to be quite safe!
Lx.