| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 103895 | 2009-10-10 01:11:00 | "Security Tool" virus program - how to remove? | starrekin61 (10116) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 818743 | 2009-10-17 20:05:00 | Follow whats already been said | Speedy Gonzales (78) | ||
| 818744 | 2009-10-17 20:24:00 | Go to This site here (www.bleepingcomputer.com) - it tells you how to remove it. This new variant of spyware can be tricky to remove. I have a customers PC here at the moment that had it, the spyware actually makes random named files, not always the same so its well hidden. I spent a whole day just trying to remove it, and when I finally appeared to have it, it returned. Just a word of advice - make a backup of all data you can not want to lose if you have not already done so to a removable drive. After taking radical actions to remove the spyware , while I finally seemed to have removed it, the whole system was very unstable, and sometimes wouldn't even boot, even after a repair install, so I ended up reinstalling the persons OS / Software and data. |
wainuitech (129) | ||
| 818745 | 2009-12-01 10:08:00 | Before starting removal process with Malwarebytes Anti-Malware it is recommended you kill the main malicious process. As wainuitech said, file names are random and it's true, i had several "Security Tool" cases to solve, each of malicious process had a different file name. Here's how to find out which process has to be killed: www.pcindanger.com |
spyhelp (5267) | ||
| 818746 | 2009-12-02 07:20:00 | just going into battle with this one, info appreciated | beama (111) | ||
| 818747 | 2009-12-02 07:41:00 | Install MSE / an AV program, then do a full scan. Post a log | Speedy Gonzales (78) | ||
| 818748 | 2009-12-02 08:21:00 | just going into battle with this one, info appreciated :lol: me also, got Two PC's here -- fight time :lol: If you hear a LOT of (^&#$@&%$(%^&# tomorrow - thats me :p Edited: One of the people has already run malwarebytes in full scan removed 40 odd infections so he said , with system restore off -- :( Guess what returned on the next reboot ---- bummer !! |
wainuitech (129) | ||
| 818749 | 2009-12-02 09:03:00 | I suggest you all try this link for information (www.lavasoft.com), disable system restore, boot into safe-mode & do a manual search and delete all entries. The files in questions are as follow, Created Files * %Desktop%SecurityTool * %Desktop%Security Tool..lnk * %Desktop%Security Tool.lnk * %StartMenu%Programs\Security Tool * %StartMenu%Program\Security Tool * Created Folders * %CommonPrograms%SecurityTool * %ApplicationData%73668737 * Registry Entries * Key: HKEY_CURRENT_USER\Software\Security Tool * Value: * Data: * Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run * Value: Install * Data: C:\Documents and Settings\%userprofile%\Application Data\3552748893\3552748893.bat * Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run * Value: 3552748893 * Data: C:\Documents and Settings\%userprofile%\Application Data\3552748893\3552748893.exe * Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run * Value: 73668737 * Data: C:\DOCUME~1\ALLUSE~1\APPLIC~1\73668737\73668737.ex e It's the .bat file that causing it to regenerate. |
kamo1 (14583) | ||
| 818750 | 2009-12-02 12:01:00 | You left out first unplug the network cable.. | apsattv (7406) | ||
| 818751 | 2009-12-02 22:48:00 | :lol: This things putting up a good fight :p NOTHING will run in the way of cleaning tools, even in safe mode, cant stop it Via task manager as thats infected as well, cant disable System restore - same thing infected ----- Time to bring out the BIG guns :thumbs: Edited: Sneaky little Sh1t-- damn thing has installed its self 4 times, completely random numbers/ files as well ;) |
wainuitech (129) | ||
| 818752 | 2009-12-02 23:01:00 | What if you use something like ccleaner in safe mode, and remove whats in startup (if there's anything there) first? Or let me try :p with Teamviewer | Speedy Gonzales (78) | ||
| 1 2 3 4 5 | |||||