Security Tool is another untrusted security program that compromises victims computer with the help of a Trojan responsible for downloading and executing Security Tool without users consent. This trespassing of Trojan introducing a rogue program to computer users simply have an objective of selling a rogue security program. Among other ways to promote this product is by displaying excessive advertisements and spoofing virus scan with fake results.
Having been deployed by a Trojan, never expect that there is an easy way of removing Security Tool from your computer. Security Tool’s uninstall information does not come with the package. User’s may be asked to purchase the registered version to remove its detected threats but not Security Tool itself. Though don’t loose hope, certain anti-malware and anti-virus application will able to remove it.
Update: October 09, 2009
Using Search Engine Optimization technique, it may point users to a malicious website that will run My PC – Best Defence Scanner.
| Type | Rogue |
| Sub-Type | FakeAV |
| Aliases | |
| OS Affected | Windows |
| Detected By | MalwareBytes |
What are the Symptoms of Security Tool Virus Infection?
A virus scan will be launch after installation and will display fake results.
It will modify Windows Registry and add the following entries:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run]
40248422 = “%CommonAppData%\40248422\40248422.exe” - [HKEY_CURRENT_USER\Control Panel\Desktop] = _Wallpaper = “”
The threat will drop the following malicious files:
- %CommonAppData%\40248422\40248422.bat
- %CommonAppData%\40248422\40248422.exe
- %DesktopDir%\Security Tool.lnk
- %Programs%\Security Tool.lnk
Automatic Removal of Security Tool Virus
1. Print this procedure as we need to close all programs running later.
2. Download MalwareBytes’ Antimalware here and save it to your Desktop.
3. Close all open applications.
4. Double-Click on the downloaded mbam-setup.exeto start the installation. If unable to execute, infections on computer is preventing it from running, rename the file mbam-setup.exe to anything (like myfile.exe)
5. Run the installation on the default settings. No changes are necessary.
6. Just before completing the installation, make sure that the following are marked check.
- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware
7. MBAM will run and update itself after installation. Close MBAM after the update.
8. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode
9. Click on the MBAM icon and start to Perform Full Scan to begin scanning your computer for Security Tool related files.
10. After scanning, a message will appear stating that the scan is completed successfully. Click OK.
11. Click Show Results and detected threats will be displayed.
12. Make sure that all threats are marked check, then click Remove Selected to begin removal of the malicious files.
13. Exit MalwareBytes’ AntiMalware and restart your computer.
14. Security Tool and all its files are now removed from your computer. To protect your computer from this threat and avoid future infections, you may want to obtain a Full Version of MalwareBytes’ AntiMalware.
Hi there,
I’ve seen this on several systems lately. there are at least two different variants the first of which will not allow Malwarebytes to run and will blue screen if booted to safe mode. Maybe this can be manually removed somehow?
The second will allow you to run Malwarebytes.
-TechSack
That is really true, i was infected with the one that does NOT let your un Malwarebytes, and i had to manually delete all infected registry keys, and the 97309730975.exe file it took me 2 days to manually remove this virus, with help from articles around the net. If you get infected with the second form of this virus and you are not familiar with windows component, i’d suggest you hire someone to remove it for you, you can very well delete windows files and loose everything. So be carefull..
-Arsen-
After manually trying to remove the virus, I searched the internet and found this thread.
I followed the above steps and was able to successfully remove the virus. So thanks!
How do you rename the file, every time I try to load malwarebyte the virus disables it.
Thank you.
I followed the above instructions and it worked.
what to do even AFTER successfuly installation of this product mal byte et. then all the sudden 2 wk
later your seein AGAIN “your computer is infected install here msg.from the virus? if any one know
plz email me.thank you and good night.
morgankidz@inbox.com
Help i cant start in safe mode and screen is just blue……
My system is also infected with this virus, it startup on system start. It not allowing me to press any buttons like Alt + F4 or Alt + Ctrl + Del. Nothing.. Only popup this message.
It seems like it corrupted safemode too.. not going to safe mode at all. Showing some blue screen of error and restarting.. Tried all option of safemode too.. no chance to get into system.
I have few valuable files in system, want to takeout before i formate system.. Help me to get into system…
same stuff happened to me i just called norton and they took care of the problem for 100 dollars within ten minutes i recomend it because it saves you time and saves u a head ache…. if u know who created this problem send them my way
I just removed control center from my infected laptop. I also have a desktop (uninfected) so I was able to research what it was and how to remove it. If you have an infected desktop, if possible, have a friend come over with a laptop so you can look up the removal instructions. If you have an infected laptop bring it over to a friends house to look up removal instructions on their desktop. As you know, control center hijacks your screen and doesn’t allow you to go online or access your screen icons. What I had to do was open windows in safe mode, once in safe mode I created a new user account (in safe mode you should have an administrator, owner and guest icon, change the guest to visitor or any other name to allow access) which allowed me to go online to “Malwarebytes’ anti-malware site and install their free updated anti-maleware program on the visitor account. Once installed run the malware program immedietly(do not turn off your computer and restart in safe mode) in full scan mode and follow the prompts when done scanning. It should remove the malicious control center program. It might leave a control center icon on your screen once removed but you can drag it to the recycle bin and dump it. Good luck!!
I am researching how to get rid of the Control Center virus on my desktop (i have an uninfected laptop). Starting normally results in blue screen with control center pop up, no start menus or task manager, just blue screen with contol center window. The same result happens in all modes of safe mode. Any suggestions?
Thanks.
After fighting with this on my father in law’s computer and reading a bunch of forums on it, I finally got rid of it.
I tried the renaming but it did not work. Nothing allowed me to run it until I tried the little trick below.
As stated on another forum it kills the mbam.exe file as soon as you install the program causing an error when you try to run it. So I downloaded in onto another computer, copied only the mbam.exe file onto a flash drive and then copied and pasted it into the c:\program files\Malwarebytes folder and the virus did not see it. I then was able to successfully run it.
I also got hit with this on a machine with Vista. This got past ZA but MS Defender noted it as Winwebsec. Unfortunately, using MS DEfender did not remove since, as has been noted, the trojan disables antivirus/malware tools. After trying a couple of things that did not work, I finally went to the control panel\programs\change startup programs and under the Publisher not available section found three odd files 64712323.exe, 99060024.exe and another numbered file I didn’t write down. I removed all three and rebooted. Seemed to reboot OK and no more prompts. I am going to do a scan with several programs.
Hope this helps someone else.
If you are having a hard time getting Malwarebytes installed. Try this. go the MalwareBytes folder in program files. Then go to Malware website and install again. IF you watch the mbam.exe will show for a second and then go away. If you can right click on the mbam.exe and rename it before it goes away. This way the file will still be there but witha different name.
I have a Vista computer and have tried this whole weekend to remove this nasty virus. I located the numerical file and deleted it. The computer seemed to be working fine until a couple hours later it would not let me connect to the internet. I re-booted the wireless router and tested it and it all looked good but still am unable to connect. Does anyone have any suggestions…need my computer desperately!!! Thanks
When I try to download Malwarebytes’ Anti-Malware my AVG finds a trojan horse in it. I need to run the program on my hubbys PC, as I am sure it has the Security Tool virus, but fear mine will get infected by downloading Malwarebytes’ Anti-Malware. I have tried downloading it from 3 different sites. One of the trojans it found is Trojan horse Dropper Agent.PKF I emptied the virus vault and forgot the name of the other one. Any suggestions?
Can someone tell me how to dowload the link, I have this virus and my pc cannot or will not connect
Encena…
Nice work, thanks !…
1. Open file location on virus source. (Right click and go to properties and click ‘open file location’) 2. Right click virus source and go to properties. (Example. 45263672.exe) 3. Click security tab and then go down to the bottom and click advanced. 4. Click change permissions. 5. Find yourself as a user, in my case it was ( John (John-PC\John) ) ; and click Edit tab. 6. Check DENY on all the tabs. 7. Apply and restart your computer. BAM your Security Tool Virus Free!!!.
I was able to rename the 42602620.exe file to something else. I restarted the computer and THEN was able to install the Malware software. Any exe’s I was tring to run WAS disabled but not after I remaned the BS .exe file. We’ll see what happens from here.
I got it real bad, couldn’t open in safe mode, couldn’t run mbam. I took earlier advice to save mbam on a key and renamed the folder containing the virus and it looks like it’s working so far. Thanks for all the added advice.
Thank you so much! I used this for a users computer and it worked like a charm!
I need help. I have Windows Vista and Security Tool wont let me run “regedit,” ot the mbam setup. other than the things I can manage to click on before Secuirity Tool starts itself, I can’t really open any programs. My antimalware program isn’t able to start up either…Can anyone help me?
Damn, that virus was really annoying none of my stuff was a virus anyway f*** the virus
@ David–read some of the posts above yours (particularly 11/2009)…some users had to download the program to a flash drive using a different computer; then plug that flash drive into the infected computer to run it. Apparently, the virus may recognize it’s own cure being downloaded and blocks you from running it once you’ve downloaded it. ?? Hope my understanding is accurate & understandable.
I have the virus as well. My computer will not let me access windows in any form (Safe mode, or last best configuration) When i do select these the screen comes up black and blank?
Anyone have any suggestions? i am desperate!!!!
Instead of renaming or deleting the file, try moving it to the root of the hard drive (C:). When you move the file, it doesn’t start on bootup because the registry key cannot locate the file to run. Then run malwarebytes to remove it completely.
I know this sounds crazy, but when I tried opening my applications with cont/alt./del the virus kept blocking me. Just for the hell of it I tried holding cont./alt./del. down instead of tapping it. Somehow the processes/apps. screen then came up and stayed. I was able to then stop the virus app. from running (it was some random numbers and pretty east tp spot). My Mcafee and other apps. were then able to run. I am in process of now seeing if Mcafee will detect it. I also ran msconfig to start up menu and stopped the program from starting up when loading. I will post if this works.
if my computer will not boot up in safe mode, what should i do to get rid of the security tool virus?
Jenna, try to do what I did. It sounds silly, but if you mess around a little with holding the control/alt/del buttons DOWN instead of tapping them once you may be able to bring up your processes/apps menu and stop the securitytool program running from the menu. Try it a few times and see if it works. My Mcafee virusscan did not find the virus but I am going to download the malware program listed above and try removing it that way. I’ll let you know if it works.
It worked. I was able to download the Malwarebyte’s and it removed security tool.
This virus is a nightmare. Hoping to solve it myself, before forking over a pile of money to a “pro.”
It got me too. Like a dummy, I filled in the information to download the SECURITY TOOL to get rid of all of the viruses that it said I had. When it said that I had some wrong information and couldn’t process my credit card, it ask me to use another. Then the light went off. I called my card company and they said they had already rejected a charge made to my card. I had to get a new credit card number. Were is the police?
i’v problem evry time i want to install a program this message came “your system security do not allow you to install ”
what i’h to do?????????
please help me
My wife’s pc with Windows XP became infected with this virus and like many people, renaming the exe file or trying to delete it didn’t work for me either. So I simply renamed the “random number” folder under “Local Disk (C:)documents and settings/all users/Application Data” itself to “junk”, rebooted, and bingo! no more Security Tool interference. I then downloaded malwarebytes and ran it just fine.
hi,
i rebooted my computer(vista) in safe mode with command prompt, and it did that just fine. then i deleted the file and the folder and it was gone.
commands to those who dont know how to use command promt.
1, cd..
2, cd..
3, cd programdata
4, dir/w
5, cd 12323123(folder with numbers)
6, del *.* or, dir/w then the whatever file you see is you virus.
*then just restart, u should be good.
just type in exactly like i have shown and you should be fine
hey i got to step 4, but there’s no folder with numbers, where do i find it?
my problem status:
restored from a restore point in safe mode, brought up windows, everything seems fine, but the files are still jacked up in C drive.
when i open it up it shows 5 folders named like a whole mess of like 20 numbers and letters, and the contents show EULA doc. I can’t see things like documents and settings, or what i mean is this folder with numbers. I just want to delete the whole security tool for good if you can help … thanks…
I got this virus, it is stopping the laptop from connecting to my internet. Tried to put Malware Bytes on using a pen drive but it won’t run the application. There is always an error. Managed to do half a scan with Avast but then got the blue screen.
1. Open file location on virus source. (Right click and go to properties and click ‘open file location’) 2. Right click virus source and go to properties. (Example. 45263672.exe) 3. Click security tab and then go down to the bottom and click advanced. 4. Click change permissions. 5. Find yourself as a user, in my case it was ( John (John-PC\John) ) ; and click Edit tab. 6. Check DENY on all the tabs. 7. Apply and restart your computer. BAM your Security Tool Virus Free!!!.
Did the above when Malware Bytes otherwise wouldn’t install. I then ran Malware Bytes, which removed the infection.
(and thank you to the author of the original step-by-step article!!)
Thanks Mollie you just saved me from throwing my pc out the window… You way worked for me. Thanks to the original post too for the step by step!
Hi,
I’m really confused, and I’m not computer literate at all. I have this virus, but the step by step guides confuse me. What do I right click on to get “properties”, and then what? Can someone explain it really simply to me, because I’m really confused.
from Alex
HELP no matter what I do I cannot get rid of this virus. It has infected my computer to a degree tht I cannot open anything.
Holding down Crtl Alt Del until Security Tool finally let task manager open. I ending the random numbered program in the processes. That shut down Security Tool so I could install malwarebytes and run a scan that got rid of it. Thanks for all the tips on this page!
hi. tried unsucessfuly some of the more complex recommended routes, but the following worked for me:
click on the windows buttin (bottom left of screen) & then select “all programmes” .
right click on “securityThreat” icon and select “rename”
Choose a new name (in my case sod.off worked for me).
Save it and re-boot. the pc re-started and I was then able to run malware byte wich removed it once and for all.
Someone could help me?? I got this virus and before i installed anti-malware my system has rebooted and now I can’t restart my laptop. Both safe mode and normal mode are blank screen..
Please I’m desperate..
Hi guys
My sister just brought her laptop around with this SAME issue, i tried the usual stuff. Regedit, tsk manager, non worked etc.
HOWEVER, i found thethe virus
C:/Program Data/6048373/6048373.exe
I right clicked the file, changed to read only.
Restarted the laptop and that stopped it from loading.
Then i download malbytes malware remover and that got rid of the rest of it
Try it, it worked for me ;o Just changed the .exe to read only. then restart.
One of our office users had the ‘Security Tool’ virus on his Vista machine and I managed to get rid of it by booting into ‘Safe mode with command prompt’, running regedit and going to HKLM\Software\Microsoft\Windows\CurrentVersion\Run and deleting the C:\ProgramData\\.exe registry key.
Booting back into the OS normally should all be ok and manually deleting the exe just to be sure is a good idea.
hey dr chris thank you i’ve been cussing at my computer for 2 hours and i seen what u wrote and it worked so thanks
Well. I install it and found lots of viruses so I check on the internet for the activation code. Then I found out that it was a virus so I use my Kaspersky but it wont work. So i download the malwarebytes but it’s smart and delete the malwarebytes. So I have to change the name and it works! And my computer’s back to normal. Except some of my photoes are deleted. And i hate that virus, it delete my favorite photo with my father. God save me
I’m never going to download it again. Never… (PS: I hate virus.)