Remove Security Tool Virus
What is Remove Security Tool Virus?
ESecurity Tool is another untrusted security program that compromises victims computer with the help of a Trojan responsible for downloading and executing Security Tool without users consent. This trespassing of Trojan introducing a rogue program to computer users simply have an objective of selling a rogue security program. Among other ways to promote this product is by displaying excessive advertisements and spoofing virus scan with fake results.
Having been deployed by a Trojan, never expect that there is an easy way of removing Security Tool from your computer. Security Tool’s uninstall information does not come with the package. User’s may be asked to purchase the registered version to remove its detected threats but not Security Tool itself. Though don’t loose hope, certain anti-malware and anti-virus application will able to remove it.
Update: October 09, 2009
Using Search Engine Optimization technique, it may point users to a malicious website that will run My PC – Best Defence Scanner.
Update: July 10, 2010
A fake Windows Explorer page titled Wait a minute! This is important – we check your device will hijacked Internet browser’s home page.
| Type | Rogue |
| Sub-Type | FakeAV |
| Aliases | |
| OS Affected | Windows |
| Detected By | MalwareBytes |
What are the Symptoms of Security Tool Virus Infection?
A virus scan will be launch after installation and will display fake results.
It will modify Windows Registry and add the following entries:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run]
40248422 = “%CommonAppData%\40248422\40248422.exe” - [HKEY_CURRENT_USER\Control Panel\Desktop] = _Wallpaper = “”
The threat will drop the following malicious files:
- %CommonAppData%\40248422\40248422.bat
- %CommonAppData%\40248422\40248422.exe
- %DesktopDir%\Security Tool.lnk
- %Programs%\Security Tool.lnk
Automatic Removal of Security Tool Virus
1. Print this procedure as we need to close all programs running later.
2. Download MalwareBytes’ Antimalware here and save it to your Desktop.
3. Close all open applications.
4. Double-Click on the downloaded mbam-setup.exeto start the installation. If unable to execute, infections on computer is preventing it from running, rename the file mbam-setup.exe to anything (like myfile.exe)
5. Run the installation on the default settings. No changes are necessary.
6. Just before completing the installation, make sure that the following are marked check.
- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware
7. MBAM will run and update itself after installation. Close MBAM after the update.
8. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode
9. Click on the MBAM icon and start to Perform Full Scan to begin scanning your computer for Security Tool related files.
10. After scanning, a message will appear stating that the scan is completed successfully. Click OK.
11. Click Show Results and detected threats will be displayed.
12. Make sure that all threats are marked check, then click Remove Selected to begin removal of the malicious files.
13. Exit MalwareBytes’ AntiMalware and restart your computer.
14. Security Tool and all its files are now removed from your computer. To protect your computer from this threat and avoid future infections, you may want to obtain a Full Version of MalwareBytes’ AntiMalware.
Hi there,
I’ve seen this on several systems lately. there are at least two different variants the first of which will not allow Malwarebytes to run and will blue screen if booted to safe mode. Maybe this can be manually removed somehow?
The second will allow you to run Malwarebytes.
-TechSack
Translate
That is really true, i was infected with the one that does NOT let your un Malwarebytes, and i had to manually delete all infected registry keys, and the 97309730975.exe file it took me 2 days to manually remove this virus, with help from articles around the net. If you get infected with the second form of this virus and you are not familiar with windows component, i’d suggest you hire someone to remove it for you, you can very well delete windows files and loose everything. So be carefull..
-Arsen-
Translate
After manually trying to remove the virus, I searched the internet and found this thread.
I followed the above steps and was able to successfully remove the virus. So thanks!
Translate
How do you rename the file, every time I try to load malwarebyte the virus disables it.
Translate
Thank you.
I followed the above instructions and it worked.
Translate
what to do even AFTER successfuly installation of this product mal byte et. then all the sudden 2 wk
later your seein AGAIN “your computer is infected install here msg.from the virus? if any one know
plz email me.thank you and good night.
morgankidz@inbox.com
Translate
Help i cant start in safe mode and screen is just blue……
Translate
My system is also infected with this virus, it startup on system start. It not allowing me to press any buttons like Alt + F4 or Alt + Ctrl + Del. Nothing.. Only popup this message.
It seems like it corrupted safemode too.. not going to safe mode at all. Showing some blue screen of error and restarting.. Tried all option of safemode too.. no chance to get into system.
I have few valuable files in system, want to takeout before i formate system.. Help me to get into system…
Translate
same stuff happened to me i just called norton and they took care of the problem for 100 dollars within ten minutes i recomend it because it saves you time and saves u a head ache…. if u know who created this problem send them my way
Translate
I just removed control center from my infected laptop. I also have a desktop (uninfected) so I was able to research what it was and how to remove it. If you have an infected desktop, if possible, have a friend come over with a laptop so you can look up the removal instructions. If you have an infected laptop bring it over to a friends house to look up removal instructions on their desktop. As you know, control center hijacks your screen and doesn’t allow you to go online or access your screen icons. What I had to do was open windows in safe mode, once in safe mode I created a new user account (in safe mode you should have an administrator, owner and guest icon, change the guest to visitor or any other name to allow access) which allowed me to go online to “Malwarebytes’ anti-malware site and install their free updated anti-maleware program on the visitor account. Once installed run the malware program immedietly(do not turn off your computer and restart in safe mode) in full scan mode and follow the prompts when done scanning. It should remove the malicious control center program. It might leave a control center icon on your screen once removed but you can drag it to the recycle bin and dump it. Good luck!!
Translate
I am researching how to get rid of the Control Center virus on my desktop (i have an uninfected laptop). Starting normally results in blue screen with control center pop up, no start menus or task manager, just blue screen with contol center window. The same result happens in all modes of safe mode. Any suggestions?
Thanks.
Translate
After fighting with this on my father in law’s computer and reading a bunch of forums on it, I finally got rid of it.
I tried the renaming but it did not work. Nothing allowed me to run it until I tried the little trick below.
As stated on another forum it kills the mbam.exe file as soon as you install the program causing an error when you try to run it. So I downloaded in onto another computer, copied only the mbam.exe file onto a flash drive and then copied and pasted it into the c:\program files\Malwarebytes folder and the virus did not see it. I then was able to successfully run it.
Translate
I also got hit with this on a machine with Vista. This got past ZA but MS Defender noted it as Winwebsec. Unfortunately, using MS DEfender did not remove since, as has been noted, the trojan disables antivirus/malware tools. After trying a couple of things that did not work, I finally went to the control panel\programs\change startup programs and under the Publisher not available section found three odd files 64712323.exe, 99060024.exe and another numbered file I didn’t write down. I removed all three and rebooted. Seemed to reboot OK and no more prompts. I am going to do a scan with several programs.
Hope this helps someone else.
Translate
If you are having a hard time getting Malwarebytes installed. Try this. go the MalwareBytes folder in program files. Then go to Malware website and install again. IF you watch the mbam.exe will show for a second and then go away. If you can right click on the mbam.exe and rename it before it goes away. This way the file will still be there but witha different name.
Translate
I have a Vista computer and have tried this whole weekend to remove this nasty virus. I located the numerical file and deleted it. The computer seemed to be working fine until a couple hours later it would not let me connect to the internet. I re-booted the wireless router and tested it and it all looked good but still am unable to connect. Does anyone have any suggestions…need my computer desperately!!! Thanks
Translate
When I try to download Malwarebytes’ Anti-Malware my AVG finds a trojan horse in it. I need to run the program on my hubbys PC, as I am sure it has the Security Tool virus, but fear mine will get infected by downloading Malwarebytes’ Anti-Malware. I have tried downloading it from 3 different sites. One of the trojans it found is Trojan horse Dropper Agent.PKF I emptied the virus vault and forgot the name of the other one. Any suggestions?
Translate
Can someone tell me how to dowload the link, I have this virus and my pc cannot or will not connect
Translate
1. Open file location on virus source. (Right click and go to properties and click ‘open file location’) 2. Right click virus source and go to properties. (Example. 45263672.exe) 3. Click security tab and then go down to the bottom and click advanced. 4. Click change permissions. 5. Find yourself as a user, in my case it was ( John (John-PC\John) ) ; and click Edit tab. 6. Check DENY on all the tabs. 7. Apply and restart your computer. BAM your Security Tool Virus Free!!!.
Translate
I was able to rename the 42602620.exe file to something else. I restarted the computer and THEN was able to install the Malware software. Any exe’s I was tring to run WAS disabled but not after I remaned the BS .exe file. We’ll see what happens from here.
Translate
I got it real bad, couldn’t open in safe mode, couldn’t run mbam. I took earlier advice to save mbam on a key and renamed the folder containing the virus and it looks like it’s working so far. Thanks for all the added advice.
Translate
Thank you so much! I used this for a users computer and it worked like a charm!
Translate
I need help. I have Windows Vista and Security Tool wont let me run “regedit,” ot the mbam setup. other than the things I can manage to click on before Secuirity Tool starts itself, I can’t really open any programs. My antimalware program isn’t able to start up either…Can anyone help me?
Translate
Damn, that virus was really annoying none of my stuff was a virus anyway f*** the virus
Translate
@ David–read some of the posts above yours (particularly 11/2009)…some users had to download the program to a flash drive using a different computer; then plug that flash drive into the infected computer to run it. Apparently, the virus may recognize it’s own cure being downloaded and blocks you from running it once you’ve downloaded it. ?? Hope my understanding is accurate & understandable.
Translate
I have the virus as well. My computer will not let me access windows in any form (Safe mode, or last best configuration) When i do select these the screen comes up black and blank?
Anyone have any suggestions? i am desperate!!!!
Translate
Instead of renaming or deleting the file, try moving it to the root of the hard drive (C:). When you move the file, it doesn’t start on bootup because the registry key cannot locate the file to run. Then run malwarebytes to remove it completely.
Translate
I know this sounds crazy, but when I tried opening my applications with cont/alt./del the virus kept blocking me. Just for the hell of it I tried holding cont./alt./del. down instead of tapping it. Somehow the processes/apps. screen then came up and stayed. I was able to then stop the virus app. from running (it was some random numbers and pretty east tp spot). My Mcafee and other apps. were then able to run. I am in process of now seeing if Mcafee will detect it. I also ran msconfig to start up menu and stopped the program from starting up when loading. I will post if this works.
Translate
if my computer will not boot up in safe mode, what should i do to get rid of the security tool virus?
Translate
Jenna, try to do what I did. It sounds silly, but if you mess around a little with holding the control/alt/del buttons DOWN instead of tapping them once you may be able to bring up your processes/apps menu and stop the securitytool program running from the menu. Try it a few times and see if it works. My Mcafee virusscan did not find the virus but I am going to download the malware program listed above and try removing it that way. I’ll let you know if it works.
Translate
It worked. I was able to download the Malwarebyte’s and it removed security tool.
Translate
This virus is a nightmare. Hoping to solve it myself, before forking over a pile of money to a “pro.”
Translate
It got me too. Like a dummy, I filled in the information to download the SECURITY TOOL to get rid of all of the viruses that it said I had. When it said that I had some wrong information and couldn’t process my credit card, it ask me to use another. Then the light went off. I called my card company and they said they had already rejected a charge made to my card. I had to get a new credit card number. Were is the police?
Translate
i’v problem evry time i want to install a program this message came “your system security do not allow you to install ”
what i’h to do?????????
please help me
Translate
My wife’s pc with Windows XP became infected with this virus and like many people, renaming the exe file or trying to delete it didn’t work for me either. So I simply renamed the “random number” folder under “Local Disk (C:)documents and settings/all users/Application Data” itself to “junk”, rebooted, and bingo! no more Security Tool interference. I then downloaded malwarebytes and ran it just fine.
Translate
hi,
i rebooted my computer(vista) in safe mode with command prompt, and it did that just fine. then i deleted the file and the folder and it was gone.
commands to those who dont know how to use command promt.
1, cd..
2, cd..
3, cd programdata
4, dir/w
5, cd 12323123(folder with numbers)
6, del *.* or, dir/w then the whatever file you see is you virus.
*then just restart, u should be good.
just type in exactly like i have shown and you should be fine
Translate
hey i got to step 4, but there’s no folder with numbers, where do i find it?
my problem status:
restored from a restore point in safe mode, brought up windows, everything seems fine, but the files are still jacked up in C drive.
when i open it up it shows 5 folders named like a whole mess of like 20 numbers and letters, and the contents show EULA doc. I can’t see things like documents and settings, or what i mean is this folder with numbers. I just want to delete the whole security tool for good if you can help … thanks…
Translate
I got this virus, it is stopping the laptop from connecting to my internet. Tried to put Malware Bytes on using a pen drive but it won’t run the application. There is always an error. Managed to do half a scan with Avast but then got the blue screen.
Translate
1. Open file location on virus source. (Right click and go to properties and click ‘open file location’) 2. Right click virus source and go to properties. (Example. 45263672.exe) 3. Click security tab and then go down to the bottom and click advanced. 4. Click change permissions. 5. Find yourself as a user, in my case it was ( John (John-PC\John) ) ; and click Edit tab. 6. Check DENY on all the tabs. 7. Apply and restart your computer. BAM your Security Tool Virus Free!!!.
Did the above when Malware Bytes otherwise wouldn’t install. I then ran Malware Bytes, which removed the infection.
Translate
(and thank you to the author of the original step-by-step article!!)
Translate
Thanks Mollie you just saved me from throwing my pc out the window… You way worked for me. Thanks to the original post too for the step by step!
Translate
Hi,
I’m really confused, and I’m not computer literate at all. I have this virus, but the step by step guides confuse me. What do I right click on to get “properties”, and then what? Can someone explain it really simply to me, because I’m really confused.
from Alex
Translate
HELP no matter what I do I cannot get rid of this virus. It has infected my computer to a degree tht I cannot open anything.
Translate
Holding down Crtl Alt Del until Security Tool finally let task manager open. I ending the random numbered program in the processes. That shut down Security Tool so I could install malwarebytes and run a scan that got rid of it. Thanks for all the tips on this page!
Translate
hi. tried unsucessfuly some of the more complex recommended routes, but the following worked for me:
click on the windows buttin (bottom left of screen) & then select “all programmes” .
right click on “securityThreat” icon and select “rename”
Choose a new name (in my case sod.off worked for me).
Save it and re-boot. the pc re-started and I was then able to run malware byte wich removed it once and for all.
Translate
Someone could help me?? I got this virus and before i installed anti-malware my system has rebooted and now I can’t restart my laptop. Both safe mode and normal mode are blank screen..
Please I’m desperate..
Translate
Hi guys
My sister just brought her laptop around with this SAME issue, i tried the usual stuff. Regedit, tsk manager, non worked etc.
HOWEVER, i found thethe virus
C:/Program Data/6048373/6048373.exe
I right clicked the file, changed to read only.
Restarted the laptop and that stopped it from loading.
Then i download malbytes malware remover and that got rid of the rest of it
Try it, it worked for me ;o Just changed the .exe to read only. then restart.
Translate
One of our office users had the ‘Security Tool’ virus on his Vista machine and I managed to get rid of it by booting into ‘Safe mode with command prompt’, running regedit and going to HKLM\Software\Microsoft\Windows\CurrentVersion\Run and deleting the C:\ProgramData\\.exe registry key.
Booting back into the OS normally should all be ok and manually deleting the exe just to be sure is a good idea.
Translate
hey dr chris thank you i’ve been cussing at my computer for 2 hours and i seen what u wrote and it worked so thanks
Translate
Well. I install it and found lots of viruses so I check on the internet for the activation code. Then I found out that it was a virus so I use my Kaspersky but it wont work. So i download the malwarebytes but it’s smart and delete the malwarebytes. So I have to change the name and it works! And my computer’s back to normal. Except some of my photoes are deleted. And i hate that virus, it delete my favorite photo with my father. God save me
Translate
I’m never going to download it again. Never… (PS: I hate virus.)
Translate
Here is a little tip I will let you all in on.
Its the explorer shell, that is stopping any program from running, so do :
Start, Run “command.com” it does not watch this one.
From the command.com window, you can spawn ANY other window you want. Start with CMD.EXE (virus stops this one from explorer, but does not have control of the file at process level, so it launches it ok.
From there, use DOS to get to any directory and launch whatever program you want, including the gui for AVGUI.exe, which you can then launch and work with sucessfully.
I notice that the virus also blocks the PASTE command, stopping you from backing up any files, you can use dos commands from withing CMD such as : XCOPY %directory% %destination% /s /e to backup your valuable “My documents” if your worried.
You can also spawn MALWarebyte setup files without needing to rename of play about with the files.
From the CMD window, just go to the directory of the setup files, and type “mbam-setup” and off you go.. sorted.
Translate
@Alex
If you press START and find the application for the Security Tool program there, that is what you right click on and then select properties. Then follow the step by step Mollie described. Worked prefectly for me.
Translate
my daughter followed the sercurity tool prompts and deleted files,now the computer will not do anything on start up just blue screen.labtop with vista Help please!!!
Translate
thankyou
followed the instructions and cleaned the virus out..
thankyou
Translate
Thanks this advice help me remove th
is virus…cheers..
1. Open file location on virus source. (Right click and go to properties and click ‘open file location’) 2. Right click virus source and go to properties. (Example. 45263672.exe) 3. Click security tab and then go down to the bottom and click advanced. 4. Click change permissions. 5. Find yourself as a user, in my case it was ( John (John-PC\John) ) ; and click Edit tab. 6. Check DENY on all the tabs. 7. Apply and restart your computer. BAM your Security Tool Virus Free!!!.
Did the above when Malware Bytes otherwise wouldn’t install. I then ran Malware Bytes, which removed the infection.
Translate
The above worked..by renaming the file, I was able to run system restore, restart my mcafee( which had somehow gotten turned off)& scan the computer.
Translate
Thanks to whoever figured this one out it worked well thank you have a great day
Translate
Mollie’s has helped much.., but i thank all of you for summing it all up in my mind!!!
Translate
TRY THIS METHOD
1. Start the system
2. Press f8 while booting
3. Use arraow keys to select Safemode with network
4. Now you can download the Malwarebytes
5. Install it and scan the full system
6. After scan remove the treats
7. Now restart the system
8. Now you are ready to go
Translate
My son just picked up this swine of a virus…
QUESTION…I am running Vista, my son picked it up in his account which is a Standard User but it is NOT showing in my account which is the Administrator account. Would I solve the problem just by deleting his account?
Many thanks.
Dave.
Translate
Had this issue for someone’s laptop.
Never have taken so long to remove a virus.
- No safemode
- Couldn’t rename the .exe
- regedit, cmd, command, taskmgr, notpad, ect.. all would close the moment you opepend them. (even if renamed)
- Any virus scanner type program as well, including rkill and malwarebytes installed, even if renamed.
Right before i gave up to go to bed i tried something, cut and paste the “random letter folder” to the C:\ drive.
Tada~???
Explain that, how i can move it WHILE its running, yet i cant rename it while its running?
Either or, i re-infected another computer of mine and yeah, you can just MOVE the file to another location on the PC and restart….
Dont ask, just be happy?
Translate
Is this not another virus ? Cause i’m realy annoyed with this security shit already :/
Translate
This stuff has me so upset, I cannot even think straight. Just when I thought I had everything fixed in both computer, this virus appears. It hardly allows me to work with anything and the more I try to do something, it seems to get worse. I just ran malware before this happen. I always do. I had my wireless connected and and fear it can effect the the other computer. Can it? I am going to try everything here. I appreciate everyone coming together here to help. Going to take a break and then try again. Wish me luck and TX again!
Translate
Well that didn’t work trying system restore. I ran from both safe mode and from malaware without and it stopped me saying it could go no further and took me to another screen with chooses. Now trying to restore about 5 days ago. Again, wish me luck. Ty
Translate
Worked a treat – thanks for the info.
Translate
I finally came to my senses and figured this crappy virus out. I bought a mac!!
Translate
Found an even easier way to uninstall this.
Open My computer, choose Disk C;
2. Find Program Files=>Common Files=>PSecurityUninstall=>Uninstall
3. Run the file Uninstall.lnk
Translate
Ok, My parents computer got infected with this little gem this morning (May 18, 2010). This is the variant that kills ANYTHING trying to stop it.
Well, it seems that the user can log onto ANOTHER user account on the computer in question and that account won’t have the virus present. Just download Malwarebytes at http://www.malwarebytes.org from the unaffected account and run it. (BE SURE TO UPDATE Malwarebytes BEFORE SCANNING.)
***VARIABLES TO CONSIDER***
1.The computer in question had NOT been re-booted since being infected. Re-booting may make the infection go global; account-wise.
2.The unaffected account was not currently logged in when started or at the time of infection…But may have been opened and logged out of before the infection.
***ALSO***
Check the earlier posts for the advice of ‘David Chapman’ and ‘Mollie’. Both are helpful.
Translate
Where does this program come from? Who can we sue?
Translate
Thank you John Jay you solved the problem for me. I was unable to download Malbytes even in safe mode as it would not allow me internet access, but by creating a new user account (I just renamed guest) I was able to access the internet, dowloaded Malbytes which scanned and removed about 16 files. Thsnk you
Translate
Think i have this virus basically the security tool thing came up saying i had trojans and worms…..i manged to get some history work of it on safe mode now im trying to get back onto it but i cant get onto safe mode or anything to get rid of the virus, the screen is blank the only thing that shows is the dell welcome bit and wen i try going into safe mode just half a page of some kinda writing comes up then stops
i need serious help as it isnt my laptop and i have to return and really dont want to have to pay for a brand new one!!
Translate
is this a virus
Translate
At the advice of another site, I deleted the multi-number-letter base file. But now I cant find my recycle bin (the superbar is blocked on normal mode and i just cant find it in safe mode – thanks windows 7) so I cant restore them (with the hope of changing the name like others have) or properly trash them.
I also cant run malwarebytes. Its not the installing process I have a problem with (already had it), the program just wont run thanks to the virus (same with other processes like msconfig and task manager), even when i try and use things like rkill.com first. When I ran it in safe mode it didnt find the virus.
This is such a headache! Anyone know what I should do?
Translate
Ok, problem solved! Purely by chance too. As soon as I started up my computer, I managed to get the task manager up before the security tool program started running. This way it couldn’t shut task manager down, so I was able to delete the process (45963.exe) and run Malwarebytes.
Annoyingly, while Malwarebytes found the file and quaratined it, security tool still started up on my next reboot. I guess because Malwarebytes couldnt finish the process. So I just went and found it manually (C:\Users\[you]\AppData\Local\45963.exe) and after disabling the process again I made it read only and then finally trashed it.
Hopefully that is it, but at least my computer is fine for now. Thankyou so much everyone, reading the thread helped heaps!
Translate
@ Tess Aug 5
Thank you! I tried *everything* on my Dad’s Acer netbook, this was the only thing that worked! I think they have been updating the virus consistently and negating all the fixes. This is the only thing that worked! Thanks again!
Translate
This method (previously posted) worked easily for me. My system (Vista) was gradually getting locked up. I managed to get the Malwarebyes program downloaded to my desktop, but then everything was getting attacked. I couldn’t get Internet Explorer to connect any longer, couldn’t open my task manager, and the Malwarebytes program was prevented from running. This solved my problem in a matter of minutes.
1. Start the system
2. Press f8 while booting
3. Use arraow keys to select Safemode with network
4. Now you can download and run the Malwarebytes program
5. Install it and scan the full system
6. Have Malwarebytes remove the threats
7. Now restart the system
8. You are ready to go
Translate
Molie is a genius.
Malwarebytes wasnt able to remove it but Molie’s advice did the trick.
Thanks so much
Translate
Thank you so much to Engie (post #18) for this:
1. Open file location on virus source. (Right click and go to properties and click ‘open file location’) 2. Right click virus source and go to properties. (Example. 45263672.exe) 3. Click security tab and then go down to the bottom and click advanced. 4. Click change permissions. 5. Find yourself as a user, in my case it was ( John (John-PC\John) ) ; and click Edit tab. 6. Check DENY on all the tabs. 7. Apply and restart your computer. BAM your Security Tool Virus Free!!!.
My mom’s computer had this, and this fix was easy enough for me to talk her through over the phone. After her computer restarted (and Security Tool didn’t automatically come up), I had her go into registry editor (previously blocked) and we could not find any of the registry keys there, or the processes in the task manager (also previously blocked). I had her download and run MalwareBytes, to make sure it was gone. Thank you again, you let my mom get back to Facebook (lol!).
Translate
I had this security tool virus about 4 hours ago and now it’s disabled. It’s still on the system at the moment but can do everything I could before. Don’t no if it will work for eveyone put I went into c: drive docs and setting, into user eg. simon, into local setting (may need to disable hidden folders) then into application data then the virus is in there, right clicked on it changed the name of it applied then reboted after that no pop ups or nothing
Hope It helps.
Translate
After trying so many methods, some of the too old obviously because if you have the new version of this beast you cant open any software so most of the above fix wont work.
But the Simon b method just above here is the best and let me add how to see hidden folders:
howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/
Dont forget to run the Malware after to delete that thing permanently.
Translate
Got this little gem this morning and had the same issues as other were I could not boot into safe mode (black screen) to run my collection of malware removers. One thing that worked for me was to hold CTRL-SHIFT-ESC down (shortcut that opens task manager) and while holding the keys down used the mouse to select the {numberstring}.exe and end the process. I think it works because it tried to open task managers than it could close. Deleted the .exe and reg entries and now running malware removers to clean up anything I missed.
Translate