Security Tool Removal Instructions - gHacks Tech News

Security Tool Removal Instructions

Security Tool is a so-called rogue antivirus software that is distributed by various means including malicious software like trojans. It is also distributed through popups on the Internet which display a fake "the computer is infected" message to the user prompting users to download and run the tool to resolve those issues.

Security Tool performs a series of tasks once it is running on a computer system. This includes blocking legit software from being executed, and displaying false security warnings to promote a "full" version of the program that the PC user should buy to protect the computer system and remove anything that it claims it has found.

The files that it displays as malicious or infected are not in fact which can be proven by testing them with a legit antivirus software, or using the online virus scanner Virustotal.

Security Tool will add itself to the list of autostart programs in Windows. It will automatically perform a scan upon startup that will display the fake infections in the end. The "make money" part comes into play when the user tries to remove the infections with the rogue program.

The rogue AV will notify the user that a license needs to be purchased before the infections can be removed.

Security Tool

security tool

Some of the fake security warnings that Security Tool will display to the user include the following:

Security Tool Warning
Spyware.IEMonster activity detected. This is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs.
Click here to remove it immediately with SecurityTool.

Security Tool Warning
Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss.
Click here to block unauthorised modification by removing threats (Recommended)

To make matters worse, Security Tool will also manipulate installed web browsers and block them from accessing websites.

These methods are utilized by rogue software to make it harder for computer users to download legit security software to remove them, or simply research the tool that claims something is wrong with the system.

Manual Removal of Security Tool:

Security Tool uses random numbers to make the identification and removal instructions complicated.

  • Step 1: Remove the Security Tool startup entry which is listed as number.exe where number is a random number.
  • Step 2: Identify and stop the Security Tool process by pressing [Windows Alt Del] to bring up the Windows Task Manager. The process is listed as number.exe where number is a random number
  • Step 3: Remove Security Tool related files. These are stored in two locations
    C:\Documents and Settings\All Users\Application Data\number\
    C:\Documents and Settings\All Users\Application Data\number\number.exe
    where number is again a random number.
  • Step 4: Remove Security Tool Registry entries. Those again are stored in two different Registry keys.
    HKEY_CURRENT_USER\Software\Security Tool
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Tool

Automatic Removal:

Most legit antivirus software, like Malwarebytes' Anti-Malware is able to detect and remove Security Tool automatically. This process is usually faster and the better choice especially for inexperienced computer users.

Summary
Security Tool Removal Instructions
Article Name
Security Tool Removal Instructions
Description
Security Tool is a rogue antivirus software that has been designed to produce fake malware warnings to the user to sell removal software.
Author
Publisher
Ghacks Technology News
Logo




  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. darxide said on December 9, 2009 at 3:30 pm
      Reply

      The problem I’ve come across when removing this from a few friends and family members pc is that security tool blocks task manager and msconfig too. What I did to get around this is copy msconfig from %windir%/system32/ to the desktop and rename it explorer.exe. Security tool will not block it then. remove the security tool entry and reboot.

    2. giedrius said on December 9, 2009 at 3:45 pm
      Reply

      Malwarebytes anti-malware FAILS to remove Security tool automatically (in most cases) when Security Tool trojan process is active. It can not be launched, and such sites like bleeping computers clearly states that.
      Also, entries should be modified AFTER the trojan processes are stopped or you might get reinfected. Additionally, many strains of Security tool block task manager, so you have to find the way to launch it :)

    3. Simon said on December 9, 2009 at 5:51 pm
      Reply

      OR you could just use combofix (make sure you download it from bleepingcomputer.com) OR you could use fake antivirus remover
      also, Windows+alt+del does nothing. A nice quick way to bring up the task manager on any windows system is ctrl+shift+esc.

    4. teamplayer said on January 2, 2010 at 2:20 am
      Reply

      This removal will not apply to windows 7. Please update.

    5. Joe said on March 2, 2010 at 3:05 am
      Reply

      My Mother-In-Laws computer had this, the one that blocks taskmanager, command prompt, and almost everything else.

      The easy way to get rid of it is to boot in safe mode by holding during boot (it wont start with windows in safe mode) then go to the start menu and type “msconfig” in the run dialog box. *msconfig can be dangerous if you disable important startup files* Once in msconfig (System Configuration) starts click on the startup tab, find the application that is all numbers, and uncheck it’s box (and only it’s box). When you restart normally it will not start up with windows and you can go and delete the file (right click the desktop shortcut and choose properties to see where it is).

    6. Joe said on March 2, 2010 at 3:07 am
      Reply

      the button to hold on boot is F8 … this site removed the button name from my first post

    7. Grace said on March 2, 2010 at 8:28 am
      Reply

      Thank you so much for your information on this. I got this thing from watching a video on line and it took a phone call to a friend who got on her laptop and gave me instructions on how to remove it. It had to be done from Safe Mode as I was unable to get into the task manager or anything else for that matter. Once I was able to locate the path name(C:\Documents and Settings\All Users\Application Data\39711223 I was able to delete it. The sight of the Icon was pissing me off so bad that I moved it to the recycle bin. From there I found the path then used the search file and folders (including hidden ones) and was able to delete from there…….I then rebooted in normal mode and all was fine…It may not be high tech, but it worked. Thank you again!!!!

      1. Martin said on March 2, 2010 at 8:59 am
        Reply

        Glad that the article was of help for you ;)

        1. SMcD said on March 4, 2010 at 3:58 pm
          Reply

          Just wanted to say thank you for these notes!
          I was sooo ticked off last night when the place we purchased our computer from, not even 24 hours ago, wouldn’t help us take care of this problem. I haven’t tired all of this yet but will today.

    8. Anonymous said on March 4, 2010 at 4:57 am
      Reply

      What about the fact that I gave them my creidt card info to pay for the friggin thing!

    Leave a Reply