Security Tool is a so-called rogue antivirus software that is distributed by various means including malicious software like trojans. It is also distributed through popups on the Internet which display a fake "the computer is infected" message to the user prompting users to download and run the tool to resolve those issues.
Security Tool performs a series of tasks once it is running on a computer system. This includes blocking legit software from being executed, and displaying false security warnings to promote a "full" version of the program that the PC user should buy to protect the computer system and remove anything that it claims it has found.
The files that it displays as malicious or infected are not in fact which can be proven by testing them with a legit antivirus software, or using the online virus scanner Virustotal.
Security Tool will add itself to the list of autostart programs in Windows. It will automatically perform a scan upon startup that will display the fake infections in the end. The "make money" part comes into play when the user tries to remove the infections with the rogue program.
The rogue AV will notify the user that a license needs to be purchased before the infections can be removed.
Some of the fake security warnings that Security Tool will display to the user include the following:
Security Tool Warning
Spyware.IEMonster activity detected. This is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs.
Click here to remove it immediately with SecurityTool.
Security Tool Warning
Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss.
Click here to block unauthorised modification by removing threats (Recommended)
To make matters worse, Security Tool will also manipulate installed web browsers and block them from accessing websites.
These methods are utilized by rogue software to make it harder for computer users to download legit security software to remove them, or simply research the tool that claims something is wrong with the system.
Manual Removal of Security Tool:
Security Tool uses random numbers to make the identification and removal instructions complicated.
Automatic Removal:
Most legit antivirus software, like Malwarebytes' Anti-Malware is able to detect and remove Security Tool automatically. This process is usually faster and the better choice especially for inexperienced computer users.
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.
The problem I’ve come across when removing this from a few friends and family members pc is that security tool blocks task manager and msconfig too. What I did to get around this is copy msconfig from %windir%/system32/ to the desktop and rename it explorer.exe. Security tool will not block it then. remove the security tool entry and reboot.
Malwarebytes anti-malware FAILS to remove Security tool automatically (in most cases) when Security Tool trojan process is active. It can not be launched, and such sites like bleeping computers clearly states that.
Also, entries should be modified AFTER the trojan processes are stopped or you might get reinfected. Additionally, many strains of Security tool block task manager, so you have to find the way to launch it :)
OR you could just use combofix (make sure you download it from bleepingcomputer.com) OR you could use fake antivirus remover
also, Windows+alt+del does nothing. A nice quick way to bring up the task manager on any windows system is ctrl+shift+esc.
This removal will not apply to windows 7. Please update.
My Mother-In-Laws computer had this, the one that blocks taskmanager, command prompt, and almost everything else.
The easy way to get rid of it is to boot in safe mode by holding during boot (it wont start with windows in safe mode) then go to the start menu and type “msconfig” in the run dialog box. *msconfig can be dangerous if you disable important startup files* Once in msconfig (System Configuration) starts click on the startup tab, find the application that is all numbers, and uncheck it’s box (and only it’s box). When you restart normally it will not start up with windows and you can go and delete the file (right click the desktop shortcut and choose properties to see where it is).
the button to hold on boot is F8 … this site removed the button name from my first post
Thank you so much for your information on this. I got this thing from watching a video on line and it took a phone call to a friend who got on her laptop and gave me instructions on how to remove it. It had to be done from Safe Mode as I was unable to get into the task manager or anything else for that matter. Once I was able to locate the path name(C:\Documents and Settings\All Users\Application Data\39711223 I was able to delete it. The sight of the Icon was pissing me off so bad that I moved it to the recycle bin. From there I found the path then used the search file and folders (including hidden ones) and was able to delete from there…….I then rebooted in normal mode and all was fine…It may not be high tech, but it worked. Thank you again!!!!
Glad that the article was of help for you ;)
Just wanted to say thank you for these notes!
I was sooo ticked off last night when the place we purchased our computer from, not even 24 hours ago, wouldn’t help us take care of this problem. I haven’t tired all of this yet but will today.
What about the fact that I gave them my creidt card info to pay for the friggin thing!