Security Tool Removal Instructions

Martin Brinkmann
Dec 9, 2009
Updated • Jan 2, 2017

Security Tool is a so-called rogue antivirus software that is distributed by various means including malicious software like trojans. It is also distributed through popups on the Internet which display a fake "the computer is infected" message to the user prompting users to download and run the tool to resolve those issues.

Security Tool performs a series of tasks once it is running on a computer system. This includes blocking legit software from being executed, and displaying false security warnings to promote a "full" version of the program that the PC user should buy to protect the computer system and remove anything that it claims it has found.

The files that it displays as malicious or infected are not in fact which can be proven by testing them with a legit antivirus software, or using the online virus scanner Virustotal.

Security Tool will add itself to the list of autostart programs in Windows. It will automatically perform a scan upon startup that will display the fake infections in the end. The "make money" part comes into play when the user tries to remove the infections with the rogue program.

The rogue AV will notify the user that a license needs to be purchased before the infections can be removed.

Security Tool

Some of the fake security warnings that Security Tool will display to the user include the following:

Security Tool Warning
Spyware.IEMonster activity detected. This is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs.
Click here to remove it immediately with SecurityTool.

Security Tool Warning
Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss.
Click here to block unauthorised modification by removing threats (Recommended)

To make matters worse, Security Tool will also manipulate installed web browsers and block them from accessing websites.

These methods are utilized by rogue software to make it harder for computer users to download legit security software to remove them, or simply research the tool that claims something is wrong with the system.

Manual Removal of Security Tool:

Security Tool uses random numbers to make the identification and removal instructions complicated.

  • Step 1: Remove the Security Tool startup entry which is listed as number.exe where number is a random number.
  • Step 2: Identify and stop the Security Tool process by pressing [Windows Alt Del] to bring up the Windows Task Manager. The process is listed as number.exe where number is a random number
  • Step 3: Remove Security Tool related files. These are stored in two locations
    C:\Documents and Settings\All Users\Application Data\number\
    C:\Documents and Settings\All Users\Application Data\number\number.exe
    where number is again a random number.
  • Step 4: Remove Security Tool Registry entries. Those again are stored in two different Registry keys.
    HKEY_CURRENT_USER\Software\Security Tool
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Tool

Automatic Removal:

Most legit antivirus software, like Malwarebytes' Anti-Malware is able to detect and remove Security Tool automatically. This process is usually faster and the better choice especially for inexperienced computer users.

Security Tool Removal Instructions
Article Name
Security Tool Removal Instructions
Security Tool is a rogue antivirus software that has been designed to produce fake malware warnings to the user to sell removal software.
Ghacks Technology News

Previous Post: «
Next Post: «


  1. Anonymous said on March 4, 2010 at 4:57 am

    What about the fact that I gave them my creidt card info to pay for the friggin thing!

  2. Grace said on March 2, 2010 at 8:28 am

    Thank you so much for your information on this. I got this thing from watching a video on line and it took a phone call to a friend who got on her laptop and gave me instructions on how to remove it. It had to be done from Safe Mode as I was unable to get into the task manager or anything else for that matter. Once I was able to locate the path name(C:\Documents and Settings\All Users\Application Data\39711223 I was able to delete it. The sight of the Icon was pissing me off so bad that I moved it to the recycle bin. From there I found the path then used the search file and folders (including hidden ones) and was able to delete from there…….I then rebooted in normal mode and all was fine…It may not be high tech, but it worked. Thank you again!!!!

    1. Martin said on March 2, 2010 at 8:59 am

      Glad that the article was of help for you ;)

      1. SMcD said on March 4, 2010 at 3:58 pm

        Just wanted to say thank you for these notes!
        I was sooo ticked off last night when the place we purchased our computer from, not even 24 hours ago, wouldn’t help us take care of this problem. I haven’t tired all of this yet but will today.

  3. Joe said on March 2, 2010 at 3:07 am

    the button to hold on boot is F8 … this site removed the button name from my first post

  4. Joe said on March 2, 2010 at 3:05 am

    My Mother-In-Laws computer had this, the one that blocks taskmanager, command prompt, and almost everything else.

    The easy way to get rid of it is to boot in safe mode by holding during boot (it wont start with windows in safe mode) then go to the start menu and type “msconfig” in the run dialog box. *msconfig can be dangerous if you disable important startup files* Once in msconfig (System Configuration) starts click on the startup tab, find the application that is all numbers, and uncheck it’s box (and only it’s box). When you restart normally it will not start up with windows and you can go and delete the file (right click the desktop shortcut and choose properties to see where it is).

  5. teamplayer said on January 2, 2010 at 2:20 am

    This removal will not apply to windows 7. Please update.

  6. Simon said on December 9, 2009 at 5:51 pm

    OR you could just use combofix (make sure you download it from OR you could use fake antivirus remover
    also, Windows+alt+del does nothing. A nice quick way to bring up the task manager on any windows system is ctrl+shift+esc.

  7. giedrius said on December 9, 2009 at 3:45 pm

    Malwarebytes anti-malware FAILS to remove Security tool automatically (in most cases) when Security Tool trojan process is active. It can not be launched, and such sites like bleeping computers clearly states that.
    Also, entries should be modified AFTER the trojan processes are stopped or you might get reinfected. Additionally, many strains of Security tool block task manager, so you have to find the way to launch it :)

  8. darxide said on December 9, 2009 at 3:30 pm

    The problem I’ve come across when removing this from a few friends and family members pc is that security tool blocks task manager and msconfig too. What I did to get around this is copy msconfig from %windir%/system32/ to the desktop and rename it explorer.exe. Security tool will not block it then. remove the security tool entry and reboot.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.