When did you get the Security Tool virus?

If you’ve ever gotten the Security Tool virus, how did you get rid of it? (Note, I DID NOT use the infected computer on this site since I got it)

I can’t believe how nasty it is…

Answer #1

Unfortunately no spybot programs seem to work on this thing, and it gets worse and worse. Fortunately my job is to get rid of these types of things so I can get you through it pretty much pain free! Here’s how to get rid of almost ALL of those pesky fake virus and lock-down programs that spybot and other spyware-removing software just can’t seem to touch!

Reboot your computer. Watch your keyboard just as its starting up and as soon as you see the keyboard lights flash, tap your left shift key a couple of times and then hold it. (This isn’t an exact science, technically you should just be able to press and hold it, but I’ve gotten better results from the tap then hold technique.)

You should then be prompted BEFORE you see the windows screen, to choose some startup options. Choose the very top option: Safe Mode (not network and not command prompt).

The system should boot up and look big and funky, but it SHOULD work outside the scope of the spyware program. Log in as Administrator (God help you if you were already normally using Administrator; I can help you with that too, but we’ll need to get on the phone, so just message me.) and you will notice it doesn’t come up. If you do happen to log into the system as yourself, the virus program may still come up (I’ve seen it before and I have to fix some variant of this at least once a day) - so make sure to use a different username from the one that is infected.

Next step is to find out where it is hiding. So, click Start and go to Run (or Win+R) and type ‘msconfig’ minus the quotes. Click OK to pull up the System Config Utility. Click the Startup tab on the far right and notice the Command column. Stretch it out so you can read the full line.

Look for a line in there that looks something like “C:\Documents and Settings[username]\Application Data\” and then a bunch of random characters and a file name. (This may also be “C:\Documents and Settings[username]\Local Settings\Application Data\” or some other close variant, but you should recognise it as the final folder name will be completely random characters) THAT is our virus - keep in mind the file name will almost always be different, even for the same virus! (ie. C:\Documents and Settings\SwVictim\Application Data\vuxadyiujtx\RBProtect.exe) Go ahead and uncheck that line (don’t worry about mistakes, as you can uncheck any of these without hurting anything or doing any permanent damage). Click OK, but don’t restart just yet.

So we’ve taken care of it hurting you, but let’s kill that thing! Open an Explorer window or My Computer and browse to C:\Documents and Settings[username]\ just like in the startup tab. You may or may not see the next folder, and if not just click Tools::Folder Options, click the View Tab and check the “Show Hidden Files and Folders” button, then click OK. The Application Data/Local Settings folder should appear. Continue to browse to the folder and open it up. A confirming indicator that this is the “virus” will be that it is the only file in the directory.

If I were you I would delete the file and its folder, but if that makes you nervous, just rename the file and the folder to something like “blahblahblah_virus” so you can undo your changes if need be.

Reboot your computer and you should be good. If you’re still experiencing issues, its likely you have a BHO (Browser Helper Object) active with the virus, and just mail me for that as its an even easier fix.

Not really the monster everybody’s making it out to be. I had a tougher time taming my kitten, Smoochie; you just have to know how to fight back.

Good luck, buddy - let me know how it goes.

Answer #2

Great advice, xreply. From your description of the menus, looks like you are talking about a Windows system. To clarify, and I don’t know if it’s the computer manufacturer (but I think it’s the OS), I believe F8 is the button you tap to start the computer in safe mode, as the computer manufacturer logo appears on the screen while it’s booting.

Answer #3

I don’t believe I’ve had the misfortune of being infected with it, yet. From the research I’ve done I’ve noticed that it’s a rogue anti-spyware program, which means that scanners that cover rogue could be helpful.

One wonderful scanner I’ve found helpful for rogue (since I’ve been infected by other rogue before) is Malwarebytes Anti-Malware scanner. It’s easy to use, free, and pretty good. So you could try downloading the free version, updating it, restarting in safe mode, then running the scan. (Safe mode will prevent the processes from the Security Tool from starting with your computer. Scanners can’t remove things that are in use by the system, so it’s good to do it that way.)

If you don’t know how to start safe mode, feel free to FunMail me and I’ll help you as best as I can.

Take care. :)

More Like This
Ask an advisor one-on-one!
Advisor

Tools n Gadgets

Tools, Gadgets, Product Reviews

Advisor

Security Guards Melbourne

Security Services, Security Guards, Security Companies

Advisor

International Security Journal

Security News, Magazine, Events

Advisor

Full Crack Tool

Software, Technology, Internet

Advisor

Mailsbackup Office 365 Backup...

Software, Cloud Services, Data Management