Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Nasty "Security Tool" malware removal instructions.
Info on "Security Tool" but don't trust the software download. Delete manually. ^

Posted on 10/16/2009 9:47:48 PM PDT by E. Pluribus Unum

This appears to be something brand new, and it gets past AVG antivirus.

I have antivirus and am pretty careful, and can't remember the last time I picked up anything that messed up my computer like this nasty thing. It takes over when you boot up, and won't let you go into task manager or anything.

I got rid of it by going into safe mode (press f8 during boot) and looking at the properties of the shortcut on the desktop. It pointed to the executable file C:\Documents and Settings\All Users\Application Data\24180116\24180116.exe.

I deleted this executable file and removed the desktop and startup-menu shortcuts. After I rebooted into normal XP mode I was back in control. I went into the registry editor and deleted the items HKEY_CURRENT_USER\Software\24180116 and HKEY_LOCAL_MACHINE\Software\24180116.

The trick is to follow the Security Tool shortcut to the executable file. Once you delete it, you're probably OK. I just wanted to remove all trace of it.

From what I have read, it generates a random number for the name of the executable file, so yours will probably be different.


TOPICS: Miscellaneous; Your Opinion/Questions
KEYWORDS: alteredsourcetitle; fakeantivirus; getamac; linuxrox; malware; securitytool; spyware; virus

1 posted on 10/16/2009 9:47:48 PM PDT by E. Pluribus Unum
[ Post Reply | Private Reply | View Replies]

To: E. Pluribus Unum

I’ve had a couple of friends run into this one. It sure is a booger! Looks like you’ve found a much easier way to get rid of it than what I went through. Heh

I’m going to keep your instructions handy as I know someone else will be calling with the same problem. Thanks a bunch!

I think it gets past AVG because it’s malware rather than a virus. :/


2 posted on 10/16/2009 9:57:47 PM PDT by nodumbblonde (What one person receives without working for, another person must work for without receiving.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: E. Pluribus Unum

yep, sounds familiar. caused me to reformat and reinstall. was opportunity to install windows 7, 30 day trial. switched to nod32.


3 posted on 10/16/2009 9:58:45 PM PDT by cd jones (Liberals: spreading misery, calling it equality)
[ Post Reply | Private Reply | To 1 | View Replies]

To: E. Pluribus Unum

Windows Police Pro is far worse, IMO.


4 posted on 10/16/2009 10:07:09 PM PDT by library user
[ Post Reply | Private Reply | To 1 | View Replies]

To: library user
Windows Police Pro is far worse, IMO.

I hope I never get to find out.

5 posted on 10/16/2009 10:10:43 PM PDT by E. Pluribus Unum (Ask not what the Kennedys can do for you, but what you can do for the Kennedys.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: E. Pluribus Unum

So what program do we install to prevent it and similar crap?


6 posted on 10/16/2009 10:18:46 PM PDT by TomasUSMC ( FIGHT LIKE WW2, FINISH LIKE WW2. FIGHT LIKE NAM, FINISH LIKE NAM)
[ Post Reply | Private Reply | To 1 | View Replies]

To: E. Pluribus Unum
I think i had that (or somthing very similar a couple years ago.

My computer guy traced it back and rooted it out.

I've heard that "Hijack This "works nicely also.

7 posted on 10/16/2009 10:19:32 PM PDT by Cheapskate (Play loud and carry BIG sticks!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: TomasUSMC
So what program do we install to prevent it and similar crap?

I don't think there is a program to prevent stupidity.

I am pretty sure that this is one of those things that pops up and wants to install. As you know, never click on anything that wants to install something unless you know for sure what it is.

I would never deliberately install something from a popup, but I do click pretty fast sometimes and I bet I accidentally let something install without realizing it.

This thing isn't a virus. It's an application.

8 posted on 10/16/2009 10:22:24 PM PDT by E. Pluribus Unum (Ask not what the Kennedys can do for you, but what you can do for the Kennedys.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Cheapskate

I use Hijack This, but you have to be careful what you delete from your registry.


9 posted on 10/16/2009 10:25:31 PM PDT by P.O.E.
[ Post Reply | Private Reply | To 7 | View Replies]

To: E. Pluribus Unum

I highly recommend malwarebytes.org. They have a free anti-malware program which they are continuously updating. It has helped me get rid of infections which otherwise seemed intractable, including Comet adware, Security Center virus, and Agent and Backdoor trojans.

Download it and install it on your computer now, so that it’s immediately available if a problem occurs. I usually update it and run a complete scan of my hard drive (which can take a couple of hours) two or three times a week at night.


10 posted on 10/16/2009 10:36:26 PM PDT by dpwiener
[ Post Reply | Private Reply | To 1 | View Replies]

To: P.O.E.
Oh yeah! If I can't handle the situation with cleaning out the temp files or doing a system restore,

I turn it over to guys that know what they're doing!!!

11 posted on 10/16/2009 10:38:21 PM PDT by Cheapskate (Play loud and carry BIG sticks!)
[ Post Reply | Private Reply | To 9 | View Replies]

To: E. Pluribus Unum

Thanks for the heads up, will look for it tomorrow.


12 posted on 10/16/2009 10:45:41 PM PDT by Freedom2specul8 (I am Jim Thompson............................Please pray for our troops....)
[ Post Reply | Private Reply | To 1 | View Replies]

To: nodumbblonde

Yup. That one’s a real nasty bugger. I also did a system restore to roll the registry back after removing it.


13 posted on 10/16/2009 10:46:20 PM PDT by Paraclete
[ Post Reply | Private Reply | To 2 | View Replies]

To: cd jones

I don’t know why folks are still using Norton/McAfee or others. Nod 32 is the slickest AV out there right now, and it’s cheap. I just got 2 years/2 machines for about $80.00. You get what you pay for. AVG is free and all, but I would not trust it at all.


14 posted on 10/16/2009 10:50:54 PM PDT by davetex (If it's in stock, we've got it.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: E. Pluribus Unum

Run your browser ‘sandboxed’. I have had a couple of what I call drive by downloads. If something tries to install I close out my browser, delete all that is in the sandbox and reopen my browser. The sandbox prevents nasties from reaching your hdd.

http://www.sandboxie.com/


15 posted on 10/17/2009 12:37:34 AM PDT by USAF70 (America is not 'governed' by the President or Congress. America is governed by the U.S.Constitution.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: E. Pluribus Unum

If you ever get it, you’ll get “Windows Police Pro” pop-up’s and the machine will slow to a crawl. I’m happy to help you via FReepmail to remove it, should you ever get it (or any other malware). Keep that in mind. I love killing malware. And there’s always new variants of particularly nasty malware spawning every day, so it’s never boring. :O)


16 posted on 10/17/2009 5:11:18 AM PDT by library user
[ Post Reply | Private Reply | To 5 | View Replies]

To: Paraclete

Could it be coming from webpage ads? In all four instances, the user had gone only to their homepage and then a local newspaper’s website when it all went haywire.

Since it’s a completely legit site, the only thing I could come up with as a possible source was the ads on the page.


17 posted on 10/17/2009 9:38:40 AM PDT by nodumbblonde (What one person receives without working for, another person must work for without receiving.)
[ Post Reply | Private Reply | To 13 | View Replies]

To: nodumbblonde
I think it gets past AVG because it’s malware rather than a virus. :/

When malware is this virulent, why isn't it classed as a virus?

18 posted on 10/17/2009 9:41:38 AM PDT by GOPJ (MSM: ideological flotsam... in the septic tank for the lunatic left.- Breitbart)
[ Post Reply | Private Reply | To 2 | View Replies]

To: GOPJ

I was told by the folks at microcenter that adware and malware are not unlawful so most antivirus programs, Norton, AVG McAfee etc. don’t ry and top them.


19 posted on 10/17/2009 9:49:38 AM PDT by HiramQuick (work harder ... welfare recipients depend on you!)
[ Post Reply | Private Reply | To 18 | View Replies]

To: GOPJ

Good question! I looked it up and the only thing I can come up with is they’re categorized strictly by definition.

By definition, a virus can self-replicate and infect other computers. Malware/spyware can’t. Does that sound right?


20 posted on 10/17/2009 10:03:56 AM PDT by nodumbblonde (What one person receives without working for, another person must work for without receiving.)
[ Post Reply | Private Reply | To 18 | View Replies]

To: nodumbblonde

Same experience here. I have already moved some newspaper sites to a more secure zone in my browser. They’re getting worse all the time having junk automatically come up. Must be a sign of their desperation to generate some revenue.


21 posted on 10/18/2009 3:55:05 PM PDT by Paraclete
[ Post Reply | Private Reply | To 17 | View Replies]

To: E. Pluribus Unum; dpwiener

Well, this info came in handy much sooner than I expected. I picked up Security Tool from Ebay this afternoon. With the other reports, I thought maybe someone had mistakenly clicked on something they shouldn’t have and didn’t remember doing it. I know without a doubt all I clicked on was an auction description and everything went haywire. I have no idea how this thing is getting through!

Anyway, thanks for the info. The fix went a little differently for me but at least gave me a good place to start. After following your suggestions, it was still running rampant but when I deleted the Start menu shortcut, I noticed the path for it was different than the desktop shortcut and pointed back to another (numbered) folder in the same location. After deleting that one and editing the registry, I had enough control to deal with the other things piggybacked on it. (More malware and my AV also picked up four trojans. Don’t know if the viruses were related but they didn’t show up during the scheduled scan this morning.)

Thanks again for posting it! I was at least able to access your post on FR via my Blackberry and follow your instructions.

Dpwiener, thanks for the malwarebytes info. Downloaded it after Spybot and Ad-Aware didn’t do a thing for the additional malware and it worked like a charm. Found 31 things they’d both missed! I’m test driving everything now to make sure it’s all gone and so far, so good!

Sorry if this post is rambling/doesn’t make sense. My brain is completely fried after dealing with this! (And we blondes don’t have much steam power to spare!) lol

Big hugs to both of you! :D


22 posted on 10/23/2009 10:49:22 PM PDT by nodumbblonde (What one person receives without working for, another person must work for without receiving.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: nodumbblonde

Got Security Tools on my computer and could not do anything to get rid of it. This worked for me because security tools will not allow you to open any software that can defeat it while you are running in Normal mode. I have windows XP.
Steps:
1. Download the free malwarebytes software running Windows in Normal Mode at this link

http://www.malwarebytes.org/mbam.php

2. Then reboot computer in Safe Mode using F8 to allow you to choose Safe Mode
3. Run malwarebytes quick scan and remove infected files while in Safe Mode
4. Reboot in Normal Mode and you should be clear of the Security Tools Virus


23 posted on 11/28/2009 5:16:52 PM PST by badger07
[ Post Reply | Private Reply | To 22 | View Replies]

To: dpwiener
I highly recommend malwarebytes.org. They have a free anti-malware program which they are continuously updating. It has helped me get rid of infections which otherwise seemed intractable, including Comet adware, Security Center virus, and Agent and Backdoor trojans.

Thanks.

24 posted on 11/28/2009 5:33:46 PM PST by GOPJ (Anthropogenic global warming-the most costly and widespread scientific fraud in history-James Lewis)
[ Post Reply | Private Reply | To 10 | View Replies]

To: badger07

Awesome! Good to know for future problems!


25 posted on 12/02/2009 12:54:52 PM PST by nodumbblonde (Never kiss a cat while you're wearing lip gloss.)
[ Post Reply | Private Reply | To 23 | View Replies]

To: E. Pluribus Unum

Thank you very much for posting this solution. It worked for me and I was in a total panic.

Cheers.


26 posted on 09/25/2010 8:02:38 PM PDT by katkatkat
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson