Skip to comments.Nasty "Security Tool" malware removal instructions.
Posted on 10/16/2009 9:47:48 PM PDT by E. Pluribus Unum
This appears to be something brand new, and it gets past AVG antivirus.
I have antivirus and am pretty careful, and can't remember the last time I picked up anything that messed up my computer like this nasty thing. It takes over when you boot up, and won't let you go into task manager or anything.
I got rid of it by going into safe mode (press f8 during boot) and looking at the properties of the shortcut on the desktop. It pointed to the executable file C:\Documents and Settings\All Users\Application Data\24180116\24180116.exe.
I deleted this executable file and removed the desktop and startup-menu shortcuts. After I rebooted into normal XP mode I was back in control. I went into the registry editor and deleted the items HKEY_CURRENT_USER\Software\24180116 and HKEY_LOCAL_MACHINE\Software\24180116.
The trick is to follow the Security Tool shortcut to the executable file. Once you delete it, you're probably OK. I just wanted to remove all trace of it.
From what I have read, it generates a random number for the name of the executable file, so yours will probably be different.
I’ve had a couple of friends run into this one. It sure is a booger! Looks like you’ve found a much easier way to get rid of it than what I went through. Heh
I’m going to keep your instructions handy as I know someone else will be calling with the same problem. Thanks a bunch!
I think it gets past AVG because it’s malware rather than a virus. :/
yep, sounds familiar. caused me to reformat and reinstall. was opportunity to install windows 7, 30 day trial. switched to nod32.
Windows Police Pro is far worse, IMO.
I hope I never get to find out.
So what program do we install to prevent it and similar crap?
My computer guy traced it back and rooted it out.
I've heard that "Hijack This "works nicely also.
I don't think there is a program to prevent stupidity.
I am pretty sure that this is one of those things that pops up and wants to install. As you know, never click on anything that wants to install something unless you know for sure what it is.
I would never deliberately install something from a popup, but I do click pretty fast sometimes and I bet I accidentally let something install without realizing it.
This thing isn't a virus. It's an application.
I use Hijack This, but you have to be careful what you delete from your registry.
I highly recommend malwarebytes.org. They have a free anti-malware program which they are continuously updating. It has helped me get rid of infections which otherwise seemed intractable, including Comet adware, Security Center virus, and Agent and Backdoor trojans.
Download it and install it on your computer now, so that it’s immediately available if a problem occurs. I usually update it and run a complete scan of my hard drive (which can take a couple of hours) two or three times a week at night.
I turn it over to guys that know what they're doing!!!
Thanks for the heads up, will look for it tomorrow.
Yup. That one’s a real nasty bugger. I also did a system restore to roll the registry back after removing it.
I don’t know why folks are still using Norton/McAfee or others. Nod 32 is the slickest AV out there right now, and it’s cheap. I just got 2 years/2 machines for about $80.00. You get what you pay for. AVG is free and all, but I would not trust it at all.
Run your browser ‘sandboxed’. I have had a couple of what I call drive by downloads. If something tries to install I close out my browser, delete all that is in the sandbox and reopen my browser. The sandbox prevents nasties from reaching your hdd.
If you ever get it, you’ll get “Windows Police Pro” pop-up’s and the machine will slow to a crawl. I’m happy to help you via FReepmail to remove it, should you ever get it (or any other malware). Keep that in mind. I love killing malware. And there’s always new variants of particularly nasty malware spawning every day, so it’s never boring. :O)
Could it be coming from webpage ads? In all four instances, the user had gone only to their homepage and then a local newspaper’s website when it all went haywire.
Since it’s a completely legit site, the only thing I could come up with as a possible source was the ads on the page.
When malware is this virulent, why isn't it classed as a virus?
I was told by the folks at microcenter that adware and malware are not unlawful so most antivirus programs, Norton, AVG McAfee etc. don’t ry and top them.
Good question! I looked it up and the only thing I can come up with is they’re categorized strictly by definition.
By definition, a virus can self-replicate and infect other computers. Malware/spyware can’t. Does that sound right?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.