Skip to comments.Nasty "Security Tool" malware removal instructions.
Posted on 10/16/2009 9:47:48 PM PDT by E. Pluribus Unum
This appears to be something brand new, and it gets past AVG antivirus.
I have antivirus and am pretty careful, and can't remember the last time I picked up anything that messed up my computer like this nasty thing. It takes over when you boot up, and won't let you go into task manager or anything.
I got rid of it by going into safe mode (press f8 during boot) and looking at the properties of the shortcut on the desktop. It pointed to the executable file C:\Documents and Settings\All Users\Application Data\24180116\24180116.exe.
I deleted this executable file and removed the desktop and startup-menu shortcuts. After I rebooted into normal XP mode I was back in control. I went into the registry editor and deleted the items HKEY_CURRENT_USER\Software\24180116 and HKEY_LOCAL_MACHINE\Software\24180116.
The trick is to follow the Security Tool shortcut to the executable file. Once you delete it, you're probably OK. I just wanted to remove all trace of it.
From what I have read, it generates a random number for the name of the executable file, so yours will probably be different.
I’ve had a couple of friends run into this one. It sure is a booger! Looks like you’ve found a much easier way to get rid of it than what I went through. Heh
I’m going to keep your instructions handy as I know someone else will be calling with the same problem. Thanks a bunch!
I think it gets past AVG because it’s malware rather than a virus. :/
yep, sounds familiar. caused me to reformat and reinstall. was opportunity to install windows 7, 30 day trial. switched to nod32.
Windows Police Pro is far worse, IMO.
I hope I never get to find out.
So what program do we install to prevent it and similar crap?
My computer guy traced it back and rooted it out.
I've heard that "Hijack This "works nicely also.
I don't think there is a program to prevent stupidity.
I am pretty sure that this is one of those things that pops up and wants to install. As you know, never click on anything that wants to install something unless you know for sure what it is.
I would never deliberately install something from a popup, but I do click pretty fast sometimes and I bet I accidentally let something install without realizing it.
This thing isn't a virus. It's an application.
I use Hijack This, but you have to be careful what you delete from your registry.
I highly recommend malwarebytes.org. They have a free anti-malware program which they are continuously updating. It has helped me get rid of infections which otherwise seemed intractable, including Comet adware, Security Center virus, and Agent and Backdoor trojans.
Download it and install it on your computer now, so that it’s immediately available if a problem occurs. I usually update it and run a complete scan of my hard drive (which can take a couple of hours) two or three times a week at night.
I turn it over to guys that know what they're doing!!!
Thanks for the heads up, will look for it tomorrow.
Yup. That one’s a real nasty bugger. I also did a system restore to roll the registry back after removing it.
I don’t know why folks are still using Norton/McAfee or others. Nod 32 is the slickest AV out there right now, and it’s cheap. I just got 2 years/2 machines for about $80.00. You get what you pay for. AVG is free and all, but I would not trust it at all.
Run your browser ‘sandboxed’. I have had a couple of what I call drive by downloads. If something tries to install I close out my browser, delete all that is in the sandbox and reopen my browser. The sandbox prevents nasties from reaching your hdd.
If you ever get it, you’ll get “Windows Police Pro” pop-up’s and the machine will slow to a crawl. I’m happy to help you via FReepmail to remove it, should you ever get it (or any other malware). Keep that in mind. I love killing malware. And there’s always new variants of particularly nasty malware spawning every day, so it’s never boring. :O)
Could it be coming from webpage ads? In all four instances, the user had gone only to their homepage and then a local newspaper’s website when it all went haywire.
Since it’s a completely legit site, the only thing I could come up with as a possible source was the ads on the page.
When malware is this virulent, why isn't it classed as a virus?
I was told by the folks at microcenter that adware and malware are not unlawful so most antivirus programs, Norton, AVG McAfee etc. don’t ry and top them.
Good question! I looked it up and the only thing I can come up with is they’re categorized strictly by definition.
By definition, a virus can self-replicate and infect other computers. Malware/spyware can’t. Does that sound right?
Same experience here. I have already moved some newspaper sites to a more secure zone in my browser. They’re getting worse all the time having junk automatically come up. Must be a sign of their desperation to generate some revenue.
Well, this info came in handy much sooner than I expected. I picked up Security Tool from Ebay this afternoon. With the other reports, I thought maybe someone had mistakenly clicked on something they shouldn’t have and didn’t remember doing it. I know without a doubt all I clicked on was an auction description and everything went haywire. I have no idea how this thing is getting through!
Anyway, thanks for the info. The fix went a little differently for me but at least gave me a good place to start. After following your suggestions, it was still running rampant but when I deleted the Start menu shortcut, I noticed the path for it was different than the desktop shortcut and pointed back to another (numbered) folder in the same location. After deleting that one and editing the registry, I had enough control to deal with the other things piggybacked on it. (More malware and my AV also picked up four trojans. Don’t know if the viruses were related but they didn’t show up during the scheduled scan this morning.)
Thanks again for posting it! I was at least able to access your post on FR via my Blackberry and follow your instructions.
Dpwiener, thanks for the malwarebytes info. Downloaded it after Spybot and Ad-Aware didn’t do a thing for the additional malware and it worked like a charm. Found 31 things they’d both missed! I’m test driving everything now to make sure it’s all gone and so far, so good!
Sorry if this post is rambling/doesn’t make sense. My brain is completely fried after dealing with this! (And we blondes don’t have much steam power to spare!) lol
Big hugs to both of you! :D
Got Security Tools on my computer and could not do anything to get rid of it. This worked for me because security tools will not allow you to open any software that can defeat it while you are running in Normal mode. I have windows XP.
1. Download the free malwarebytes software running Windows in Normal Mode at this link
2. Then reboot computer in Safe Mode using F8 to allow you to choose Safe Mode
3. Run malwarebytes quick scan and remove infected files while in Safe Mode
4. Reboot in Normal Mode and you should be clear of the Security Tools Virus
Awesome! Good to know for future problems!
Thank you very much for posting this solution. It worked for me and I was in a total panic.