Jump to content
Enrique

security tool

Recommended Posts

I am having a problem with a program call Security Tool that warns me I have virises infecting my computer. When I tried to open it and remove the virises Trend said it was an unsafe site. Does anyone no how to get rid of it and it has embedded an icon into my task bar which I cannot remove.

Thanks for any help.

Share this post


Link to post
Share on other sites

Hi Enrique,

Can I have you create a support ticket on our website here?:

https://www.superantispyware.com/csrcreateticket.html

Please note in your problem description that you were told to request a diagnostic, and note somewhere also that Geoff sent you.

Thanks,

Geoff

Hey geoff I have tryed malware bytes and superantispyware and neither will get rid of the Security Tool. When I try to open it Trend blocks it and says its unsafe. Any ideas?

Share this post


Link to post
Share on other sites
Hey geoff I have tryed malware bytes and superantispyware and neither will get rid of the Security Tool. When I try to open it Trend blocks it and says its unsafe. Any ideas?

Thank you - I was just answering this response as I know the MBAM method - No offence to SAS as I know it too can remove the infection but I could not find the shortcut -

Thank you - :)

Malwarebytes can remove this fake rogue by using this method - The infection has been about for quite a while now -

Thank You - :)

Share this post


Link to post
Share on other sites

Malwarebytes can remove this fake rogue by using this method - The infection has been about for quite a while now -

Thank You - :)

Both MalwareBytes and SuperAntiSpyware are capable of removing Security Tool...unless you have a new and unknown variant of the infection.

Update and run both MalwareBytes and SuperAntispyware from "Safe Mode With Networking".

If that doesn't help, further methods can be utilized.

Share this post


Link to post
Share on other sites

Both MalwareBytes and SuperAntiSpyware are capable of removing Security Tool...unless you have a new and unknown variant of the infection.

Update and run both MalwareBytes and SuperAntispyware from "Safe Mode With Networking".

If that doesn't help, further methods can be utilized.

My wife's computer is also seriously infected with an XP version of the persistant "Security Tool" trojan. My experience is that MalwareBytes is *not*, in fact, capable of removing this trojan. SuperAntiSpyware seems to get rid of it, but does not fix the registry (See FixExe.reg at

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010) and is not capable of preventing reinfection, just detecting it.

I would be interested to find out how this trojan is spread, which might give me a hint what is necessary to actually recover the system.

Share this post


Link to post
Share on other sites

My wife's computer is also seriously infected with an XP version of the persistant "Security Tool" trojan. My experience is that MalwareBytes is *not*, in fact, capable of removing this trojan. SuperAntiSpyware seems to get rid of it, but does not fix the registry (See FixExe.reg at

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010) and is not capable of preventing reinfection, just detecting it.

I would be interested to find out how this trojan is spread, which might give me a hint what is necessary to actually recover the system.

Security Tool has been going around for the last few weeks. It is capable of bypassing ANY internet security product, and has many variants. I've found that the common conduit is Facebook.

Are you able to update and run SAS and/or MBAM from "Safe Mode With Networking"?

Share this post


Link to post
Share on other sites

in common conduit is Facebook, can you explain because i have many clients on facebook. How do you get this trojan?

robin

Share this post


Link to post
Share on other sites

in common conduit is Facebook, can you explain because i have many clients on facebook. How do you get this trojan?

robin

Hi Robin.

When questioning my clients, I've discovered that the infection occurred while using Facebook.

IMO, I suspect a drive-by infection.

On my customer's computers, I install Microsoft Security Essentials, SAS Pro, and MalwareBytes on demand. Despite all of that, the malware coders are way ahead of the anti-malware coders.

Share this post


Link to post
Share on other sites

Hi Robin.

When questioning my clients, I've discovered that the infection occurred while using Facebook.

IMO, I suspect a drive-by infection.

On my customer's computers, I install Microsoft Security Essentials, SAS Pro, and MalwareBytes on demand. Despite all of that, the malware coders are way ahead of the anti-malware coders.

understood but they have to be clicking on something in Facebook to get the trojan, are they clicking on the ads, the games, the utube videos, invites, what?

I have a facebook account and i do not click on any of the above-EVER! so i am wondering what they are clicking on to get this.

Oh and I have the same programs you have, but some of them are running AVG Free, or Avast Free or MSE, depending on how old their computer is.

robin

Share this post


Link to post
Share on other sites
are they clicking on the ads, the games, the utube videos, invites, what?

The most usual means are First - Advertising (Facebook has limited control over these) - Second - Invites (From Al'K'Holic, Nick O'Teen)and several other not so obvious names (Only click on people you know) - Third - The links to YouTube Vids (the content is never known untill opened and the Smile says "Got You") -

The games are generally well controlled as there seems to mainly be one distributor at this time -

From a person who controls the incoming attachments to the family computer - (Note: Only my observations)

Thank You -

EDIT - To update SAS or MBAM in safe mode is OK but the files you wish to remove for Security Tool will be hidden in safe mode - These can only be accessed once you have reverted to normal mode -

My experience is that MalwareBytes is *not*, in fact, capable

Once you read the item you will know it will work - I have removed it several times - I also know SAS will remove it if done properly -

Security Tool is in fact a Fake Rogue infection - It is not a true Trojan -

Share this post


Link to post
Share on other sites

The most usual means are First - Advertising (Facebook has limited control over these) - Second - Invites (From Al'K'Holic, Nick O'Teen)and several other not so obvious names (Only click on people you know) - Third - The links to YouTube Vids (the content is never known untill opened and the Smile says "Got You") -

The games are generally well controlled as there seems to mainly be one distributor at this time -

From a person who controls the incoming attachments to the family computer - (Note: Only my observations)

I have all my clients who have facebook make sure they only have set in their privacy settings "invite friends only" "to allow friends only" (those of course you make as friends)

but there are those who do not listen and yes click on the ads, and worse click on utube videos and i just wait for a phone call-"weird things are happening on my computer"

As for the games, that is exactly how one of my clients got a trojan. Also the games puts your privacy info out "there" into the public and NOT private. It states that when you click on it which is a problem in itself because if now someone who is lurking out there now has your info, that is a good way to get spammed or worse.

So i was wondering if this is where this rogue software is getting on also.

robin

Share this post


Link to post
Share on other sites

The most usual means are First - Advertising (Facebook has limited control over these) - Second - Invites (From Al'K'Holic, Nick O'Teen)and several other not so obvious names (Only click on people you know) - Third - The links to YouTube Vids (the content is never known untill opened and the Smile says "Got You") -

The games are generally well controlled as there seems to mainly be one distributor at this time -

From a person who controls the incoming attachments to the family computer - (Note: Only my observations)

Thank You -

EDIT - To update SAS or MBAM in safe mode is OK but the files you wish to remove for Security Tool will be hidden in safe mode - These can only be accessed once you have reverted to normal mode -

Once you read the item you will know it will work - I have removed it several times - I also know SAS will remove it if done properly -

Security Tool is in fact a Fake Rogue application - It is not a true Trojan -

Excellent points nok, but you lost me with: "Security Tool is in fact a Fake Rogue application - It is not a true Trojan"

Anyway, no biggie:)

Robin,

All I know is that said infections are being transmitted while using Facebook. Other than that I simply don't have the time or desire to pursue the issue more specifically.

Ditto on running the scans from Normal Mode when possible.

Also, I avoid AVG like the plague.

Share this post


Link to post
Share on other sites

Excellent points nok, but you lost me with: "Security Tool is in fact a Fake Rogue application - It is not a true Trojan"

Anyway, no biggie:)

Robin,

All I know is that said infections are being transmitted while using Facebook. Other than that I simply don't have the time or desire to pursue the issue more specifically.

Ditto on running the scans from Normal Mode when possible.

Also, I avoid AVG like the plague.

I liked AVG up until their last set of updates, I am slowly moving my clients off AVG free to either Avast (for more advanced users) or MSE( for beginner users), the pro version of AVG is much better and i am beginning to feel AVG is making the Free version so watered down and so unstable that in my opinion only, they will eventually discontinue (like many big AV companies have done) the free version.. I have beta tested MSE since conception and the only thing I find is that on older xp computers it runs the cpu too high.

robin

Share this post


Link to post
Share on other sites

Both MalwareBytes and SuperAntiSpyware are capable of removing Security Tool...unless you have a new and unknown variant of the infection.

Update and run both MalwareBytes and SuperAntispyware from "Safe Mode With Networking".

If that doesn't help, further methods can be utilized.

Also if you cannot get to the internet to get Superantispyware you can go on another computer and pick up the portable scanner and the scanner will also work in Safe Mode.

robin

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×