Tech

How to Fix: The Security Tool Virus

My real life alter ego is dealing with fixing computers on a daily basis ranging from teaching someone how to use a particular piece of software to removing the nastiest of viruses around the internet. So many people are affected by one of the biggest viruses to spread at present & it’s a killer removing it if you don’t really know what to do. Today alone I helped fix 5 of these & it’s hard to explain to clients how exactly they get them because frankly we don’t even know how it is spreading. Everyday thousands of new viruses are unleashed & even the most sophisticated anti-virus program cannot keep up with them all. The good thing though? We can fix them & get your computer back in working order.

The virus I’m talking about? The Security Tool Virus. This is a virus which poses as an anti-spyware/virus application. Pop-ups are unleashed all over your desktop which “detects and reports” a variety of infections you have on your system, this then dramatically slows down your computer, over loads your CPU, makes it crash & then asks for money to install the full version of the application in order to fully help you remove the infections ($50 seems like the in-figure at present!).

However, it’s a scam that so many people have fallen for & when they do click to pay (silly people!) it can unleash more viruses all over your system in a bid to steal your passwords, online banking details & other personal data.

So how do you fix it?

It’s a long ass process but worth it! Prepare to spend a few hours to completely fix the issue but in the end it will also help remove other crap & help speed up your computer.

    1. Get your computer into Safe Mode with Networking by pressing the F8 key as soon as you turn on your PC, then selecting this mode from the Advanced Boot Menu & pressing enter.

    2. Download the following programs; Malware Bytes, rKill, Stinger, Super Anti-Spyware & CCleaner. The installation & use of these programs is pretty self explanatory. They can all be run in safe mode unlike some applications. I would run rKill first as it forces all processes to be killed, then run Malware Bytes & Super Anti-Spyware simultaneously, then Stinger which blasts viruses away and lastly CCleaner which removes temp files amongst other things.

    3. After running all the scans & removing the infections, reboot your computer back into normal mode (for n00bs, that’s your normal desktop, without pressing F8 on the keyboard). It should of got rid of the nasty infection & to be safe, run a virus scan like Microsoft Security Essentials. I’m very Anti-Norton & McAfee as you can get a similar anti virus software for free rather than an expensive piece of software which attacks your RAM & slows your computer down.

If however, it still doesn’t get rid of the entire infection (highly unlikely unless ultra severe) you can manually remove it by ending some processes & going into the registry keys. I wouldn’t recommend this if you don’t know what you’re doing as you can cause more harm than good.

How to remove the infection manually:

    1. End all processes which have random numbers like 845623.exe as these ARE suspicious.

    2. Remove the following registry entries by going to Start > Run > Regedit

      * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall  \Security Tool
      * HKEY_CURRENT_USER\Software\Security Tool

    3. Remove the following folders & content within Regedit:

      * %UserProfile%\Application Data\{random numbers}
      * %UserProfile%\Desktop\Security Tool.lnk
      * %UserProfile%\Start Menu\Programs\Security Tool.lnk

And there you have it! Everything should now be clear & you should notice a signficant difference in the overall performance of your computer. The above applications I recommended can be used for other viruses & infections you have not just The Security Tool Virus. If you have the virus (or any other), let me know how you got on with the steps & if you are having any problems, please do not hesitate in getting in touch with me.

You Might Also Like

12 Comments

  • Reply
    Salem
    August 24, 2010 at 12:12 am

    Very thorough and well wrote guide! I can use this to show other people rather than stay on the phone for hours and hours! If anything I’ll show it to my parents because every now and then they get these kind of viruses! Thank you :)

  • Reply
    Gareth Llewellyn-Stevens
    August 24, 2010 at 1:47 am

    I love fighting with viruses, and having a good root around the Registry for fun. :)

    Anyway, this is fantastic, easy to follow instructions, and links make it easy for inexperienced users to obtain the software and carry out the steps to resolve their problems.

    I’m sure this would be useful for many ISPs out there too, because in my experience a few major ones are useless when it comes to this kind of thing, and just recommend buying, installing, and running Norton or McAfee (or whichever product they’re in partnership with), and it causes no end of problems.

    Sadly, EUs of some ISPs have to rely on individual CSAs or tech bods to go out of their way to really help them fix their problem, which is usually frowned upon. :(

    There should be more awesomely nerdtastic people like you out there!

  • Reply
    Miss America
    August 24, 2010 at 9:13 am

    I got this virus a while back, and then got another version of it recently. It’s a pain in the ass, but I’m happy to say that I did nearly everything you mentioned here. It was, sincerely, through bloggers like you that I found the fix I needed. So glad you posted this up here for others!

  • Reply
    ananyah
    August 24, 2010 at 11:41 am

    @Salem: yeah being on the phone for hours takes forever! I normally remote access & fix it for them :)

    @Gareth Llewellyn-Stevens: u are such a geek gareth hahaha thank you for ur comments, i’ve always wanted to write posts like these but wasn’t sure if i should be so geeky lol

    @Miss America: it is a pain in the ass, ur right! I’m glad you managed to fix it though :D

  • Reply
    Rob
    August 24, 2010 at 1:53 pm

    Good write up :)

    When we had this problem in the office a couple of weeks back on one of the machines, I used Super-Anti-Spyware, as they have a portable version. So long as you can download a copy either locally or onto a USB stick, it will run without an install. I had rkill on standby to use as well, but it worked first time in safe mode with networking thankfully.

    I consider myself lucky to have avoided a trip to the registry! *shudders*

  • Reply
    Gareth Llewellyn-Stevens
    August 24, 2010 at 2:12 pm

    @ananyah:

    you should always be this geeky, and more so. it increases your awesome factor. :D

  • Reply
    ananyah
    August 24, 2010 at 2:17 pm

    @Rob: thanks Rob! The stand-a-lone super anti spyware is awesome. I use it daily to zap things :D Registries are a pain in the ass!

    @Gareth Llewellyn-Stevens: i need a tshirt then!

  • Reply
    Gareth Llewellyn-Stevens
    August 24, 2010 at 4:44 pm

    @ananyah:

    What kind of t-shirt?

  • Reply
    ananyah
    August 24, 2010 at 6:52 pm

    @Gareth Llewellyn-Stevens: like the geek squad but baby blue & sparkles ;p

  • Reply
    The Cos
    February 16, 2011 at 12:43 am

    Thanks, this was very helpful. i’m not in kill mode anymore.!!!

  • Reply
    ananyah
    February 16, 2011 at 12:54 am

    @The Cos: you’re welcome, if you need any other help, just get back in touch.

  • Reply
    indigo
    May 8, 2011 at 8:06 pm

    saw your postings on Flickr, was sufficiently interested to check your blog out, defo worth it, interesting , and quirky, willm return

    : )

  • Leave a Reply