Security Tool Fakery

Tuesday morning, I was hurrying to search for some data at the office computer when I found that this Security Tool virus had claimed the computer and disabled a lot of functionalities including:

  • Task Manager – Security Tool kills it as soon as it starts.
  • MS Word – can’t start.
  • MS Wordpad and Notepad – can’t start.

And those were only the few ones I tried. Who knows what other applications have been rendered useless by this virus. The urgency of how to remove security tool virus flashed up and I immediately did a quick prayer and hoped that the security tool virus did not disable any internet browser. Thankfully, it didn’t. Firefox opened up. I saw why the sloths and sluts who created this virus did not disable any of the browsers. How else could they scam hapless victims into clicking their links that lead to their lame website and typing in their credit card numbers into their database?

Several pages suggested some procedures to remove this security tool virus. Some didn’t work, while some worked to a point only but not completely. First, I tried this set of procedures:

  1. Re-start to Safe Mode. To go to safe mode, Click this link.
  2. Run MalwareBytes Anti-Malware. After running MalwareBytes Anti malware, it reported 2 items that I promptly removed. The purpose of having to go to safe mode is because security tool disabled Malwarebytes too in normal windows mode.
  3. Restart to normal windows. Apparently, this simple solution is not enough because Security Tool was still there, yawning sarcastically at me as if it had just awakened from a nap.


Experts and those who have been through this ordeal tell us that the security tool virus lays an egg – an exe file with a random name usually made up of numbers. If you can find this and have it successfully removed, you have removed the security tool virus. (?)

Anyways, after going through the various suggested procedures, I did a few little tweaks and found myself free of the pest. Here is how I did mine:

  1. Find the spawn. One could either search for “*.exe” files created/modified very recently, or try going to the “C:\Documents and Settings\New\Local Settings\Application Data” folder. That’s where I found the exe file which in our case was ‘512298992.exe’. They say it doesn’t stick with the same file name. So, expect yours to be different.
  2. Rename the exe file and move it to another (adjacent) folder. I found that I could not just delete the exe file. However, it doesn’t complain when I renamed it (from ‘512298992.exe’ to ‘cowdung.rar’) and moved it away from its perch. Uh oh, now that I’ve said it, some of the sloths at the security tool dung factory might read this and update their manure accordingly. Anyway, from “C:\Documents and Settings\New\Local Settings\Application Data”, I dragged it to “C:\Documents and Settings\New\Local Settings\Application Data\Yahoo!”. No, I don’t have any grudge with Yahoo. That folder just happened to be the first folder I saw within easy dragging distance. The thing by the way doesn’t allow you to drag it to another drive, e.g. from C to D.
  3. I rebooted the machine. Surprise, Security Tool no longer showed its ugly head. It’s gone! I peeked back at the “C:\Documents and Settings\New\Local Settings\Application Data\Yahoo!” folder where I last put it. It was no longer there.
  4. Run MalwareBytes. Knowing that these things don’t just give up that easily, I ran Malwarebytes, which now got freed from its bonds and now went searching for the culprit that bound and gagged it earlier. Whatever it found I deleted instantly without second thought.
  5. I then searched for the 512298992.exe file. I found “512298992.exe – 1EEQR687.pf” in the C:\Windows\Prefetch folder. Again, I hit the delete button without even caring to find out what ‘prefetch’ means.
  6. Empty Recycle Bin.
  7. Some experts suggested about possible Registry entries that required looking into. So far, I found none in the identified locations. Some suggested locations are “HKEY_CURRENT_USER\Software\Security Tool” and “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run”.

I still am not sure if I have totally rooted out and removed the security tool virus from the office computer. It’s been almost a week and no one among our users ever reported anything out of the ordinary so far. I think, it would be favorable for my peace of mind to assume for now that it’s indeed gone.

Updates

  • One website reported that they just used the System Restore and everything went back to normal. Maybe I should have tried that first. 🙂
  • Since it allows Internet Explorer and Firefox to run, I may have tried renaming temporarily the Malwarebytes scanner from “mbam.exe” to “firefox.exe” and run it.

Anyone had an encounter with security tool virus and removed it successfully? Maybe you could share your experiences below.

SHARE to your FRIENDS by CLICKING HERE:

Tagged with:

Filed under: Everyday LifeHow To Get Rid of Trojan Virus

Like this post? Subscribe to my RSS feed and get loads more!