Remove Security Tool Virus

This is an account of how I removed the Security Tool virus that infected our office computer.

SHARE to your FRIENDS by CLICKING HERE:


Security Tool Fakery

Tuesday morning, I was hurrying to search for some data at the office computer when I found that this Security Tool virus had claimed the computer and disabled a lot of functionalities including:

  • Task Manager – Security Tool kills it as soon as it starts.
  • MS Word – can’t start.
  • MS Wordpad and Notepad – can’t start.

And those were only the few ones I tried. Who knows what other applications have been rendered useless by this virus. The urgency of how to remove security tool virus flashed up and I immediately did a quick prayer and hoped that the security tool virus did not disable any internet browser. Thankfully, it didn’t. Firefox opened up. I saw why the sloths and sluts who created this virus did not disable any of the browsers. How else could they scam hapless victims into clicking their links that lead to their lame website and typing in their credit card numbers into their database?

Several pages suggested some procedures to remove this security tool virus. Some didn’t work, while some worked to a point only but not completely. First, I tried this set of procedures:

  1. Re-start to Safe Mode. To go to safe mode, Click this link.
  2. Run MalwareBytes Anti-Malware. After running MalwareBytes Anti malware, it reported 2 items that I promptly removed. The purpose of having to go to safe mode is because security tool disabled Malwarebytes too in normal windows mode.
  3. Restart to normal windows. Apparently, this simple solution is not enough because Security Tool was still there, yawning sarcastically at me as if it had just awakened from a nap.


Experts and those who have been through this ordeal tell us that the security tool virus lays an egg – an exe file with a random name usually made up of numbers. If you can find this and have it successfully removed, you have removed the security tool virus. (?)

Anyways, after going through the various suggested procedures, I did a few little tweaks and found myself free of the pest. Here is how I did mine:

  1. Find the spawn. One could either search for “*.exe” files created/modified very recently, or try going to the “C:\Documents and Settings\New\Local Settings\Application Data” folder. That’s where I found the exe file which in our case was ‘512298992.exe’. They say it doesn’t stick with the same file name. So, expect yours to be different.
  2. Rename the exe file and move it to another (adjacent) folder. I found that I could not just delete the exe file. However, it doesn’t complain when I renamed it (from ‘512298992.exe’ to ‘cowdung.rar’) and moved it away from its perch. Uh oh, now that I’ve said it, some of the sloths at the security tool dung factory might read this and update their manure accordingly. Anyway, from “C:\Documents and Settings\New\Local Settings\Application Data”, I dragged it to “C:\Documents and Settings\New\Local Settings\Application Data\Yahoo!”. No, I don’t have any grudge with Yahoo. That folder just happened to be the first folder I saw within easy dragging distance. The thing by the way doesn’t allow you to drag it to another drive, e.g. from C to D.
  3. I rebooted the machine. Surprise, Security Tool no longer showed its ugly head. It’s gone! I peeked back at the “C:\Documents and Settings\New\Local Settings\Application Data\Yahoo!” folder where I last put it. It was no longer there.
  4. Run MalwareBytes. Knowing that these things don’t just give up that easily, I ran Malwarebytes, which now got freed from its bonds and now went searching for the culprit that bound and gagged it earlier. Whatever it found I deleted instantly without second thought.
  5. I then searched for the 512298992.exe file. I found “512298992.exe – 1EEQR687.pf” in the C:\Windows\Prefetch folder. Again, I hit the delete button without even caring to find out what ‘prefetch’ means.
  6. Empty Recycle Bin.
  7. Some experts suggested about possible Registry entries that required looking into. So far, I found none in the identified locations. Some suggested locations are “HKEY_CURRENT_USER\Software\Security Tool” and “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run”.

I still am not sure if I have totally rooted out and removed the security tool virus from the office computer. It’s been almost a week and no one among our users ever reported anything out of the ordinary so far. I think, it would be favorable for my peace of mind to assume for now that it’s indeed gone.

Updates

  • One website reported that they just used the System Restore and everything went back to normal. Maybe I should have tried that first. 🙂
  • Since it allows Internet Explorer and Firefox to run, I may have tried renaming temporarily the Malwarebytes scanner from “mbam.exe” to “firefox.exe” and run it.

Anyone had an encounter with security tool virus and removed it successfully? Maybe you could share your experiences below.

SHARE to your FRIENDS by CLICKING HERE:

18 thoughts on “Remove Security Tool Virus”

  1. Fortunately I’ve never come across this and I hope I never will. Any idea how the computer got infected in the first place? Did any of those sites you visited searching for a way to get rid of the pest say how the virus was usually spread?

    Anyway James, I’m glad you got it all sorted out and I’m sure you’re off somewhere spending that nice bonus they paid you for getting rid of it 😉
    Sire´s latest blog post ..Teaching People The Proper Way To Comment

  2. Some office mate may have been fooled into clicking one of those free offers to scan our hard disk online for free.

    As to the bonus, if that was true, I’d be toting a brand new Canon DSLR camera by now and showing off my pics here. No, I’m just an office mate who knows a little bit about how to search for solutions on line and is just a bit savvy about the workings under the hood of the computer. We could have called the IT folks but we know it’d take forever for them to come over.
    james-mdeo´s latest blog post ..Automatic Photo Scanner Picks

      1. Cool! I’m tentatively setting my sights on the Canon 60D, or one of those Rebel models (which are a little less expensive than 7D). And for that, I’d have to wait 2 or 3 more months to save enough bucks. 🙂

        I’ve seen some of your pics at your photos2blog site. And I really don’t see why Dreamstime would not take a pic such as the one you took across the River Torrens. It’s simply breathtaking.
        james-mdeo´s latest blog post ..How I Got Wireless Internet For My Laptop At Home

  3. thank you very much, this worked first time for me. and to the cowards spreading this security tool rubbish i encourage you to email me if you dare, my email is jonquim @ gmail.com. please get in touch with me so we can jump in the ring together. i am a boxer and i want to deal to your face, i will pummel you all you scum!

  4. it works !~!!!! thanks!!1
    i m enjoying my laptop without the f ** king security tool now
    thanks gain

    big hugs!!!!

  5. This is a nasty one. On many viruses I have gotting by with renaming the malwarebytes install file to a different name such as lsass.exe or a common windows file name that is needed. This worked for only a monent. Once the install starts, it created a tmp file which the security tools detected and shut it down which ended the whole install of malwarebytes. I also tried system restore prior to trying anything and it ended the process to it as well. So I went looking for another direction and found this page. Thanks for helping me out on this one! But I thought I would let you know what I came across as well..

  6. I followed the 7 step procedure and it removed the virus without any issues. The file names and folders were slightly different from mine, but this was expected. I downloaded the Anti-Malware software and let it scan for about an hour and a half and it found a few other gotchas that I hadn’t found manually, but it worked great! Thank you.

  7. For the past few months, I’m experiencing the same thing. Since even virus scanner can’t fix my problem, I need to deal with it by reinstalling again my operating system. No other choice but to do again from scratch like the need to reinstall all programs that I’m using online, etc. Of course, I never failed to create a back-up copy of all my files.
    Lynn Waits´s latest blog post ..Suede Fringe Camera Boot By Jessica Simpson

    1. If you can tolerate and have time to go through the trouble of re-formatting your cpu and starting from scratch, it usually solves the problem and more (because you’ll also be cleaning up all other probable hidden viruses and worms lying dormant in your drives. I know, I do this practice for my computer back in my (old previous) job.

  8. I don’t know how I downloaded this, but I’m happy I came across your page. No problems now. Everything is back to normal.

    1. Glad to be of help Irek. : ) And hey, thanks for the cafe! You do know how to show gratitude. Again, thanks. 🙂

Comments are closed.