Security Tool??????????

jupiter00

I have this ' security tool' popping up telling me I have a virus of some sort and if I pay x amount it will remove the trojan or worm which is trying to send my credit card details to someone. Only thing is I have to pay by credit card and it says its from MS explorer, Is it really. I have avast and have had nothing like this before. It is really annoying and how can I get rid of it? I have tried spybot but it says spybot is infected too, weird?

WIZE

ITS A VIRUS or ADWARE ON YOUR PC DO NOT PAY IT

WIZE

You could try downloading Malwarebytes from

www.malwarebytes.org to remove it

Also download http://www.microsoft.com/security_essentials/ to remove it

jupiter00

Thanks for the replies, this seems fairly nasty, I don't know if it is stopping the download of the suggested sites but I haven't been able to download them so far but I will keep trying. It keeps popping up, very agressive this one.
I have installed the microsoft security but I can't open it or run it or run spybot or run a scan from avast, I keep getting a pop up alert from 'security tool'. I don't know what else to do.

WIZE

try starting your PC in Safe mode ( Keep pressing F8 when Boothing )

then see if you can install either of them

bhickey

As Wize says, do what you can in Safe Mode (or preferrably 'Safe Mode with Networking') for now. By the time Windows is running in normal mode. these viruses have already started and are also protecting themselves by blocking access to the tools you need to remove them.

jupiter00

Hello again guys and thanks for the help. I went to safe mode and because it was so late I went to restore settings. I tried to use the MS Security Essentials but it said I needed to go to 'normal mode' so I didn't want to have those pop ups again! I don't think I downloaded properly. The 'security tool' seems to be gone now but it was fairly difficult to get rid of. I see on Google it has further info on this so watch out for it. I have updated MS and downloaded MS Security Essentials and updated spybot, hopefully this will protect my PC. Our BB was off today until now so here's my message. Great help seeing I'm not a techie.

tricky D

MalwareBytes is a great tool but is not perfect. Your best course of action is to read the "I think I have a virus" - Please Read & Try BEFORE Posting (Updated 12/02/2010) sticky and carry out as many of the instructions in that thread, then post the relevant logs here. Someone will be along to help but only once you do those tasks.

u140acro3xs7dm

download rkill which will stop the infection running, then malwarebytes to remove it

_Whimsical_

Kolton Teeny Snobbishness wrote: »

download rkill which will stop the infection running, then malwarebytes to remove it

+1

My mums laptop got this virus yesterday and I've been trying to fix it since with limited success.

I tried running malwarebytes in safe mode but it didn't detect the infection. In normal mode there are only a matter of seconds before the virus launches itself so no time to do a cntl, alt, del to stop it in it's tracks.

After reading a post somewhere I downloaded rkill to a disk on another PC and added it to the desktop in safe mode. I renamed it there to "file.exe . Then boot up into normal mode and the second the desktop appears double click rkill/file.exe. It will stop the virus so you can run removal tools in normal mode. I'm running the portable version of SuperAntiSpyware ATM.

Please come back & let us know how you get on OP and if you pick up any tricks for fixing this.

EDIT : SuperAntiSpyware has done the tricks. Removed it and there's no sign of the virus after restart.
Also , yesterday within seconds of the laptop getting the virus the monitor went completely dead . Ive been hooking the laptop up to the TV since then to see whats going on. It's been restarted 20 times in the last 24 hrs and not a sign of life out of the screen at all. Once I rebooted after the virus was removed the monitor started working!

_Whimsical_

And another update ...

Just because everything seems to be fine and the virus is gone don't be complacent. I found that I can't update my virus scanner today or install Windows updates. I emailed my error codes to Microsoft Security Essential support and they say that they indicate that there's still infection in the system although 4 tools fail to detect anything tonight.

GRRR!

At least the screen and the laptop itself is now fully functional. Anyone else had the same problem & managed to overcome them ?

Musikhola

You can try to delete it by using removal tutorial. Manual removal is also pretty guaranteed way in removing the scam.

Jayd0g

This is a very annoying program. Have managed to get the malwarebytes scan running and had a look through the registry but couldn't find any keys similar to those listed on spywared.

Will let the malwarebytes finish, then install Microsoft System Essentials.

Dey were Sooted

I woke up yesterday morning to find this on the home computer . I felt a little put out as it had got past Nod32 which is on the system . Nod had never let me down before .

I had an attempt at stopping it but it was a nasty one - ran the Nod scan and the computer blue screened during this process . Then I found that I couldn't open the task manager at all and when I tried to install anti malware software the computer blue screened again .

So last thing before going out to work yesterday I read this post . When I got home from work I downloaded rkill and AMB and put them on a key fob with my laptop . Then I booted up the house computer to do as ye said here and straight away Nod32 blocked the attack. I guess it took the Nod crew a few hours to catch up with this nasty one but my confidence is restored in them once again .

Thanks for everyones advice here. If Nod ever totally fails me I will know where to come in the future ..

kincaid

hi

this security tool come up on my pc today and have tried several removers mentioned to get rid of it and all failed..
i tried malwarebytes in safemode too and when it scans my pc it give it the all clear so not picking up on this and so still remains on my machine..
im running in safemode at present as cant use it normally

any help appreciated

tricky D

Read the sticky

paulgrogan.eu

Hi Guys,

One of my friends has a similar virus to this one. System Tools Notification which has taken over this wallpaper, big red 'X', pay for the licence to remove etc.

I have read through the posts and intend to perform many if not all of the suggestions listed above, however I am concerned that I won't be able to rid the pc of all aspects of the virus. Therefore I am wondering if it would be advisable to use System Restore and restore the machine to a previous date, would this be a 99% way of ensuring that I have completely rid the machine of any infection along with doing the above steps?

I am shocked that he has picked up this virus as he runs Norton Internet Security, fully up to date, and in my experience this is perfect solution for the average home user like my friend.

Any advice on the above would be very much appreciated, as I would rather not have to wipe the laptop completely if I an avoid it, but if you guys feel its the safest, then thats what must be done.

Rgds

Paul

tricky D

paulgrogan.eu wrote: »

Hi Guys,

One of my friends has a similar virus to this one. System Tools Notification which has taken over this wallpaper, big red 'X', pay for the licence to remove etc.

I have read through the posts and intend to perform many if not all of the suggestions listed above, however I am concerned that I won't be able to rid the pc of all aspects of the virus. Therefore I am wondering if it would be advisable to use System Restore and restore the machine to a previous date, would this be a 99% way of ensuring that I have completely rid the machine of any infection along with doing the above steps?

I am shocked that he has picked up this virus as he runs Norton Internet Security, fully up to date, and in my experience this is perfect solution for the average home user like my friend.

Any advice on the above would be very much appreciated, as I would rather not have to wipe the laptop completely if I an avoid it, but if you guys feel its the safest, then thats what must be done.

Rgds

Paul

READ THE STICKY and carry out the instructions there, post the logs in a new thread, then someone who knows their stuff will direct you appropriately. Otherwise you will not be sure you actually got rid of it/them.

System Restore is unlikely to solve the problem and don't be shocked that Norton didn't detect the virus. It's nowhere near as good as you give it credit for.

ellieswellies

If you run rkill and malwarebytes is that all you need to do to get rid of the virus from your system, or should you do something else as well? Apart from running your antivirus of course...

johnnybmac

_Whimsical_ wrote: »

And another update ...

Just because everything seems to be fine and the virus is gone don't be complacent. I found that I can't update my virus scanner today or install Windows updates. I emailed my error codes to Microsoft Security Essential support and they say that they indicate that there's still infection in the system although 4 tools fail to detect anything tonight.

GRRR!

At least the screen and the laptop itself is now fully functional. Anyone else had the same problem & managed to overcome them ?

Hi, I had the same problem after removing this from a friends laptop, 3 weeks later (after a complete reinstall) I had the same trouble after removing "antivirus 2010" from the same computer :rolleyes:. Having tried all of the most popular tools for removal i.e. Malwarebytes, superantispyware, spybot, Combofix, MSE etc.. I eventually ran TDSSkiller from Kaspersky and it found rootkits which finally allowed Windows and MSE updates...

http://support.kaspersky.com/viruses/solutions?qid=208280684

On a side note:
I found that when trying to remove "Security Tool" in safe mode, it could only be detected if I actually logged in to the actual user account which was infected, rather than the built in Administrator account...

bhickey

ellieswellies wrote: »

If you run rkill and malwarebytes is that all you need to do to get rid of the virus from your system, or should you do something else as well? Apart from running your antivirus of course...

You'll also have to fix the hosts file. Read from Step 22 here.

ellieswellies

This is an incredibly dumb question, but I'll fire it out there....do you download rkill and malwarebites in safe mode when you are working away on your infected computer, or do you do it on a totally normal computer and transfer them (...I'm so sorry even I know that sounds dumb!! I get the equivalent of people like me in my work all the time so I empathize, soz!:pac:)

bhickey

ellieswellies wrote: »

This is an incredibly dumb question, but I'll fire it out there....do you download rkill and malwarebites in safe mode when you are working away on your infected computer, or do you do it on a totally normal computer and transfer them (...I'm so sorry even I know that sounds dumb!! I get the equivalent of people like me in my work all the time so I empathize, soz!:pac:)

Not dumb at all. Downloading it to another non-infected computer is the safest way to know you got a good copy.

ellieswellies

Cheers dude. I have yet another however!- I'm at step 23 in this http://www.bleepingcomputer.com/virus-removal/remove-security-tool

After the scan it told me to restart, which I did as per the instructions above, and it brought me back to normal looking windows 7...I'm assuming not in safe mode. The next step is to delete
C:\Windows\System32\Drivers\etc\HOSTS
so I searched for it and deleted it.

I went to open firefox and it comes up with the 'problem loading page' page, even thought I'm connected to the internet, so I can't download the host there.
I'm using the PC at home (not infected) to transfer the files to my infected laptop, so I DL'd the windows 7 host on the PC, which runs on XP, put it on the disk key, and then transferred it to the laptop and saved it at C:\Windows\System32\Drivers\etc.
Am I doing this right so far? And why won't my firefox or internet explorer open? Sorry bout the crazy font btw

bhickey

A clean hosts file (or no hosts file at all) shouldn't cause that problem. As long as your host file is not infected, then it should have no bearing on the matter. Can you access the Internet in 'Safe Mode with Networking'?

ellieswellies

Nope unfortunately...in normal windows it says that the connection to the server was reset, and in safe mode firefox says that the proxy server is refusing connections..and to check the proxy settings to make sure that they are correct. I deleted the host file that I put on there and still nothing happened, I put it back on there and it's still the same...any ideas?

EDIT hold the phones...I may or may not have solved it correctly...I selected 'no proxy' in the firefox network settings, is this ok? The internet works grand now, but I am just not sure if this is the 'best practice' way to fix it!

bhickey

ellieswellies wrote: »

EDIT hold the phones...I may or may not have solved it correctly...I selected 'no proxy' in the firefox network settings, is this ok? The internet works grand now, but I am just not sure if this is the 'best practice' way to fix it!

There would never normally be any reason for you to be using a proxy so yes you've done the right thing. Just of curiosity, what was the proxy server set to? It'll be greyed out but you should still be able to make out what it was.

ellieswellies

The fields under manual config were blank, except for the 'no proxy for' field which read 127,0.0.1. I hope that doesn't sound too off the wall!