How to Remove Security Tool Malware
Saturday, October 10, 2009
Security Tool is the latest rogue or malware software which is creating havoc in the computer community with internet connected. It prompts for a full system scan and throws out fake virus alerts to make you buy their software. It may ask you to pay for the software and guide you to a website for entering the credit card details. Once the bank details or credit card details are given, it might end up in hacker’s hand.
Follow these simple instructions on how to remove the infection manually.
Symptoms:
• Frequent alerts and pop up from Security Tool graphical interface
• Frequent alerts from Security Tool to run a scan on the computer
• Slow internet connection or unable to go to certain websites
• Unable to run or update certain security software’s
Manual Removal of Security Tool Malware
1. Start the computer in Safe Mode with Networking
2. Go to folder options (Open Control Panel – Folder Options)
Click View,
• Check Show Hidden Files and Folders
• Uncheck Hide extensions for known file types
• Uncheck Hide protected Operating System files
3. Check Task Manger and Kill if any of the process listed below is running
• Check for any running ‘.exe’ files with random numbers and kill it.
(Press Ctrl+Alt+Del, Open task manager, Click Processes, Right click the Process, Click End Process Tree)
4. Remove the infected files from user directory
In XP
• C:\Documents and Settings\All Users\Application Data\[random numbers]
• C:\Documents and Settings\All Users\Application Data\[random numbers]\[random numbers].exe
• C:\Documents and Settings\All Users\Start Menu\Programs\Security Tool
In Vista
• C:\program Data\ [random numbers]\[random numbers].exe
• C:\program Data\Microsoft\Windows\start menu\Programs\ Security Tool
• C:\Users\User Profile\App Data\Roaming\ random numbers]
• C:\Users\User Profile\App Data\Roaming\ random numbers]\[random numbers].exe
5. Remove from Registry
Open registry editor (Start – Run – regedit)
Click Edit – Find
• HKEY_CURRENT_USER\Software\Security Tool
• HKEY_CURRENT_USER\Software\[ random numbers]
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Tool
• HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run
To make sure that the infections are completely removed from registry, it is a good practice to note down and search for the values ‘Security Tool’ and [random numbers.exe]. Remove any entry which contains the file name.
