Security Tool Virus is a rogue anti-spyware program that’s distributed through websites that simulate virus scans. The user is than prompted to download the software to clean the infected PC. The tool provides false alerts of legitimate files that are needed by your Windows PC. Do not remove these files!!!
How to manually remove Security Tool Virus
- Stop Security Tool Processes: [random numbers].exe
- Remove Security Tool Files
- C:\Documents and Settings\All Users\Application Data\[random numbers]\
- C:\Documents and Settings\All Users\Application Data\[random numbers]\[random numbers].exe
- Remove Security Tool Registry Keys
- Remove Security Tool Startup Entry: [random numbers].exe
*HKEY_CURRENT_USER\Software\Security Tool
*HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Tool
You can also download MalwareBytes Anti-Malware to remove Security Tool Virus.
Read more removal instructions and comments here.
Related Articles
How to Remove SystemTool 2011
This is great info thank you so much for the update.
Bunny,
Hopefully no one was a victim of this fraud.
thank you so kindly for this information. I have tried everything and it keeps coming back. I can’t wait to try this.!!!!
Mary,
Let me know if the instructions solve your issue.
I have no idea, what any of that said, and computer has security tool AGAIN. Help!
man im a victim
Thanks for the help.
I can’t thank you enough for the info man…I was going crazy
Chance,
I am glad I could help!
Dude this dosnt work it wont let me get up cntrl Alt Del So i cant end the security tools process.
HeeElLLLPPPPPPP
Go to start-run and type msconfig.
then go into the start up files and disable it, if your not sure which it is then just disable them all and restart. Then task manager will be usable.
Lee,
I appreciate the help and hopefully others will follow these instructions.
Thanks for the info. Currently there are two variants of this malware. The other cannot be remove by mbam and all it takes is the manual removal of
Security Tool Virus I found here.
well strange has it may seem, this morning I had an experience on firefox and thank God firefox wouldn’t open it but a fraudulent site someone made in photoshop appeared on the screen after I copied and pasted 3 words from a comment on my blog into the browser then read through until I found what I was looking for once I found the item and clicked this photoshop image of what someone might think was legit popped up.
I would like your opinion on this because I think the commenter from my blog, may be behind the phony scam that came up.
… how sneaky is that? My husband did a couple of things to prevent this from happening and the site which by coincidence could not be found on Firefox or Google but we took a screen shot of it.
You have to watch the URLs entered in comments, even the form URL. These can pose a risk when it comes to exploits. I am glad you have the wisdom and internet browser that can and sometimes combat these frauds.
mywot.com get it!!!
lol~ thank you.
Hey i tried to remove the random numbers folder and it says “error. folder already in use” and some other stuffs and wont let me delete it…any other way?
Did you also try to remove it using MalwareBytes Anti-Malware?
i have and it wont let me use it i cant ctrl alt delete i cant restore i cant open in safe mode nothing i cant get rid i cant use task mgr help please
Great post, also look at superantispyware to remove these types of infections. The name sounds cheasy but it works.
I haven’t confirmed if Superantispyware cleans this tool. Thank you for sharing.
i tried this too everytime i try downloading it tells me its infected and wont open
Frank to the rescue, good job!
Jonathan,
Research is all is needed to find these fraudulent applications.
Thank you!
hey guys i reall need to get rid of this, ive been trying to for 2 days straight,
can u please tell me how to do it manually
Tyler,
Have you followed the instructions I included?
yes, it cant find it, i copied and pasted those names in search and i couldnt find them
i think i got the worse version of it
Yes, i have problem with Security Tool, it is virus and there are so many tools like that.
I have installed rogue antivirus but it make my computer even worse!
Randy,
You can browse our security and software category to read about other free tools to combat these rogue programs.
I just contracted the virus 2 days ago and I did the Malwarebytes thing it eliminated most of the virus and allowed me to access my taskmanger so I could force Windows to boot into safe mode but now when I boot my computer I keep getting a blue error screen saying there is a problem and windows needs to close so I cannot get to my desktop to change the task manager settings back is there a way to force my computer to boot back into normal mode so I can access my desktop.
Gabe,
If you have a restore CD that comes with your system, you can boot from the CD.
Is there a website to download the restore cd for my system if I cant find it.
Gabe,
You can visit the manufacturers website to see if they offer a restore CD you can download. If you have a restore point saved before the issue occurred, I suggest using the date to restore from when your system was running fine.
WORD TO THE WISE: never use system restore to help with spyware or virus problem. You may thing it has a single snapshot from 2 mths ago that had only clean files BUT it actually restores each point starting with the most recent, then the next most recent until it reaches the date you choose. Not only will you duplicate your current problem but may re-install exploits that have already been removed. Instead I suggest running malwarebytes in “Safe Mode with Networking”. You ‘can’ download AND install MBAM in “Safe Mode with Networking”. Run it two or three times until it finds nothing. Double-click SYSTEM in the Control Panel, click the RESTORE tab and DISABLE SYSTEM RESTORE ON ALL DRIVES. This will delete all restore points because they are all suspect now. Once you reboot, go back and uncheck AND create a new restore point.
Mark – IT Analyst
Mark,
I have used system restore on a few machines this past year due to some the most dangerous viruses and it worked. The only bad thing is that you will lose some of your data from the restore point date and on.
I just got this boot disk from this website
http://restore-disk.com/restoredisks/Dell/DellInspiron/Dell-Inspiron-E1705-Boot-CD-Linux-Windows-98-XP-NT-1763.html can you tell me what I need to search in order to find the task manager or system restore?
Gabe,
The restore CD is bootable. You need to boot from that CD and follow the instructions. Please make sure you save your important data which is usually located in My Documents.
But won’t I lose all the saved data from my hard drive if I use the restore cd from the manufacturer’s (dell) website.
Gabe,
You will not lose data you saved such as word, excel, etc.
so all of my video and audio files will be fine too?
What if I can’t find it what do I do then?
So what do you do if this program eats the mbam.exe and Microsoft’s tool with mrt.exe? How do you remove the registry keys and how do you know which ones are legit and which ones aren’t?
I looked with regedit and found several I wasn’t sure of, but its a fool who goes messing with his registry keys without knowing what he’s doing.
Jeffrey,
I am posting a new blog on removal instructions in detail. The blog should be up by 12:00 PM CDT.
Is there any way you can be more descriptive in the steps…because i have no idea what
*HKEY_CURRENT_USER\Software\Security Tool
*HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Tool
means?
CW,
Please follow the instructions on how to remove registry entries that this virus is leaving.
This virus hit my freshly built computer I had just finished 9/10/09 tweeked my bios and went online briefly nomore than 10min after i visited a site i visit very oftenly i was corrupted with this “system-tool” issue!! after hrs of going through task manager and blah blah which im sure works,i just didnt have luck with it I decided to just reboot from cd & do a fresh install again with the os& re-partioning the drive..which indeed work but I feel bad for alot of ppl its affecting now..and thnx jeff for info im going to tell some friends how t get rid of that problem they are now having..
Hi – A friend recently got this virus and I managed to disable it enough to get Malwarebytes installed. Malwarebytes seemed to have removed the virus after a quick scan. I did a full scan anyway, but no other infection showed up. Two weeks later, the virus is back. I used malwarebytes again and the virus appeared to be removed. The next day, on the first boot, the virus was back (before going to the web). Anyone else have this reinfection issue?
Pete,
The virus files may still be in the registry. Try downloading Hijackthis to determine if any rogue keys are in the registry. Be careful not to delete the needed keys for your system.
This this is driving me crazy. My girlfriend got this on here laptop with vista and its been kicking my ass all night. I can’t seem to get any anti malware program to run. It either eats the .exe files, or it somehow renders them useless. I manages to boot my computer normally after removing items manually, but still can’t run things properly. I got a blue screen of death while trying to run super antispyware, and not after failing miserably with spyware doctor, aftert uninstalling that the damned thing has been running through startup repair and doesn’t seem to want to reboot. Is this thing that good? I mean seriously is this a virus or a terminator. Its 3am now, I’m exhausted, and I myself have a flu making things worse. Assuming that at some point I can get this thing booted up again, is there any program out there that this won’t disable?
Rob,
Sorry to hear you were up all night pulling your hair out. This program is a terminator of sorts, but it’s removable if you follow the instructions posted. If you have a restore point saved before the issue occurred, I suggest using the date to restore from when your system was running fine.
Does it make your sound speaker disappear on your computer because i cant hear anything. on mine and my speakers were working fine last week and i cant open up the download
it keeps closing it down
Jay,
A virus can disrupt many programs on a system. This is the first time I am hearing about your issue related to this virus.
can somebody hel me…I dowenload malwarebytes but I cant run it I dont know what do now:S
Jona,
There might be a virus that is preventing the program from running. Please follow the instructions in this post to eliminate the virus.
Well after many hours and a combination of fixes from all the helpful people here and on many other site, I believe I have the problem fixed. A handy little program that ran like a champ in safe mode was Norman Malware remover. A combination of that, and spyware doctor seems to have erased all the active elements of this evil. I also went into the system to manually delete things, and I believe I’m good to go once again. Thanks folks
Rob,
Way to stay with it! I am happy that you solved your problem.
i have the same problem but when i go to download one of these programs the virus somehow blocks them what can i do ?
Sinkie,
Read the article on how to combat that issue. I provide details on what to do when your program will not launch due to the virus taken over.
I know slightly more than nothing about computers! My mum got this Security Tool virus on my laptop somehow. It is so sneakly, wouldn’t let me run any programs except IE. I looked it up on my boyfriend laptop as I couldn’t put up with the pop up bogus alerts telling me I was infected with x viruses. I then downloaded a removel tool from windowsprotection website but the virus stopped it running. I couldn’t run AVG either as it blocked that. Couldn’t go into help to do a system restore. Tried to go to symantec website butn the virus diverted me somewhere else! I booted into safe mode and msconfig and unchecked it in the start up and tried to find the virus folder and delete the contents but the virus blocked that. Then when I rebooted normally it had replicated itself and I still couldn’t run the damn removal program! So i went back into safe mode and re did all of the above then rebooted normally and I could do a system restore, which I did, and have updated AVG and run a scan that has come back clear (although AVG didn’t catch it in the first place) and I cant find any trace of it now. Is that it? Have I managed to beat it or will it be lurking, or is there something alse I should do? Any help appreciated.
Carrie,
It looks like you got everything. Are you seeing any badness after the fix? If all looks normal, you probably disinfected the virus.
I was navigating the internet yesterday, just common pages looking for some news when I noticed my CPU usage was high. Looked at Task Manager and ‘Inactive Process’ was at 30% and there was no other process with more than 5%. Firewall was suddenly disconnected. Thought all this was suspicious and then I did the worst thing to do…I restarted Windows. It was wrong since the moment it started shutting down: a strange ‘Windows is closing’ dialog appeared. When restarted my desktop icons and wallpaper were hidden and the annoying ‘Security Tool’ window pop up. First thing I did was turn off my modem. Tried to start AVG, System Restore, Task Manager, RegEdit and nothing, all was blocked.
Restarted again, tried to start in Safe Mode but it was useless. It didn’t load Windows, just booted again.
Internet Explorer was still avaliable, turned on my modem and searched for ‘Security tool’ virus. After a lot of Ctrl-Alt-Del pressing I was able to make the Task Manager window appear permanently and kill the random-numbers process. Downloaded MBAM and did a full scan after it updated itself. About 15 threads were found. Deleted them. Restarted my PC and everything was fine…or so I thought.
I turned on my PC today and it loaded Windows ok. Went for breakfast and when I came back my PC was restarted and the start up options menu was up (Safe Mode, start Windows normally, etc.). Tried every option and none could load Windows, they would just boot again. I was thinking about formatting my PC. Put the Windows CD in and did a Repair instead. So far everything seems ok. I had to reinstall IE8, AVG and OS updates.
I was wondering, besides being super annoying what else does this virus do? steal information or something?
I am unable to run any of the anti maleware programs, I can not start in safe mode. I do not have the cd’s to boot from and I can not start from an earlier date. Any help please.
Serentie,
What OS are you using? You should be able to run in Safe Mode as this virus will not prevent you from doing so.
I dont get the bios screen when I log on..how can i get into safe mode…just got the vrus today.
Fred,
It’s either the Delete – F8 – F10 keys you need to use before windows starts. If that doesn’t work, visit the manufacturers website for instructions for your computer.
The Security Tool stuff started on my computer last night. Figuring it was a virus, I looked around online for confirmation and for how to remove it. I saw something about Windows Defender, which did find some problems, but didn’t fix this. From the advice on this site, I downloaded MalwareBytes’ Antimalware and followed the directions, no problem at all, and it seems to have taken care of it. Thanks so much!
Cheryl,
I am so glad to receive feedback that the instructions I included in this post worked.
Thank you!
Hi,
I followed the instructions. However, i cannot open task manager to kill the [random numbers].exe. when i click on the task manager it says “task manager.exe is infected by virus” and cannot execute malware bytes. Please help.
Thanks,
Kevin
Kevin,
Have you started your OS in Safe Mode?
http://www.im-infected.com/rogue/security-tool.html
USE THIS LINK IT WORKS!!! AFTER TRYING FOR 10 HOURS TO REMOVE THIS DAMN THING AND NOTHING WORKED I FOUND THIS LINK AND STEP BY STEP(AND EASY TO FOLLOW) INSTRUCTIONS AND THEY WORK!! WOO HOO
Hi,
I followed instruction and killed the randnumber.exe first. Then I downloaded MalwareBytes’ Antimalware, but I can not run the program. An error message was shown after installation: CreateProcess went wrong, code 2. I tried safe model with network, and situation was same. I am not able to log in safe model only. please help
Devia,
Please read some of the comments to get more help on removing this virus.
I Need help with this one.
I have attempted to run both the Malwarebytes and superantispyware, but the virus blocks the install files from running. I even tried renaming the files before downloading them. I have found some of the random numbered files, but can only sucessfully remove one. The other is proteced or in use. So manual removal and the applications seem to be blocked. I need to solve this issue asap. Help?
Owen,
Please read through the comments as some visitors have provided other methods on removing this virus. I have tested the instructions I have written and they work well. I also received a few emails stating the same.
The .exe file is located in C:/documents and settings/all users/application data
you have to unhide the application data folder by selecting “tools” inside the all users folder and selecting “show hidden files and folders” then you will see the icon thats been showing up on your desktop. its named with numbers …example: 17232744823 . Delete it and empty recycle bin and restart pc.
Paul,
I appreciate the feedback and hopefully all the good tips provided by everyone here will help others.
I was unable to find application data so hopefully this works! I am at work but will try more when I get home. I’m having the same problem where it is blocking all the antivirus programs (I’ve tried to rename MalwareBytes but that doesnt seem to work either) and when I try to start in safe mode it goes to a page where it seems to be going through a list and then just freezes at that page and doesn’t load. It blocks task manager to but I have found that if right when the computer is loading things if I keep pushing ctrl, alt, delete I can get it to come up. I have also read to transfer the renamed program from another computer via disk so I will try that to. How frustrating!
Erica,
Follow the instructions and I am sure you will clean your system from this virus.
thanks for the advice… folled it to the letter an it seems to have fixed the problem without costing me too much time or any data :)
Michael,
I am glad the instructions solved the problem.
I stopped the process but I could not find either the files or registry keys. Please email me. Thanks.
hi frank- it would appear that i celebrated prematurly :( i thought i had fully wiped it an my computers been fine. however i have just turned it bak on and its bak :( any ideas?
Michael,
There are other instructions and tips from others who have left comments here that you can try.
You fixxed it thank you so much im so happy i thought i had to restore
Richard,
I am happy that you now have a clean machine. Good job!
I just did a system restore to get rid of my security tool virus. I tried the manual delete but the file would not delete. I found the file by right clicking on the menu icon and using the find target feature. It had corrupted a xp os and would not let me open msconfig or control panel or let me delete the folder and file from the app data file where the exe was stationed. I couldn’t open regedit either. It disabled my administrator logon and I could only logon with the installed users. the sytem restore to a week ago did rid the app data folder of the (number)folder…I also could then open msconfig and make sure that it wasn’t in there. I downloaded hijack this and installed it to use it in case my os gets hijacked again. I hope this will work. I am discouraged by the post earlier that a system restore will not work. I don’t know where this virus was installed…My son was looking up halloween costumes on the web…but he doesn’t know where he picked it up. We were also getting the blue screen of death prior to the system restore. This is the second time he got a virus off the internet….I think his girlfriend falls prey to these malware items.
Joan,
The good thing about chasing these viruses is that you will learn a great deal on how these viruses leave their fingerprint.
Good luck!
I don’t want to waste any time learning about how this virus fingerprints. They are all different. The only thing I wish to learn is how to delete this ‘security tool’ without having to to a complete reformat and reinstall…..I couldn’t find any trace of this program in the c drive after the system restore. Where does it lurk? Perhaps I can find it before it re infects.
Joan,
The instructions I wrote have worked on over 10 machines so far. What I meant about learning a virus fingerprint was that many viruses can be removed following these same instructions with the exception of the HKEYS being different.
how do I do the HKEYS part. Can you please be more specific. Another person also asked. What do I do for that step?
Julian,
The HKEYS re the registry entries. I have provided instructions on how to edit your registry in this post.
hi
ive recently erased this virus twice but its bak again :( and now its the bought the blue screen of death with it :( i cant get past the initial loading section… any ideas?
To completely get this virus off I had to take hard drive out and connect a usb to sata and ide cable from cables to go. I then ran malwarebytes. I was unable to go into safe mode. This 25.00 cable saved me hours of pain and if it happens again I still have it to use. this virus came from an email supposeably from amazon and customer opened it anyway already knowing she didn’t order anything from there. Point being, If you don’t recongnize the email, DELETE IT. VIPRE is a awsome virus program. Don’t waste money with symantec, AVG blah blah blah. Becareful, This virus tried to load on my laptop when I did it this way but VIPRE caught it before it had a chance. I hope this helps!
Tony,
Thank you for adding additional information on how to remove this virus!
hi, please help me.
I followed a different website’s tips on how to remove the virus, so I downloaded the malwarebytes antimalware and i got rid of security tool. but it keeps coming back everyday, i have to run the scan at least twice or three times daily. now i cant even access any programs such as itunes, chrome, etc. is there a way i can fix this?
HELP PLEASE!
thank you in advance
please help!
i downloaded malwarebytes antimalware and deleted the security tool, but it somehow keeps on coming back.. how is it doing that?! at least twice everyday i have to go on malwarebytes antimalware to again delete the virus and restart my computer. now i cant even access programs such as chrome and itunes.. do i have to purchase a new computer or can i fix this problem myself? thanks
Amy,
You do not have to purchase a new computer, but if you read through the comments you may find tidbits on what other methods to use in order to remove this pesky virus.
I believe this virus has been updated, and the instructions above no longer work to remove it.
The virus:
-Deleted all previous system restore points, and disabled that function.
-When MalWare is installed and renamed to something like firefox.exe of iexplorer.exe it will run, but when the scanning starts the program terminates about 10 seconds in, and after that the .exe is no longer runnable. (Ive tried running several different instances of renamed Malwares at the same time and they all terminated 10 seconds in, one after the other… depressing sight)
-Even in safemode Malware reacts the same way as above
-Having once terminated the random number file it no longer shows up in the processes list, but other processes must take its place? Went through the appdata folders under my username (in Vista) looking for recently modified files and found b.exe hidden in temp data files which will replicate itself if deleted and show up in processes, once renaming itself as bstat.exe or something like that. (maybe related)
Ive been messing around with it a lot, and the virus no longer popups Security Tool ads or taskbar warnings, and it no longer constantly brings up the Computer Sleep dialog box either (as it was before), but since Malware still won’t run I know its lurking in my computer somewhere…
Baker,
I am going to check with a few sources if the virus has a new update.
Still going at this, discovered that Malware preparing for the scan (specifically when it is “enumerating registry objects prior to scan”) triggers the virus, and the virus removes Malwares security certificate and removes the usergroups that can run it.
I modified the file in its properties tab and manually added the USERS group back, which allowed me to run the program again, but it terminates and reacts the same way when preparing for the scan, making itself unrunnable again unless I re-add the USERS group.
Hey, the virus is on one of my co-worker’s computers and has effectively disabled system restore AND regedit…what to do!?!?!
Please help, we have a lot of computer-unsavvy-individuals at work, and I have a feeling this will happen to more than one person.
Meghan,
Have you tried the instructions written here? Also, read some of the comments as others have left other procedures on removing this virus.
Oh yes…our acting IT person has tried a lot of the suggestions I’ve printed off from several forums.
It seems the virus has mutated since the beginning of October into something stronger and more destructive.
It wouldn’t be an issue if we could access regedit, or if the msconfig fix would work, but we can’t get any of these fixes to work.
We’ll keep trucking along on this issue and will post our solution if we find one!
Meghan,
Please share with me your findings. Are you sure that you have this virus?
Oh yes…Security Tool is on my co-worker’s computer, there random # processes pop up…we managed to get into the Regedit through a huge round-about process…but it immediately came back!
cannot make the Malwarebyte “renaming the .exe file” to work, and now we are missing “Folder Options” in the Control Panel.
This is the craziest virus I’ve ever seen.
ughhhh! its on my comp and this isnt working!
i dont understand these instructions at all
i live with a handicapped person and he must have downloaded this
its on my computer, its thriving and trying to shut down alot of stuff
these instructions make no sense
heres an advanced tip:
Go to run -> ‘msconfig’
just uncheck and re-check something in services or startup.
When you restart, let the box for msconfig pop up EVERY TIME you restart. That way, these little viruses cannot block your access to msconfig because it will load before their virus. 99.9% of viruses/spyware/etc. have an .exe on startup, so you will have the ability to disable the startup command, restart your pc, and click taskmgr real fast upon restarting to disable the .exe’s causing the problem BEFORE they cause it.
I have had multiple versions of this same virus, it will run either an ‘svchAst.exe’ or an ‘svOhost.exe’ both are optical illusions since there are quite a few legitimate processes called ‘svchost.exe’. Anyways, if you can manage to disable the svchast.exe or svohost.exe before they can load the other malicious .exe’s then you will be able to fix the whole problem a lot faster and avoid safe-mode, system restore, booting from disk, etc.
The ‘svohost.exe’ is the newer problem causer and is NOT detected/deleted by mbam.exe
I read all the above comments and noticed some similarites to my situation but also some differences. I cannot load any anti-malware programs on my computer due to the virus and the taskmgr will not load as well. I’ve tryed to start my computer in safe mode but a blue screen appears telling me theres a problem and i need to restart. I’m basicaly stuck as what to do next, pleasee help.
Ari,
Do you have your restore disk that came with your system? This disk will re-install the OS files that came with your system. This may be your only way out unfortunately.
Hello, I have downloaded a program from your website to get rid off security tool on my computer. However, the security tool does not allow me to open the program to run it. How do I get rid of a security tool. Please help!!!!!
Dana,
If you read the instructions and browse through the many comments, you will be able to remove security tool virus.
Virus will not let me open: MsConfig, Task Manager, Malware Software, etc…looks like the only option is to wipe the entire computer unfortunately.