The pesky Security Tool Virus is back again, but this time, the rogue distributors are using a different tactic to get users to install this malicious and fake antivirus program.
The old trick was false and exaggerated scans that would make a user believe that their system is infected. The playing field has changed as these criminals are now using a fake Firefox “Just Updated” page. This is the page that loads immediately after an Firefox update. The page shows a message that tells the user that they need to update their Adobe Flash Player.
Once a user is on the “Just Updated” page, a download dialog box will pop-up automatically without the user clicking anything on the page. If the user clicks “Save File” the rogue antivirus program will be installed. This rogue program will wreck havoc on a users system and cause the system to be unusable.
How to remove Security Tool Virus
- Stop Security Tool Processes: [random numbers].exe
- Remove Security Tool Files
- C:\Documents and Settings\All Users\Application Data\[random numbers]\
- C:\Documents and Settings\All Users\Application Data\[random numbers]\[random numbers].exe
- Remove Security Tool Registry Keys
- Remove Security Tool Startup Entry: [random numbers].exe
- You can also download MalwareBytes Anti-Malware to remove Security Tool Virus.
- F-Secure has already updated their AV product to block and remove Security Tool Virus. They offer a 30 day free trial of Anti-Virus 2010.
Read more removal instructions and comments here.