Security Tool Virus Update and Removal
by Frank Jovine on 02/19/2010 in Fake Antivirus, Security
This nuisance rogue malware program has resurfaced once again. Security Tool Virus was first discovered in October 2009. It’s in the same family as Winweb and it’s by far the toughest and most complex rogue software to remove, but we solved that issue last year.
Security Tool Virus is classified as a rogue software by many security firms because it falsely reports infections and scares users into purchasing the full license of the program in order to remove these false infections. Security Tool Virus will start automatically when you log in to your computer.
Be careful, and DO NOT delete the infected files found by Security Tool Virus as these are legitimate system files.
Symptoms that may be in a HijackThis Log:
Please note that the files and folders for Security Tool and SecurityTool have random names.
- O4 – HKLM\..\Run: [4946550101] %UserProfile%\Application Data\4946550101\4946550101.exe
- O4 – HKCU\..\Run: [Install] %UserProfile%\Application Data\4946550101\4946550101.bat
Security Tool Virus Activities:
- Changes browser settings
- Shows commercial adverts
- Stays resident in background
Automatic Security Tool Virus Removal: http://www.pctools.com/downloads/afl_2-spyware/sdsetup.exe
Security Tool Virus is from the same family as Total Security 2009 and System Security.
Other Removal Instructions can be found here.
lisa
Feb 21st, 2010
I had the Security Tool Virus
I tried everything nothing worked cause the red/blue message pop ups kept appearing, stopping everything.
Follow the steps, but once I saved it, I had to shut down and start on SAFE MODE in order to run the scan, it worked and deleted the virus.
Im gonna kill my kid
Feb 26th, 2010
Im in safe mode what scan am I supposed to run, there is asecurity tool icon, but I know I don’t want ot run it. What scan are you referring to?
Arya
Feb 22nd, 2010
wow,, really good tips. Actually i only use free antivirus for my laptop.
the virus always increase time after time.
Loida
Feb 23rd, 2010
hello there everyone,
i had the security tool virus
i tried everything notning worked cause the black my screen and also the pop ups kept appearing , stopping everthing too. please respond on my email.
thanks
Loida
Frank Jovine
Feb 24th, 2010
Loida,
Please follow the instructions and you should be fine. I also included a link to another article about Security Tool Virus Removal.
Bob S
Feb 23rd, 2010
I followed your tips to remove Security Tool. As I was following your instructions, I noted that there were two(2) Security Tool apps on the infected notebook. One was 68345228.exe and thge other was 57817129.exe. I know the numbers don’t matter. Anyway, your instructions worked great and on behalf of my son-in-law who brought his infected notebook to me for repair, Thanks a bunch!! You saved me a lot of time and frustration.
Frank Jovine
Feb 24th, 2010
Bob,
I really appreciate the feedback. I am glad it all worked out!
Andrew@BloggingGuide
Feb 24th, 2010
Will definitely be watching out for this another rogue software. Thanks for the info.
Frank Jovine
Feb 24th, 2010
Andrew,
You are welcome and I am glad to inform everyone about rogue software.
Jessie
Feb 24th, 2010
Just an update to all that are having your exe files disabled by this fake AV, HKey_Classes_Root\.exe may have a Shell command that stops exe files from running and/or installing.
Removing the shell key from that Registry key may help solve your problem.
One thing before removing any settings from your registry, its very important to export your registry to the Desktop.
Sharon
Feb 24th, 2010
My daughter got this on her new laptop! I tried in vein the other day to get rid of it & could not. I will try using the instructions on this site. I am gathering I have to do it in safe mode since the black screen prevents me from doing much, between that & the pop ups, I wasn’t able to download anything.
Frank Jovine
Feb 24th, 2010
Sharon,
Just follow the instructions and this virus will be extinguished.
Sharon
Feb 24th, 2010
I cannot do it manually by accessing “run”. It doesn’t let me, now what?