I encountered a new but similar malware problem, this time with the name being SecurityTool “protect your pc” which absolutely stops you from doing anything with the system.
This one was particularly hard to remove, and had me digging into my bag of tools.
The Operating System was Windows Vista, but the updates were way behind. User had not even updated to Service pack 2.
So if you have this infection and want MLD Services to take a look at the problem, just give us a call or send an email.
If you want to try and remove it on your own then keep reading and see what we did to fix the system in question.
1. Booted the system in question from a AVG Rescue CD, update the definitions and run. But at the time I worked on the problem this did not resolve the issue, but it removed other problems.
2. From a clean system download malwarebytes and Microsoft® Windows® Malicious Software Removal Tool. Google these to find the latest versions.
3. Boot into Safe Mode and remove the following files, folders, and registry entries. This malware generates 8 string random numbers for file names that might be different from mine.
c:\programdata\SecurityTool\”some random number”.exe* Remember this number as we will need it again.
Some reports on the web said files were installed in the user directories, and you need to search for these entries. Make sure that you search in hidden files and folders or you will miss them.
Start the registry editor, find, and then delete the following.
HKEY_CURRENT_USER\Software\Security Tool
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “YOUR RANDOM NUMBER.exe”
Then search the hard drive, including hidden files and folders for “YOUR RANDOM NUMBER” .bat “YOUR RANDOM NUMBER” .cfg “YOUR RANDOM NUMBER” .exe Security Tool.lnk Security Tool.lnk
This stops the malware from running.
4. Install malwarebytes and the Microsoft® Windows® Malicious Software Removal Tool. Run one at a time and follow instructions to finish removal, but if possible keep the computer running in Safe Mode.
5. Boot back into Windows and run all tools one last time to confirm deletion. Next test your system, is it running OK? Do programs open, is your system connected to the LAN, is your Anti-virus software running?
Now before connecting to the Internet and browsing, or reading and sending email, let’s take the time to update all of our software, which includes Windows, Adobe, the Anti-virus and Spyware products you have installed. What about your web browsers? Are they updated? If you useplug-ins, are they updated?
Other articles by MLD Services that might help:
Look at our latest article on PC maintenance and updates to keep your computer system running.
I’m curious about if you located any no cost antivirus program that operates really well with Windows Vista. The software that I have used in the past is AVG free antivirus and it does not function well with Vista any more. What are your feelings on Avast anti-spyware?
I’m a fan of Microsoft Security Essentials. The other free products are just stripped down versions of the paid products and lack many important features.
Matt