 | Home | | Download | | About | | Donation | | Forum | |
This guide contains three parts
Symptom of Security Tool
Security Tool is a rogue antispyware program. It belongs to a rogue program family, all variants of this rogue program family is listed below: they use the same method to infect your computer.
- XP Security Tool
- Vista Security Tool
- Win7 Security Tool
Once infected by one of above variant, one or two processes with random number name will appear in task manager:
This random process file is located in "Application Data" folder, the "Application Data" folder is :
For Windows XP : C:\Documents and Settings\%User Name%\Local Settings\Application Data
For Windows Vista/7 : C:\Users\%User Name%\AppData\Local
Note : %User Name% is the name you login.
This malware will add severy entries in registry so that it can be launched automatically every time Windows is restarted.Once it is active, it will protect those registry entries from being deleted. :
Modified registry entries by Security Tool :
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls
HKEY_LOCAL_MACHINE\Software\Microsoft\Window\CurrentVersion\Run\%Random Number%:C:\Documents And Settings\All Users\Application Data\%Random Number%\%Random Number%.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\%Random Character%:Rundll32.exe "C:\Windows\System32\%Random Character%.dll"
This malware keep poping up a window pretending to scan your computer and giving false malware infection report.
How to remove Security Tool rogue program
Manual removal instructions
Due to this malware add lots of entries in registry and protect itself from being removed, so manually removing this malware basically is a mission impossible, you better look for some antispyware programs to remove this malware automatically.
Automatical Removal instructions
Several antispyware programs can completely remove this malware:
MalwareBytes:
MalwareBytes is an excellent antispyware program, The company of MalwareBytes provides a free version for personal user.
Download and install MalwareBytes Anti-malware (MBAM).
Main interface of MalwareBytes' Anti-Malware
AVG Antivirus:
AVG Antivirus is another well-known antivirus protection tool. The AVG Free Edition is available free of charge to home users for the life of the product.
Download and install AVG Free Edition
Main interface of AVG
Solution for infection by a new variant
If you followed the steps above but still get this malware or some objects are denied to delete, your computer possibly gets infected by a new variant or there is some hidden objects that have not been detected. We provide a free diagnostic scan tool ("TheStubware") to scan your computer and generate a scan log file for analysis. This tool is especially used to find those stubborn malware. You can submit your log file to support@TheStubware.com, we will analysis it and send you back a removal script file to remove the new variant or hidden objects found in your log file.
Download and install TheStubware
Leave your comment (Currently 7 comments)
This is what i get and i cannot remove it.
Fix Auto-Run Programs : [HKLM\Run\21260011=C:\Documents and Settings\All Users\Application Data\21260011\21260011.exe] Failed! Reason:Deletion denied.
Fix Auto-Run Programs : [HKLM\NT\Windows\AppInit_Dlls=lepefihi.dll c:\windows\system32\mabofozu.dll] Failed! Reason:*Denied.
Fix Auto-Run Programs : [HKLM\ShellServiceObjectDelayLoad\hagekikoj={b77d3a54-904d-4589-a344-438044d67c67}] Failed! Reason:Deletion denied. Commented by Ilias Pulluqi-- 10/07/09 6:21:21 |
Hi Ilias,
Please run TheStubware scanner and send your log file to support@TheStubware.com or the technical support forum, I will help you remove this rogue program. Commented by Michael-- 10/07/09 8:19:10 |
.. hI .. this worked for me.. so far. . its nice to see that some one has put together a working and free utility for this type of thing. you will be rewarded in many ways.. Commented by signaturex-- 10/07/09 19:28:32 |
please help me sir or madam..................my computor is infected with security tool. I don't know what to do. My wife has college classes online, she keeps getting interupted by this damn thing, help please!!! Thanks Commented by Kevin Gass-- 11/25/09 19:31:54 |
I have the security tool virus and ran thestubware in safe mode to remove it however the below cannot be removed. Please advise. Thanks in advance for your help.
Fix Auto-Run Programs : [HKCU\Run\91834328=C:\ProgramData\91834328\91834328.exe] Failed! Reason:Deletion denied. Commented by D.Corvino-- 11/30/09 4:05:23 |
Please run TheStubware scanner, after the scan is done, click "View Log" button, and post your log file to the forum. Commented by Michael-- 11/30/09 14:08:13 |
I have the security tool virus and was trying to download the stubware and I cannot do anything. If anyone can help please! Commented by Chasity Rainey-- 12/20/09 10:27:04 |
| Do you remove this: |