SecurityTool - Security Tool Virus

Make sure Malware remover is updated, and run it in safemode. I wasn’t able to do crap outside of safemode. Couldn’t run regedit or open tasmanager or run any kind of remover tool….until I rebooted in safemode.

I dowenload Malwarebytes’ Anti-Malware but I cant run it because of virus what should I do now:S

Note: Virus like SecurityTool may prevent mbam-setup.exe from downloading and running. You can download and rename this program from a different computer before running it on infected system.

Jona - run it in “Safe Mode” by pressing F8 when your computer restarts. “Safe Mode with networking” selection should be fine.

PLEASE CAN ANYONE TELL ME HOW TO GET IN TOUCH WITH SECURITY TOOL TO HAVE THEM REMOVE THE CHARGE THEY CHARGE ME!!!!!!!!!!! THANK ANYONE WHO CAN GIVE ME THIS INFORMATION !!!!!!! THIS IS ONE OF THE BIGGEST SCAMS ON THE INTERNET RIGHT NOW!!!!!!!!!!!!!!!!

I’ve cleaned a number of computers that have been infected with this virus (and the anti-virus 2009) I use a flash drive with Advanced System Care (The Geek Squad standby) and MalwareBytes (My old standby) installed on it. They are both FREE programs, and make sure you run the updates. I always use the safe mode and have had great success most of the time. Although I must say this is a tough one to get rid of … Watch i when using ASC, it’s a pretty powerful program .. don’t get carried away with all the ‘goodies’ if you don’t know what you’re doing. STICK WITH THE BASICS !!!

Your instructions were right on! Thanks. I did have to bring up Task Mgr as soon as computer began logging on. I kept Task Mgr up and stopped running any Security Tool items I would see. It seem to help me get thru your directions easily.

Best way is to boot into safemode per above 1st and then try removing it. Make SURE you turn off System Restore. If you don’t the latest incarnation of this malware will not go away easily.

If you cannot boot into safe mode then upon bootup as soon as you see your desktop starting to load hit Control+Shift+Esc until the task manager runs and then close down the SecurityTool Program. It won’t be called SecurityTool.exe but will have a funny name that will be noticeable. Then turn off System Restore.

Then put in your thumb drive in that has malwarebytes and an antivirus program. A demo version Norton Internet Security is currently imho the best thing going but if you want something Free than Microsoft Security Essentials is OK but not as good as commercial software.

Contrary to what you see here Malwarebytes likely won’t get it all but will get most of it. That’s why you need a separate antivirus program to clean up the rest of the infection.

Someone please please tell me how to get the money back security tool charged me i’m goin through a lot and i need it back i can’t believe they ripped me off

I struggled quite a bit and found I could hit ctrl alt del several times during boot up and get the task manager to show up and stop the security tool. Then I downloaded the malware and ran it and my computer seems to work well since. It’s difficult at first without halting the security tool because it always hides evrything that you bring up on the screen. Good luck to all of you..

I downloaded mbam from a different comp & had it renamed before using, it worked. Get the free version. Thanks a LOT Malwarebytes,…………

I’ve tried running the Malware and I keep getting some kind of Code 0 when I try to run it, even with the .exe patch that’s available, and yes, I’m doing all of this in safe mode. Suggestions?

Very interesting site. Hope it will always be alive!, map198, map34, map167, map37, map149,

I am suffering this virus, the computer is in a constant loop of starting and closing down, I do not have sufficient time to stop anything, I cannot get into safe mode either, can anyone help with getting rid of this virus?

After running the virus scan, I had to delete the Security tool file from the c drive, which was named a series of numbers. Otherwise, everytime I restarted the computer it came back.

I just purchased security tool, but i did not get an activation I.D. or number

If you have to do it, you might as well do it right., Trendnet Control Center Firewall, Symantec Antivirus Research Center, Tns Spyware, Spyware Remover For Macos 9 2 2, Symantec Antivirus Update Free Download,

Very interesting site. Hope it will always be alive!, What Is Spyware And Sniffers, Yahoo Beta Spyware, Windows Enhanced Firewall, Windows Defender Crack Program Fee Download, Remove Virus Win32 Vundo Generic,

Great. Now i can say thank you!, Download Free Spyware Cleaning Software, Dyna Defender, Darpa Hardware Malware Detection, Download Crack Firewall Black Ice Defender, Defender Tdi 300 Speed,

I now have this virus and am wondering which one of these methods would work the best if I am running Vista. Anyone have an idea? Would be appreciated. Thanks

[...] with satisfactory result by having the following procedures: - All programs are closed during Security Tool removal - Internet connection is disabled while Security Tool removal is in process - Registry and [...]

Thank you!, the Malwarebytes Anti-Malware seems to’ve worked, and thanks to those suggesting to using safemode! Much appreciated!!

The “Security Tool” virus had shut down my task manager, program remove, in the control panel, system restore…and who knows what else. It even had shut down MBAM. I removed it by rebooting to safe, opening MBAM, running a complete scan. The MBAM did it’s job well. I then rebooted out of safe and ” POOF “, virus gone, that simple. Hope it works for you too.

hi on the day off 30.11.2009 this firewall.tool alert is giving me problems wath shud a do help please

To everyone who tried to purchase this software, you better keep a close eye on all your accounts, credit statements, and any financial documents. Your identity was most likely stolen. For those that are new to this type of rogue program, this thing is not new, only new name. From what I can remember it started about 5 years ago maybe earlier than that I got it as XP Antivirus 2008, then it went to XP Antivirus 2009, Then Home Antivirus 2010, and so on. I wish they would catch these jerkoffs, throw them on a remote deserted island with no electricity.

i already buy this security tool but i can notrecive my activation # plus this security tool charged me 99 dallars is there anyway you can check my file and send it to me or do something about it .

lina mesina,

First of all, you should NOT buy this fake program. Advise your credit card company and dispute the recent transactions immediately.

I got it on my brand new computer. The virus is huge. Everyone and their brother seem to get it lately. If you are not “computer savy”, don’t take chances. I have removed viruses before, no big deal. But this one needs to be removed carefully or it attacks your registry. If your computer is old, ( I buy a new one every two years) give it a try. If you have a brand new computer (mine is 6 mos. old) Unplug everything and spend the 100.00 dollars to remove it. Any staples, Best Buys, Geek squad can do it. Remember, this is a very common virus right now. Thease guys are doing it every day like clockwork. I will admit that it’s pricey and they should lower the price for common virus removal, but when in doubt, let someone who is doing it every day handle it. It’s just piece of mind. Remember, A recovery disc could cost you 50.00 or so and then your computer is wiped clean. So is everything you wanted to save. If you have more than a few questions as to how to do this… don’t do it. That’s just my advice….. For what it’s worth. P.S. Don’t buy anything because a pop up window says you have to. Rule #1! Also, use Firefox as your browser and keep AVG running on the P.C. I learned it the hard way. I knew it but never got around to doing the right stuff. Fool me once, shame on you… fool me twice, same on me.

All this is crap and an advertisement stunt! I dont know how these people answer to their own souls!
Just to sell their product they are sending these hoax mails themselves and then acclaiming to have capacity to remove it. I cant curse these guys here, but these guys are cheap and will face the horrors of hell for eternity!
.
.
As for my friends TO REMOVE THE ‘SECURITY TOOL’ you just have to clear your cookies, temporary files and then try removing the main culprit i.e. the main file of this tool.

This was great - thanks to all who gave their help and suggestions.

First don’t panic!! Second keep clicking “no” you do not want to activate. Third, keep moving the pesky little boxes to the far right of your computer. Keep trying to get on the internet and when you do download what was instructed above: Malwarebytes and Advanced System Care saving them to your desktop. Then turn off your computer, restart pressing the F8 key to go into safe mode. Once in safe mode, click on “safe mode with networking”. This will bring you safely to your desktop. Run the step-up then the actual programs. It will clean out the trojan and restore order to your computer. THANKS TO ALL THE COMPUTER EXPERTS ABOVE FOR YOUR ASSISTANCE. I just thought I would give a step-by-step for us novice to somewhat dangerous with a computer. Merry Christmas!!

Also the file that was added by this virus to my computer was in my c:\program data file and it was all numbers followed by .exe

THANKS TO ALL THE COMPUTER EXPERTS WHO HAVE COMMENTED AS PROBLEM WAS RESOLVED WITHOUT PAYING SOMEONE TO DO IT. Steps I followed:
1. moved the pesky boxes as far right as I could. Clicking on “no” to activation. I then got on the internet
2. saved both the Malwarebytes and Advanced System Care downloads to my desktop.
3. restarted my computer and tapped F8 until in safe mode.
4. clicked on Safe Mode w/networking
5. saved the programs to my computer then started them.
6. virus was found and safely removed :)

i need the activation code

I believe I removed most of the virus, but Google is still affected as search results are not returned. Does anyone know how to remedy this issue? Or perhaps have instructions for manually removing the virus?

Found this on another post:

Even after removing the malware I was unable to access Google &c. From another site I got a direction to look at C:\WINDOWS\system32\drivers\etc\Hosts.

Opening it in Notepad, I saw that it had listed just about every variety of Google & Yahoo against IP address 127.0.0.1. I copied this file (to be on the safe side!) and then deleted all the entries and, bingo, worked fine.

I tried this as well, and it worked!

Hope this is helpful!

It worked - thanks!

just needed to restart my computer after deleting the entries

According to B of A, who thankfully declined my credit card attempt to purchase “Security Tool”, the phone number for this scam is 800-835-5770. Call them and curse them out if it makes you feel better. A pro is coming tomorrow to remove this pain in the ass.

why deal with it? just reload your windows installation cd and your system is back like new. dont pay anyone anything. in the future make sure important files are backed up

if you were scammed, please type in “security tool” on youtube for a tutorial to somewhat get rid of the problem. it helps!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Hi Everyone who is wondering about how to get your money back. Well I was previously scam from these dirt bags from some island they are from (baku). I was illiterate with computers and just bought my first brand new computer. So then on I “supposely” got a virus and then having them force me to pay them money for a ridiculous “security tool” scam!! I didn’t know at the time it was fake until I wanted to check on my status about viruses. It disappear like I never purchase it. It got me wondering about it so I google it and came upon this site. I was fricking piss off to hear what it did to people and myself. So what I did was call my bank and told them I was scam and was wondering how I can get my money back, because I didn’t know how to get ahold of these people. So they told if I wanted to file a claim which is done right then and there. I did that and I would be getting my money back by mid-night.
It is not call Security Tool on your statment purchase. It is call REALGOLDSOFT. I bought mine for 49.95. So check out your statment and goodluck with getting your money back.
I have questions to ask:
Does the security tool now have access throught out my computer?
What if I don’t have the security tool anymore, but I didn’t delete and can’t find it on my computer?
Where can I find a good protector for my computer?
Please take the time out to help me as I did for whoever needed their money back!!
Please and thank you!!!!!!

Thank you!, the Malwarebytes Anti-Malware seems to’ve worked for me too and thanks to those suggesting to using safemode! Much appreciated!!

DON’T PANIC. THIS IS SIMPLE TO REMOVE AND ANYONE CAN DO IT. DO NOT PAY SOMEONE TO DO WHAT YOU HAVE THE ABILITY TO DO YOURSELF. The Malwarebytes file works perfect. As some suggested, you do have to press Ctrl+Alt+Del as soon as Windows starts up. This will prevent the virus from stopping the Task manager from running (along with any other program you may need), therefore when the “Security Tool” program runs you can simply choose “End Task”. Once this is complete follow the instructions above and presto, it gone!! If you try to press Ctrl+Alt+Del once the “Security Tool” is loaded, it will give you some crap that the file is infected.

THANK YOU GUYS SO MUCH!!!!!
It completely got rid of security tool. My computer is working as normal but a little bit slower.
Thanks

COMPLETE REMOVAL INSTRUCTIONS

Removal instructions from XP (& probably 2000 & maybe Vista)

1. After rebooting, ASAP, before the tool loads, press [CTL-ATL-DEL] you may have to try a couple of times.

2. Select “Task Manager”,”Processes” tab,

3. Click on “Image Name” (to sort in ascending order)

4. There should be a process running that is 8 numbers and only numbers… Mine was 808561

5. Kill the process as noted above, and you now should have control of your system again.

6. Open control panel, “Add, Remove Programs”

7. Find and uninstall “DNA” (1 of 3 to be uninstalled and deleted)

8. Open windows explorer (show all files & folders)

9 Navigate to C:\Program files\

10. You need to have your “explorer”, “view” “detail” selected to see the time stamps. Then sort by modified date (Desc) (click on the date column to sort and again to reverse the sort order). Order the sort so that the most recently modified appear at the top for you.

11. 1 or 2 folders should appear on the top with the current dates of your infection. “DNA” with and “WINCAP..(something along these lines) Also look for any other added folders since the day and time of the infection. You can tell by the date stamp on them. If you know you didn’t install any programs on these recent dates:
delete them.

I found DNA (Security Tool Virus, with an executable file called BTDNA.exe, this is the virus program — and WINCAP (RPCAPD.exe). DNA is the Security Tool Virus and WINCAP is a trojan came along as a package deal with the DNA. You need to be sure to remove all the bad stuff. If you aren’t sure, look them both up

12. Be sure to have your “Explorer”, “Tools”,”Folder Options” “view” “Show Hidden Files & Folders” ON). Then go to c:/documents & settings/all users/application data as noted in other posts above and delete the folder with the 8 numbers for the name. Note: It will match the process that you killed to get here)

13. reboot … and you should be home free.

14. Delete all the files in your folders C:/Document & Settings//Local Settings/Temp
Find and delete: GDIPFONTCACHEV1.DAT
Scan your computer for all files dated at with time stamp from your infection date. Use
your judgement to delete them or not. If you are not comfortable with WINDOWS OS better
to not delete.

15. And if you are comfortable with checking your registry file.
Scan your registry file for BTDNA, the eight digit numerical name, WINCAP, and RPCAPD.
I found a bunch with the eight digit numerical name & BTDNA and deleted them. DNA appears
to be used for more than just a virus, so BE CAREFUL.

16. Empty your recycle bin. Run your antivirus.

17. If this doesn’t work, try booting in safe mode and restoring it.