Page 1 of 1 [ 16 posts ] 

DNForrest
Veteran
Veteran

User avatar

Joined: 18 Jan 2008
Age: 42
Gender: Male
Posts: 1,198
Location: Oregon

19 Oct 2010, 10:21 pm

This is a program that pretends to be an anti spyware program, then blocks any real anti virus or spyware programs. My computer got this once before about a year ago, and it was easy enough to remove with rkill and Malwarebites, but this new version seems to have worked out how to get around this (doesn't allow any program it knows to stop it to open, or even Task Manager).

Anyone know how to get it off now? All of the guides I've found online are outdated.

I'd prefer to not have to reinstall Windows, and Linux isn't an option given the programs I have to use for school.

Thanks for any help....



Orwell
Veteran
Veteran

User avatar

Joined: 8 Aug 2007
Age: 36
Gender: Male
Posts: 12,518
Location: Room 101

19 Oct 2010, 11:02 pm

DNForrest wrote:
I'd prefer to not have to reinstall Windows, and Linux isn't an option given the programs I have to use for school.

Get a Mac! :P

Just kidding obviously; if Linux doesn't have the programs you need Mac doesn't either. Google gives a ton of hits for "security virus tool removal." Have you tried the first couple hits to see if they give any useful advice?


_________________
WAR IS PEACE
FREEDOM IS SLAVERY
IGNORANCE IS STRENGTH


DNForrest
Veteran
Veteran

User avatar

Joined: 18 Jan 2008
Age: 42
Gender: Male
Posts: 1,198
Location: Oregon

19 Oct 2010, 11:15 pm

Like I mentioned, they're all for removing the old version, which has been updated to make it even more insanely difficult to get off of my comp. Seems like the people that made it read all of those removal guides and changed it to make those fixes moot.



StuartN
Veteran
Veteran

User avatar

Joined: 20 Jan 2010
Age: 62
Gender: Male
Posts: 1,569

20 Oct 2010, 4:52 am

This is an old trojan, so surely the latest Microsoft Malicious Software Removal update will deal with it? Or can you boot from a trusted CD or USB operating system and run a recent antivirus package to clean your hard drive?

It looks like most web references to removing "Security Tool" are simply links to more malware, which you should not download and run.



DNForrest
Veteran
Veteran

User avatar

Joined: 18 Jan 2008
Age: 42
Gender: Male
Posts: 1,198
Location: Oregon

20 Oct 2010, 10:58 am

As I've mentioned in both of my posts, this is an updated one that got through my security (AVG, Spybot, and Malwarebites amongst others), and the old fixes no longer work.



Orwell
Veteran
Veteran

User avatar

Joined: 8 Aug 2007
Age: 36
Gender: Male
Posts: 12,518
Location: Room 101

20 Oct 2010, 11:38 am

In that case, it looks like you'll have to wait until one of your security packages gets updated to deal with the new malware.


_________________
WAR IS PEACE
FREEDOM IS SLAVERY
IGNORANCE IS STRENGTH


DNForrest
Veteran
Veteran

User avatar

Joined: 18 Jan 2008
Age: 42
Gender: Male
Posts: 1,198
Location: Oregon

20 Oct 2010, 12:02 pm

Orwell wrote:
In that case, it looks like you'll have to wait until one of your security packages gets updated to deal with the new malware.


It won't even let them open up long enough to update themselves. The moment they try to start up, or I try to start them, it automatically blocks and closes the program, then giving me a faux warning message varying between "*insert program name* is a virus/worm, etc etc." My favorite was "taskmanager.exe is a dangerous worm that steals your credit card information to sell to third party vendors!"

Fortunately, I was able to log into the account I made for my mom on the computer and load then run Malwarebites there. It found and deleted the bug, but now, for whatever reason, when I try to log in to my account (Administrator), all that I get is a purple screen. I suppose that is appropriate since today's apparently "Wear Purple" day. I had to leave for class by this point, so I'll have to work on it some more when I get home tonight.



Asp-Z
Veteran
Veteran

User avatar

Joined: 6 Dec 2009
Age: 33
Gender: Male
Posts: 11,018

20 Oct 2010, 12:08 pm

Surely booting in safe mode would have worked?

I assume you don't have any system restore points created before you got infected?



DNForrest
Veteran
Veteran

User avatar

Joined: 18 Jan 2008
Age: 42
Gender: Male
Posts: 1,198
Location: Oregon

20 Oct 2010, 12:22 pm

I tried booting in safe mode, didn't work (no desktop, no start bar, just a black screen with "Safe Mode" in the four corners). Booting safe mode with command prompt did give me the command prompt window, but I'm nowhere near computer literate enough to use that to effectively get rid of a virus of this magnitude.

The virus wouldn't let me load system restore, which doesn't matter now since I can't access it through my account. And every time I try to load it from my mom's account, it just causes the computer to freeze. I'm probably going to have to load from a system recovery disc I made when I first got my computer (didn't come with one, so it had me make one with my own DVD-Rs). Though since it's Vista, I may just pick up Windows 7 and load that, instead.



Asp-Z
Veteran
Veteran

User avatar

Joined: 6 Dec 2009
Age: 33
Gender: Male
Posts: 11,018

20 Oct 2010, 12:25 pm

That's a clever virus. I hope you have a good backup.



Orwell
Veteran
Veteran

User avatar

Joined: 8 Aug 2007
Age: 36
Gender: Male
Posts: 12,518
Location: Room 101

20 Oct 2010, 12:27 pm

Sounds like you have quite a mess on your hands. In future, maybe you shouldn't run as Administrator all the time.


_________________
WAR IS PEACE
FREEDOM IS SLAVERY
IGNORANCE IS STRENGTH


DNForrest
Veteran
Veteran

User avatar

Joined: 18 Jan 2008
Age: 42
Gender: Male
Posts: 1,198
Location: Oregon

20 Oct 2010, 12:32 pm

Orwell wrote:
Sounds like you have quite a mess on your hands. In future, maybe you shouldn't run as Administrator all the time.


Or do like I intended to in the first place and duel-boot Linux. Just run Windows when I need the programs for school and work.



DNForrest
Veteran
Veteran

User avatar

Joined: 18 Jan 2008
Age: 42
Gender: Male
Posts: 1,198
Location: Oregon

20 Oct 2010, 2:48 pm

And I was just able to log into my account, but no such luck in the Security Tool garbage being gone. Windows 7 install, here I come.



Science_Guy
Veteran
Veteran

User avatar

Joined: 9 Jul 2010
Age: 37
Gender: Male
Posts: 506

20 Oct 2010, 3:24 pm

I'd do a clean install of Windows. Windows 7 only takes about 15 minutes to install if you have it.

In case you don't know, when you install Windows you should create a partition just for Windows (make it about 20 GB) and then use the rest of your HDD space to create another partition for everything else (music, pictures, etc.) Then if you get a virus you can easily delete the Windows partition and reinstall it and it won't affect your other partition with your files on it. It's simple to do and takes seconds too, probably tons of good tutorials on YouTube.



Orwell
Veteran
Veteran

User avatar

Joined: 8 Aug 2007
Age: 36
Gender: Male
Posts: 12,518
Location: Room 101

20 Oct 2010, 5:33 pm

DNForrest wrote:
Orwell wrote:
Sounds like you have quite a mess on your hands. In future, maybe you shouldn't run as Administrator all the time.


Or do like I intended to in the first place and duel-boot Linux. Just run Windows when I need the programs for school and work.

I'd still suggest keeping a standard user account around when you use Windows... if you ran as a normal user instead of Administrator, this virus would only have messed up your account and been a mild inconvenience, rather than making a mess of your whole system and forcing you to re-install the whole OS. Windows has made improvements in security over the years, but that doesn't do you any good if the you don't exercise basic prudence.

But yeah, doing most of your web-related stuff in Linux should cut down on the risk of security compromises.


_________________
WAR IS PEACE
FREEDOM IS SLAVERY
IGNORANCE IS STRENGTH


DNForrest
Veteran
Veteran

User avatar

Joined: 18 Jan 2008
Age: 42
Gender: Male
Posts: 1,198
Location: Oregon

20 Oct 2010, 8:08 pm

That "or" was supposed to be an "and". I'll definitely be setting up separate accounts for myself and the admin.