SECURITY TOOL VIRUS

Security Tool is a horrible virus! Security Tool pretends to be an anti-virus program. But it causes a DOS attack (denial of service). Every time you try to do something, Security Tool says you have a virus, and you can't do it. In my client's case, Security Tool said a virus was trying to access the web and upload his credit card info using file such-and-such. It said the only cure was to send Security Tool money.

This virus actually over-rides Windows Add/Remove Programs, it over-rides the repair CD disc (which is supposed to be impossible), it even over-rides Ctrl+Alt+Delete (which is supposed to be impossible)!! My client had active Norton's AV when he got the virus, so it over-rides that too. Later, when he ran Norton's, Norton's found the virus and attempted to put it in quarantine, but was unsuccessful. Apparently it fed Norton's a fake file to play with! This thing is vicious.

How to get rid of it? Good luck!

After fighting with it, I discovered an easy way to get rid of it. First, physically disconnect your computer from the internet, so that Security Tool does not have support. It has probably already uploaded your entire computer to the bad guy's website, but you still need to isolate it so you can kill it. Turn your computer off, then turn it back on. You are waiting for the desktop to appear. If you have Windows XP and you have a password set up, you will enter the password and hit Enter. Immediately the desktop appears, so be ready! The instant you see the desktop, hit Ctrl+Alt+Delete.

What you are doing is hitting Ctrl+Alt+Delete before the virus program gets going. Immediately choose the Task Manager, and immediately choose the Applications tab. Now move the window down to the bottom left corner of your screen. Be quick about it, because you have very little time. If you are too slow, simply turn your computer off, then turn it on again, and start over.

In the Applications tab of the Task Manager, watch the programs start up as your computer gets going. Have your mouse poised and ready in the window. When the Security Tool opens in Task Manager, the Security Tool Window also opens up. The instant Security Tool starts running, click on it 'in the Task Manager' and choose End Task. Security Tool will probably flash you a couple bad things, but ignore them at first - you need to quickly hit End Task. The reason you moved the Task Manager window to the bottom left of the screen is because Security Tool rides above it, and that is supposed to be impossible, but it does. Did I say that this thing is vicious? Whoever created it is despicable!

Now, you will probably get a notice that Security Tool is not responding, that is a normal thing that happens when you shut down a program before it gets running. Once it gets running you won't be able to shut it down. So go ahead and hit the End Task button on the notice, and Windows will be able to shut it down temporarily. Also, now you can close out any notices that Security Tool gave you. Now, just sit and wait. Shortly, you should get a notice that "You chose to end a non-responsive program, do you want to notify Microsoft?" Do not close this notice, because it shows you the name of the program! Just shove the notice to the top left of your screen.

The name of the program will be a random group of numbers, 8 or 9 digits, followed by a .exe. The number is different on each computer. Now open a MyComputer window and place it in the top right quarter of your screen. Click the Search button, choose All Files and Folders, and enter the file name into the file name box (for example, the file name might be 127553388.exe). Then click on Advanced Options and make sure Hidden Files is checked, make sure System Folders is checked, and make sure Subfolders is checked. Then click Search.

In my client's case I found 4 files. One was the virus itself, and one seemed to be a file which reinstates the virus if you try to delete it. The other two were apparenty from Norton's two attempts to quarantine the virus. Some people will just select all the files it finds and delete them from that window. But I adhere to the old school which says you should delete them from a separate window.

So open another MyCompter window and place it in the bottom right quarter of your screen. Go to Tools/FolderOptions/View and be sure Show Hidden Files And Folders is checked. You might have to uncheck Hide Protected Operating System Files, and uncheck Hide Extensions For Known File Types, and then close that box. Navigate to the folder in which the Search found the virus. On the toolbar click Views/Thumbnails. Now scroll down and find the file. Don't click on the file to select it! Put your cursor in the whitespace next to the file, hold down the left mouse button, and drag the mouse over the file, then release the mouse button. See how it selects the file without touching it? Now hit the Delete key on your keyboard, and then Enter when it asks if you are sure. Now navigate to all the other files and delete them the same way. If you can't find the files, go ahead and try to delete them from the Search window.

Now you have to open your Recycle Bin, and delete the files from there. It is best to just hit the button which says Empty Recycle Bin.

Now, you really should go into the Registry and delete the entries from there. However, do not attempt it if you do not know how. In my case, I just left those entries there and there is no problem. Those entries are not files, they are just instructions to Windows to open the virus when the computer starts up. When it tries to open the virus it won't find it, and so it won't be able to open it. There shouldn't be a problem with that.

Now, looking in your Task Manager's Applications window, you should not see Security Tool running. Turn your computer off, and then turn it back on. Quickly start the Task Manager as before, and wait and see if the virus comes alive. If it does not show up, Yippee!!

Now you can re-connect your internet. You have to change all of your passwords, everywhere. And if there is any credit card or banking info on your computer, contact your bank and have them monitor the account(s). If you have any sensitive data on your computer, assume the bad guys now have it all.

You can contact me from my website, www.john-pix.com, if you have a problem or question or comment.

If you have Vista, I really feel sorry for you.