How to fix windows xp
Closed
mcg
-
Feb 19, 2010 at 03:56 PM
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Feb 20, 2010 at 04:51 PM
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Feb 20, 2010 at 04:51 PM
Related:
- How to fix windows xp
- Kmspico windows 10 - Download - Other
- Windows xp sp3 download - Download - Windows
- Windows xp simulator download - Download - Other
- Blackmagic disk speed test windows - Download - Diagnosis and monitoring
- Windows 10 download 64-bit - Download - Windows
5 responses
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,169
Feb 19, 2010 at 04:26 PM
Feb 19, 2010 at 04:26 PM
Hello mcg,
I and other members will be most happy to help you solve this problem.
However, we must get more details. To do this, we must get a look at the processes presently running on your systems as well as of the registry keys that are susceptible of creating a problem and revealing the possible presence of a virus.
MCGm please download Hyjackthis from this site:
http://free.antivirus.com/hijackthis/
Once installed, from the main page, request a sac and save log. Once the scan is finished, the log will open. Please copy the log and paste it here as a response.
Best regards
I and other members will be most happy to help you solve this problem.
However, we must get more details. To do this, we must get a look at the processes presently running on your systems as well as of the registry keys that are susceptible of creating a problem and revealing the possible presence of a virus.
MCGm please download Hyjackthis from this site:
http://free.antivirus.com/hijackthis/
Once installed, from the main page, request a sac and save log. Once the scan is finished, the log will open. Please copy the log and paste it here as a response.
Best regards
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,169
Feb 20, 2010 at 12:11 PM
Feb 20, 2010 at 12:11 PM
Hi,
Do you have access to your e-mail?
Looks like you have been infected by Security Tool.
Security Tool is a fake spyware remover with an impressively generic name even in terms of rogue anti-spyware names. This parasite enters the system without the user’s knowledge or consent, usually by employing the use of various trojans. Security Tool might also convince you into downloading it by using the browser hijacker Sitesecuritytest.com, which is a fake online scan. Security Tool uses misleading advertising to trick users into purchasing it’s so-called “licensed version”.
Rogue Anti-Spyware installs unwanted software to a victim’s PC without user’s knowledge and consent. This may lead to slower PC performance and stability, as well as more unwanted programs you can't remove.
To protect itself it will so block downloading antivirus software such as Hyjackthis.
Please follow the present instructions carefully: (Since you will soon be in safe mode, I suggest that you print the following instructions)
1. Reboot into safe mode with networking (press F8 just after reboot) This should disable Security Tool
2. Press ctrl+shift+del right after logging in into windows. go under processes tab, stop all numerical processes. ie. 4946550101.exe
Disable security tool : doguzeri.dll
3. Delete security tool files (you can use the search tool of Explorer)
a) by investigating where security tool shorcut points to (it will be on desktop)
b) by searching for filename with same name as processes stopped
The files are:
%System Root%\Samples
%User Profile%\Local Settings\Temp
%Program Files%\SecurityTool
%Program Files%\SecurityTool
C:\ProgramData\[random numbers]\
%Documents and Settings%\All Users\Start Menu\Programs\SecurityTool
%Documents and Settings%\All Users\Application Data\SecurityTool
doguzeri.dll
4946550101.exe
4946550101.cfg
4. Click on Start and then on run.
5. Type regedit and click ok
6. Type ctrl+f
Make a search for the following keys and delete them. Please, be very careful, the key must be written without mistakes.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “SecurityTool”
HKEY_CURRENT_USER\Software\Vista Antivirus 2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecurityTool
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityTool
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "4946550101
Reboot your computer in normal mode.
If your system seems to have been stabilized, download and run Malwarebyte (after an update)
You can download it from this site.
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
When all is done, I would much appreciate a Hyjackthis report from you, just to make sure, after which I shall have further security instructions and suggestions for you.
You have lots of work in front of you.
Hope to hear from you soon
Good luck
Do you have access to your e-mail?
Looks like you have been infected by Security Tool.
Security Tool is a fake spyware remover with an impressively generic name even in terms of rogue anti-spyware names. This parasite enters the system without the user’s knowledge or consent, usually by employing the use of various trojans. Security Tool might also convince you into downloading it by using the browser hijacker Sitesecuritytest.com, which is a fake online scan. Security Tool uses misleading advertising to trick users into purchasing it’s so-called “licensed version”.
Rogue Anti-Spyware installs unwanted software to a victim’s PC without user’s knowledge and consent. This may lead to slower PC performance and stability, as well as more unwanted programs you can't remove.
To protect itself it will so block downloading antivirus software such as Hyjackthis.
Please follow the present instructions carefully: (Since you will soon be in safe mode, I suggest that you print the following instructions)
1. Reboot into safe mode with networking (press F8 just after reboot) This should disable Security Tool
2. Press ctrl+shift+del right after logging in into windows. go under processes tab, stop all numerical processes. ie. 4946550101.exe
Disable security tool : doguzeri.dll
3. Delete security tool files (you can use the search tool of Explorer)
a) by investigating where security tool shorcut points to (it will be on desktop)
b) by searching for filename with same name as processes stopped
The files are:
%System Root%\Samples
%User Profile%\Local Settings\Temp
%Program Files%\SecurityTool
%Program Files%\SecurityTool
C:\ProgramData\[random numbers]\
%Documents and Settings%\All Users\Start Menu\Programs\SecurityTool
%Documents and Settings%\All Users\Application Data\SecurityTool
doguzeri.dll
4946550101.exe
4946550101.cfg
4. Click on Start and then on run.
5. Type regedit and click ok
6. Type ctrl+f
Make a search for the following keys and delete them. Please, be very careful, the key must be written without mistakes.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “SecurityTool”
HKEY_CURRENT_USER\Software\Vista Antivirus 2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecurityTool
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityTool
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "4946550101
Reboot your computer in normal mode.
If your system seems to have been stabilized, download and run Malwarebyte (after an update)
You can download it from this site.
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
When all is done, I would much appreciate a Hyjackthis report from you, just to make sure, after which I shall have further security instructions and suggestions for you.
You have lots of work in front of you.
Hope to hear from you soon
Good luck
I went onto safe mode. I pressed crtl+alt+delete then i went to the procceses tab. There were no numericle procceses. How do i figure out wich procces is security tool?
Didn't find the answer you are looking for?
Ask a question
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,169
Feb 20, 2010 at 04:51 PM
Feb 20, 2010 at 04:51 PM
Hi,
Please still in Safe Mode,
Click on start, and then on run.
Type:msconfig
Click on Startup tab
See if you can a numéric line
Uncheck that line and click okay and accept to reboot your computer
Upon resart you will get a message, just check the box and click okay
This should neutralize the trojan for now.
This, should allow you to download Rkill to your desktop which will end the processes:
https://download.bleepingcomputer.com/grinler/rkill.com
Now, you need your icons...
Click on the Start button and then click on the Run menu item. When the Run box opens, type %UserProfile%\desktop in the Open: field and then press Enter on your keyboard.
5.You should now see a window that shows all of your desktop icons, including the rkill.com program. Now double-click on the rkill.com in order to automatically attempt to stop any processes associated with Security Tool and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Security Tool when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Security Tool . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of the guide.
The last step is to download and run Malwarebyte
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
When the file has finished downloading, look on your desktop for mbam-setup.exe and right-click on it and select Rename. The title of the program will now have a blinking cursor where you can edit the name. Please change the name of the program to Explorer.exe.
After you rename the mbam-setup.exe to Explorer.exe, close all your programs and Windows on your computer, including this one.
9.Double-click on the icon on your desktop named Explorer.exe. This will start the installation of MBAM onto your computer.
10.When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing and is at the last screen, make sure you uncheck both of the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware check boxes. Then click on the Finish button. If Malwarebytes' prompts you to reboot, please do not do so.
If you get an error code, please let me know
You must first update the programme
Make sure you perform a FULL scan
Please let me know if this procedure worked better for you.
Please still in Safe Mode,
Click on start, and then on run.
Type:msconfig
Click on Startup tab
See if you can a numéric line
Uncheck that line and click okay and accept to reboot your computer
Upon resart you will get a message, just check the box and click okay
This should neutralize the trojan for now.
This, should allow you to download Rkill to your desktop which will end the processes:
https://download.bleepingcomputer.com/grinler/rkill.com
Now, you need your icons...
Click on the Start button and then click on the Run menu item. When the Run box opens, type %UserProfile%\desktop in the Open: field and then press Enter on your keyboard.
5.You should now see a window that shows all of your desktop icons, including the rkill.com program. Now double-click on the rkill.com in order to automatically attempt to stop any processes associated with Security Tool and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Security Tool when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Security Tool . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of the guide.
The last step is to download and run Malwarebyte
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
When the file has finished downloading, look on your desktop for mbam-setup.exe and right-click on it and select Rename. The title of the program will now have a blinking cursor where you can edit the name. Please change the name of the program to Explorer.exe.
After you rename the mbam-setup.exe to Explorer.exe, close all your programs and Windows on your computer, including this one.
9.Double-click on the icon on your desktop named Explorer.exe. This will start the installation of MBAM onto your computer.
10.When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing and is at the last screen, make sure you uncheck both of the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware check boxes. Then click on the Finish button. If Malwarebytes' prompts you to reboot, please do not do so.
If you get an error code, please let me know
You must first update the programme
Make sure you perform a FULL scan
Please let me know if this procedure worked better for you.
