How to fix windows xp

Closed
mcg - Feb 19, 2010 at 03:56 PM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Feb 20, 2010 at 04:51 PM
Hello,
my windows xp logs on all the desktop icons show up then dissapear and the desktop backround is blue but start still works but when i go to start the internet is the only thing that works nothing in all programs or in start works and a pop up keeps showing up that says security tool what do i do to fix it without payin for virus removers/protecters.
Related:

5 responses

Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Feb 19, 2010 at 04:26 PM
Hello mcg,

I and other members will be most happy to help you solve this problem.

However, we must get more details. To do this, we must get a look at the processes presently running on your systems as well as of the registry keys that are susceptible of creating a problem and revealing the possible presence of a virus.

MCGm please download Hyjackthis from this site:

http://free.antivirus.com/hijackthis/

Once installed, from the main page, request a sac and save log. Once the scan is finished, the log will open. Please copy the log and paste it here as a response.

Best regards
0
it wont let me install or download anything
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Feb 20, 2010 at 12:11 PM
Hi,

Do you have access to your e-mail?

Looks like you have been infected by Security Tool.

Security Tool is a fake spyware remover with an impressively generic name even in terms of rogue anti-spyware names. This parasite enters the system without the user’s knowledge or consent, usually by employing the use of various trojans. Security Tool might also convince you into downloading it by using the browser hijacker Sitesecuritytest.com, which is a fake online scan. Security Tool uses misleading advertising to trick users into purchasing it’s so-called “licensed version”.

Rogue Anti-Spyware installs unwanted software to a victim’s PC without user’s knowledge and consent. This may lead to slower PC performance and stability, as well as more unwanted programs you can't remove.

To protect itself it will so block downloading antivirus software such as Hyjackthis.

Please follow the present instructions carefully: (Since you will soon be in safe mode, I suggest that you print the following instructions)

1. Reboot into safe mode with networking (press F8 just after reboot) This should disable Security Tool

2. Press ctrl+shift+del right after logging in into windows. go under processes tab, stop all numerical processes. ie. 4946550101.exe

Disable security tool : doguzeri.dll

3. Delete security tool files (you can use the search tool of Explorer)

a) by investigating where security tool shorcut points to (it will be on desktop)

b) by searching for filename with same name as processes stopped

The files are:

%System Root%\Samples
%User Profile%\Local Settings\Temp
%Program Files%\SecurityTool
%Program Files%\SecurityTool
C:\ProgramData\[random numbers]\
%Documents and Settings%\All Users\Start Menu\Programs\SecurityTool
%Documents and Settings%\All Users\Application Data\SecurityTool
doguzeri.dll
4946550101.exe
4946550101.cfg

4. Click on Start and then on run.
5. Type regedit and click ok
6. Type ctrl+f

Make a search for the following keys and delete them. Please, be very careful, the key must be written without mistakes.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “SecurityTool”
HKEY_CURRENT_USER\Software\Vista Antivirus 2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecurityTool
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityTool
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "4946550101

Reboot your computer in normal mode.

If your system seems to have been stabilized, download and run Malwarebyte (after an update)

You can download it from this site.

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/

When all is done, I would much appreciate a Hyjackthis report from you, just to make sure, after which I shall have further security instructions and suggestions for you.

You have lots of work in front of you.

Hope to hear from you soon

Good luck
0
I went onto safe mode. I pressed crtl+alt+delete then i went to the procceses tab. There were no numericle procceses. How do i figure out wich procces is security tool?
0

Didn't find the answer you are looking for?

Ask a question
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Feb 20, 2010 at 04:51 PM
Hi,

Please still in Safe Mode,

Click on start, and then on run.
Type:msconfig
Click on Startup tab
See if you can a numéric line
Uncheck that line and click okay and accept to reboot your computer
Upon resart you will get a message, just check the box and click okay

This should neutralize the trojan for now.

This, should allow you to download Rkill to your desktop which will end the processes:

https://download.bleepingcomputer.com/grinler/rkill.com

Now, you need your icons...

Click on the Start button and then click on the Run menu item. When the Run box opens, type %UserProfile%\desktop in the Open: field and then press Enter on your keyboard.

5.You should now see a window that shows all of your desktop icons, including the rkill.com program. Now double-click on the rkill.com in order to automatically attempt to stop any processes associated with Security Tool and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Security Tool when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Security Tool . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of the guide.

The last step is to download and run Malwarebyte

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/

When the file has finished downloading, look on your desktop for mbam-setup.exe and right-click on it and select Rename. The title of the program will now have a blinking cursor where you can edit the name. Please change the name of the program to Explorer.exe.

After you rename the mbam-setup.exe to Explorer.exe, close all your programs and Windows on your computer, including this one.

9.Double-click on the icon on your desktop named Explorer.exe. This will start the installation of MBAM onto your computer.

10.When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing and is at the last screen, make sure you uncheck both of the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware check boxes. Then click on the Finish button. If Malwarebytes' prompts you to reboot, please do not do so.

If you get an error code, please let me know

You must first update the programme

Make sure you perform a FULL scan

Please let me know if this procedure worked better for you.
0