Security Tool Removal help

Solved/Closed
Lisa - Jul 29, 2010 at 07:07 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Dec 17, 2010 at 05:28 AM
Hello everyone,

I'm having issues removing the Security Tool virus. I have followed the instructions in the various guides/videos/etc all across the internet, but I can't usually get past the first few steps. I have used rkill.exe (and its various extensions) to kill the processes associated with the virus. However, as soon as rkill is done running, the virus begins running itself again. I can not manually end the processes as it will not allow me to access the task manager. All of the guides also say that there is a Security Tool icon on the desktop that you can follow back to find the directory the program is installed in, but I do not have the Security Tool icon on my desktop either. (Hidden files and folders are showing)

I can't system restore either, even in safe mode. It will not allow me to run the tool.

It seems to me there is a process that is not being killed by rkill that is allowing the virus to restart itself. Any help destroying this thing would be appreciated. I'm pretty tech savvy, but this thing has me stumped.

Using Windows Vista, 32bit, MalwareBytes Anti-Malware (which I cannot run because of the virus) and Firefox.

Related:

2 responses

Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Jul 29, 2010 at 11:51 AM
Dear Lisa,

Here is how to get rid of this scam rogue virus designed to get to your credit card account and it is a good thing you did not fall for it.

Please follow the following procedure carefully and to the letter.

You have a rogue virus Trojan Horse which is self protective, thus it will prevent any antivirus from fonctionning.

You must kill the evil processes which the virus is presently running amd preventing you from running any antivirus. If you don't it will keep reproducing the files for ever.

To kill the processes:

1. Download to your desktop and run Rogue Kill:

https://download.bleepingcomputer.com/grinler/rkill.com

2. You should now see a window that shows all of your desktop icons, including the rkill.com program.

3. Double-click on the rkill.com in order to automatically attempt to stop any processes associated with the Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step.

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the Horse when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the processes . So, please try running Rkill until malware is no longer running.

As a matter of a fact, if you get messages, it is a sign that the virus is agonizing with excrutiating pain, so you can just grin while it is suffering!:)))

Please, DO NOT REBOOT your computer or the processes will come back to haunt you!

Download to your desktop Malwarebyte.

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/

Once on your desktop, we must still outwit the virus.

Right click on the MBAM icon and click on rename. Rename it kioskea.exe.

Install Malwarebyte and launch it. From the second tab, update it.

Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.

Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.

If Malwarebyte restarts your system, launch it again to finish the Full scan.

Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.

This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.

Let me know the results, if you don't, I will throw a curse on your system which will cause to bark everytime you mouse click.:)))

Regards
1
thanks for the information,Ambucias.
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Jul 30, 2010 at 05:02 AM
You are totally welcome, but it is not information but the ideal solution.

Pay to the next
0
thankyou very much it worked a treat
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Dec 17, 2010 at 05:28 AM
Great! Again, give to the next!
0