Security Tool Virus-- need help

[Elheru Aran]

Hey,

So I managed to get this Security Tool virus thing that passes itself off as a malware remover, but which will actually screw with legitimate software if you let it...

I've downloaded malwarebytes and rkill.exe, BUT, when I try to run the computer on regular mode Security Tool won't allow me to run anything but Idiot Exploiter. I'm going to try to disable it with msconfig maybe, but until then I'm scanning in safe mode. I'm not sure that'll pick up anything, but one can hope.

Anybody have any suggestions? I seem to have gotten the 'tough' version of this virus...

(please note that this isn't my computer, so nuking the HD isn't really an option, or anything drastic like that!)

(and yes I do seem to have bad luck with computers...)

[Elheru Aran]

I'm going to try to disable it with msconfig maybe, but until then I'm scanning in safe mode. I'm not sure that'll pick up anything, but one can hope.

Wow. Okay, so it won't even let msconfig run. In Safe Mode, malwarebytes did pick it up, and it *said* it was deleted... but upon rebooting it came right back. Hmmm. I still can't run malwarebytes, Spybot, or rkill, incidentally. Oh, they work fine in safe mode, but of course either they don't find anything or they delete it and it comes right back in regular mode. Ugh. Little help here, please?

EDIT: It won't let task manager or registry edit run, either. This is a pretty high-octane program I have happening here. And it has the effrontery to tell me 'defrag.exe' is a security risk, too...

[Mr Bean]

It picks random programs to call a virus.

I have great familiary with these types of malware as they were our number 1 virus complaint at my last job.

You need to run msconfig in safe mode and turn of EVERYTHING under the startup tab
After that start up windows and do nothing but go into task manager ASAP and kill every process not windows based. Then run malwarebytes and only then.

There's a nasty variant that will infect Malwarebytes so if you get popups the instant you run Malware. If so you need to restart, run in safe mode. ID where the virus has installed itself via malwarebytes then kill it and malwarebytes via deleting the folder it's in and deleting malwarebytes then downloading a fresh copy from another computer or USB key to complete the cleaning in safe zone.

[Elheru Aran]

I pulled a system-restore, and that seems to have done the trick; at least I'm running mwb now. If another restart turns it up again I'll do the msconfig in safe mode thing. Funny thing is, I tried msconfig in safe mode, and saw absolutely nothing that didn't look out of place. Of course that's the whole catch of it, isn't it... anyway, hopefully this will get it done. I'll keep you posted as much as I can...

[Azazal]

one way to try and trick the malware is to rename the malwarebytes exe to iexplore.exe, doesn't always work, but it has for me in the past.

Another option is to download Process Explorer Works much like task manager, you can find the malware running with it, kill it and then run whatever cleaner you need to. You may have to rename the exe on this one as well, depending on if the malware is blocking it or not.

[Vendetta]

If you're having trouble opening programs due to malware, try the following:

- Boot to safe mode
- Open task manager
- Ctrl+Click on File->New Task (this will open a command prompt)
- Use command prompt to run the executable.

[Elheru Aran]

Yeah, I finally had to run a system restore from safe mode to wipe it. As far as I know that did the trick. Now to convince my mother-in-law to actually put a decent antivirus on her system, to start with. Yes, she had absolutely zilch protection... her firewall was down and she hadn't updated her computer in, uhhhh, a year or two? Yeah. Anyways, thanks guys...

[Mr Bean]

Yeah, I finally had to run a system restore from safe mode to wipe it. As far as I know that did the trick. Now to convince my mother-in-law to actually put a decent antivirus on her system, to start with. Yes, she had absolutely zilch protection... her firewall was down and she hadn't updated her computer in, uhhhh, a year or two? Yeah. Anyways, thanks guys...

Avira's free, as long as she has Windows XP or later the built in Windows firewall does a decent job.