Security Tool is a misleading application that reports false errors on the computer. The software tries to fool the user to purchase the license version in order to remove the false infections.
I have received a lot of responses from people who have been infected by this misleading application. I have found removal instructions that are well defined and should solve for this problem.
Important: If you are unable to start your Antivirus software, you will need to stop the risk from running in order to remove it. To do this, run the scan in Safe mode.
For instructions, read the document, How to start the computer in Safe Mode. Once you have restarted in Safe mode, run the scan again.
After the files are deleted, restart the computer in Normal mode and proceed with the next section.
Warning messages may be displayed when the computer is restarted, since the threat may not be fully removed at this point. You can ignore these messages and click OK. These messages will not appear when the computer is restarted after the removal instructions have been fully completed. The messages displayed may be similar to the following:
Title: [FILE PATH]
Message body: Windows cannot find [FILE NAME]. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.
How to delete the value from the registry
Important: It’s strongly recommended that you back up the registry before making any changes to it. Incorrect changes to the registry can cause your computer to stop running normal. Only modify the specified subkeys only. Please read the document on how to backup your registry.
- Click Start > Run.
- Type regedit
- Click OK.
- Navigate to and delete the following registry entry:
- Navigate to and delete the following registry subkey:
- Exit the Registry Editor.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”[RANDOM NAME]” = “C:\DOCUME~1\ALLUSE~1\APPLIC~1\[RANDOM NAME]\[RANDOM NAME].exe”
HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM NAME]
Please let me know if this information has helped in the removal of Security Tool.
These kinds of stuff are those offered by websites encouraging visitors for a free scan. The moment you fall into it, you’ll be requested to either make a purchase or get infected with a virus or malicious executable file. This reminds me of an article written on PCMag by a blogger who happens to have downloaded such and since he got annoyed about it, he condemned all free antivirus softwares and dubbed them as futile and no better than the software brand he promoted on his post.
Mathdelane,
Not all free software is malicious and for the blogger to suggest such is just ridiculous.
This is nonsense. I had a *paid* copy of Symantec running on my desktop provided through my school, and I’m writing this from my laptop because it missed a huge botnet virus. I’m using AVG to get rid of it, and AVG is available for free.
Don’t know if it will work yet, but 1) it runs on my laptop (which is fine), and 2) Symantec, a NON-FREE PROGRAM (i.e. my tuition and my school’s paid for rights) MISSED the virus!!! Our IT department actually RECOMMENDED AVG, and although there is a pay version, the free version is fantastic.
How’s that for you and your rectal-cranally inverted blogger?
Brian,
Your school like many, get great deals on software products. You still need to follow the instructions regardless of what AV you have in order to remove this virus.
I’ve had similar problems with security tools on my new Viao laptop. The Macfee software was conflicting with other software which was default factory security setting on Vista. I had to do a full recovery in the end, even when I tried to do most of the above.
But thanks for sharing the post.
Hi Frank,
Thanks for all your helpful posts about this. I got the Security Tool bug two nights ago and I *think* I’ve been able to delete it by going through my hard drive in safe mode.
However, I’m still not able to get Malware Bytes to run a scan. Everytime I try to open it, my comp says it can’t find the right .exe to run it. I assume the bug is shutting the virus scan down before it can even start, so maybe the bug is still on my computer.
I have been able to get AVG to run, however.
Mark,
Check the comments above, they may help. Let me know.
Hi Frank,
Try changing the name of the Malwarebytes’ .exe and use a combo of numbers and letters up to 26 characters. If you are able to access the taskmgr just shut down processes using numers and or letters. Then try to run Malwarebytes again.
I followed the instructions for rebooting in safe mode: run, msconfig, check safe boot in the boot.ini. Now the Computer will not reboot in any of the choices. just blue screen of death and recycle back to restart etc…
Seems like I have gone backwards again!!! Any suggestions Peter
Thank you so much i have been working with resetting my computer for almost a week and i finally got my internet up and you guys saved me So thank you lots
kudos
Alphonso,
I am glad everything worked out. You’re welcome.
I saw the security tool pop-ups and didn’t click any of them. I immediately did a system restore and everything seems fine now. I went into regedit and couldn’t find any of the entries you said to delete (I am using Vista). I also ran malwarebytes and it came back clean. Is there anything I am missing, or did I just luck out? It seemed too easy to deal with.
Randy,
If you followed the instructions you should be good to go. If you don’t notice any badness over the next few days, I would say you cleaned it well.
The issue with MalwareBytes is that when you install the program, something is hooking into the installer API and preventing the installation of the required file “mbam.exe”.
The rest of the install progresses as intended, and when the user clicks on the desktop icon for Malwarebytes, it says that it cannot find the required file “mbam.exe”.
What I have said assumes that you have got as far as disabling the Security-Tool virus long enough to get a web session going (as per the instructions from Frank at the very top of this page) so that you can download the Malwarebytes installer exe.
If you have gotten this far, then you need to go to a Windows PC that is already running Malwarebytes, copy mbam.exe from there (i.e. from wherever you installed it on that other PC), copy it to the infected PC, and then click on the Desktop icon for Malwarebytes on the infected PC.
WARNING: when moving files from the good PC to the infected PC, make sure that the USB disk you use (or whatever type of storage medium) isn’t already infected with some trojan. This, of course, is a bit of a catch-22 scenario, because you need to be able to scan the USB disk, but from where?
Hopefully you have one virus-free PC (the one with the good copy of Malwarebytes) and you should scan your USB disk from there. It is better, of course, if you have a Mac and you can insert the USB there and have your Mac use its virus checking software or, if you don’t have a virus checker on the Mac (and you should), then just search for suspicious files named “autorun.exe” which will try to run the minute you insert the USB in a PC USB port.
Once you get Malwarebytes running on the infected PC and it finds many infections (20+), remove them, turn the PC off completely when the first scan is done, restart the PC and run Malwarebytes again. You might have to run it a number of times to fully clean out the infected PC.
Pat,
Great share and thank you for spending the time to provide details about what you have tried to combat this awful virus. Kudos!
It worked very well and fast. Thank you very much.
Ayman,
You’re very welcome. I am glad you resolved your issue.
I encountered security tool 59723026. I got rid of it within a few hours by restarting my computer and while it was reloading i quickly jumped into the task manager and stopped the process by clicking on the number. I also stopped any process associated with the name or number above. Then I found the program and deleted it using Programs from the start menu.
good luck. this could bring a grown man to tears
Tanya,
Thank you for sharing your steps to remove this pain of a virus.
The malware was really effective…..I was really scared…but the malware u provided did the job
Hence I thank u…n appreciate the product
thnk u very much…………
I got the cookie thanks a lot
Ashish,
I am glad we can help!