Help. 'Security Tool' virus is gumming up PC

Not mine, but my partners. She has a fairly new HP Pavillion PC laptop running Windows 7. She's got a nasty virus she can't get past. Every time she tries to open MS Word, she gets the "Security Tool" popup telling her she's infected and must go pay them $50 bucks or so to clean her puter.

She's tried everything and going boinkers. Any suggestions?

Mods, if this is in the wrong place, please move. Gotta throw her a lifeline, though...

nt

http://social.answers.microsoft.com/Forums/en-US/msescan/thread/09687536-a3ab-4ab3-955d-f3dbd20ff4de

You can find more links by googling "security tool virus."

It's nasty. It shut down his AVG anti virus and malware bytes too.
The only way I could get rid of it was to load malwarebytes from a
thumb drive.

Good luck.

The one I'd suggest is downloading and running Malwarebytes, http://www.malwarebytes.org You can do this for her, burn it to a disk, and see if she can run it from the disk.

Failing that, manual removal instructions are at http://www.2-spyware.com/remove-security-tool.html and http://www.bleepingcomputer.com/virus-removal/remove-security-tool

It's maddening because it blocks major antivirus sites like McAfee and Symantec.

Asking the question in the Computer Group here at DU might net some better responses.

I use this one a lot at my office to clean up infected PC's. It's free and is fully enabled. Here's notes I've made on it. In worst cases I've downloaded ComboFix from Bleeping computer. That one though takes a bit of expertise though they do have a forum with experts that can help you out. On edit also Bleeping Computer has good article on removing this hoax. http://www.bleepingcomputer.com/virus-removal/remove-security-tool

MalwareBytes
They have a free version & a paid version.
Malwarebytes is a site dedicated to fighting malware. Malwarebytes has developed a variety of tools that can identify and remove malicious software from your computer. When your computer becomes infected, Malwarebytes can provide the needed assistance to remove the infection and restore the machine back to optimum performance.
http://www.malwarebytes.org/
If you can’t get to internet explorer from the infected PC then download on a clean PC and copy to a USB drive & install.
Update MalwareBytes to latest Spyware Rules
1. From a known clean computer, install (if it's currently not installed) and update Malwarebytes' Anti-Malware
2. Next, navigate to:
XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\
Vista: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware
3. From that directory, copy the rules.ref file and move it over to a flash/thumb drive
4. Plug the flash/thumb drive into the infected computer and paste the rules.ref file into the appropriate folder above
Note: Be careful as your flash/thumb drive can become infected when using it on an infected computer.

This will ensure that you get the latest definitions onto the infected computer.

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

boot up in Safe Mode with Networking-you will need a wired connection, won't do wireless in safe mode.
Install Malwarebytes and let it update, then do a Full Scan. Let it fix infections. Then reboot in Normal mode and rescan. If you don't Have Microsoft Security Essentials as your antivirus-get it, it's free and install it after uninstalling any other antivirus you have on the machine. If it's an HP it probably has that worthless POS Norton on there.

will pass on all your excellent suggestions.

Who sits around cooking up this diabolical shit? Gonna generate a heap O Krappy Karma...

It has the added advantage of running in the background on your PC so it is constantly looking for threats.

Both my partner and I had to reinstall/restore our operating systems to get rid of it.

Try Malwarebytes first. The problem is that that virus makes it so you can't open Malwarebytes. But try it just in case.

IIRC I fixed my computer by doing a system restore, which was less painful than a full on reinstall. Here are directions to do that: http://www.ehow.com/how_4488032_reset-computer-previous-date.html

that bit of malware was a royal pain.

Then install on an infected PC. If you read their forum there is also a way to rename the install of MalwareBytes if the virus is blocking that.

Also on the last infection I had to cleanup I found out how to update MalwareBytes on a clean PC then copy that to the infected PC. I posted that in an earlier post.

And I've found if all else fails to get ComboFix from Bleeping Computer & run that. There's all kinds of cautions that you should know what you are doing before running but I've so far never found it caused any problems.

So far I've gotten rid of these nasty AV fake software viruses via either MalwareBytes or ComboFix without having to reinstall the Operating System, though of course if the PC is really messed up that is not a bad option.

any anti-virus software.

a) The first time it installed itself, and was listed in the list of Programs. Hovering over the entry, I was able to determine its location. I went to that location, and renamed the file (a weird name, but identifiable by the date.) I then rebooted, and the program did not load. I was then able to delete the file.

b) The second time, it was not listed in the list of Programs. So I thought I would do a search on all the .exe files on my system and look at the date - i.e. the same time about which it started happening. I also deleted a pre-fetch file this time, which meant that if I rebooted it would not even try to load it.

I should have kept more details - the above are a bit vague. But the virus software does not disable the search tool, and one can find recently added .exe files easily - and the date of the file is usually very close to when the problem started happening.

After these steps, I always ran Malwarebytes.

First scan with the free version of malwarebytes http://www.malwarebytes.org/

Second scan with free SUPERantispyware http://www.superantispyware.com/

Third scan with your current virus/spyware protection software that you should already have running on your machine.

These three steps have never failed me.

The one I had, Think Point, would not let me run malwarebytes, so I had to run superantispyware first THEN malwarebytes.

Had to run combofix first...reinstalled windows vista..then superantispyware then malwarebytes...

I wrote a blog since I had to piece together so many different pieces from different web sites...

My husband ran it for about a week or two...rebooting several times per day, so it was EVERYWHERE!

http://antivirustrojans.blogspot.com/2010/10/my-experience-and-my-step-by-step.html

PS...combofix deleted a bunch of stuff...does not give a number, I don't think...then superantispyware found 294..then malwarebytes found another 116!