“Security Tool“virus
Thread Starter
Join Date: Mar 2001
Location: UK/Spain
Posts: 71
Likes: 0
Received 0 Likes
on
0 Posts
“Security Tool“virus
I got infected with this security tool virus yesterday, its a bit of a bugger “cos it blocks everthing on the computer, but seem now to have got rid of it.
This virus is fairly old, and as i“m running Microsoft Security Essentials- totally up to date- I wonder how this virus got through? Surely the dfinition updates would cover this virus?
This is the 1st virus I“ve been hit with so just curious that even with updated antivirus how these óld“viruses can still get through
This virus is fairly old, and as i“m running Microsoft Security Essentials- totally up to date- I wonder how this virus got through? Surely the dfinition updates would cover this virus?
This is the 1st virus I“ve been hit with so just curious that even with updated antivirus how these óld“viruses can still get through
The rogues are being updated/morphed all the time. Almost all AV's, by nature of their reactionary process, will only detect the latest variant when they have a sample of same, and add it to the database. By which time a new variant is released.
This is multi million dollar business. The only way to prevent such things is to use a good behaviour blocker, and/or have a multi-layered security approach that you understand and can manage.
As you see, just an antivirus is sometimes not enough.
With your specific recent infection, I'd be inclined to download the free version of MBAM (get it here) Malwarebytes install it, update it, and run a quick scan. Remove anything it finds.
Mbam is a very good demand anti malware scanner. Like Spybot or AdAware, but updated.
This is multi million dollar business. The only way to prevent such things is to use a good behaviour blocker, and/or have a multi-layered security approach that you understand and can manage.
As you see, just an antivirus is sometimes not enough.
With your specific recent infection, I'd be inclined to download the free version of MBAM (get it here) Malwarebytes install it, update it, and run a quick scan. Remove anything it finds.
Mbam is a very good demand anti malware scanner. Like Spybot or AdAware, but updated.
Spoon PPRuNerist & Mad Inistrator
Sorry to bang on about it, but don't run as an administrator or equivalent.
Viruses and other nasties mostly operate with the privileges of the logged-in user, so if you have no ability to modify the OS and / or install nasties, neither does the malware.
SD
Viruses and other nasties mostly operate with the privileges of the logged-in user, so if you have no ability to modify the OS and / or install nasties, neither does the malware.
SD
Join Date: Jan 2008
Location: The Land of Beer and Chocolate
Age: 56
Posts: 798
Likes: 0
Received 0 Likes
on
0 Posts
Something I found strange after reading the OP was the results I found after doing a google search on the issue.
I found a HELL of a lot of IDENTICAL posts on various forums, including Microsoft's, with the wording being identical to the original post here.............
Just sayin
I found a HELL of a lot of IDENTICAL posts on various forums, including Microsoft's, with the wording being identical to the original post here.............
Just sayin
Thread Starter
Join Date: Mar 2001
Location: UK/Spain
Posts: 71
Likes: 0
Received 0 Likes
on
0 Posts
Being using the internet for nearly 20 years so getting my first proper virus came as a bit of a surprise. I appreciate now the comment that a virus has to be released before a solution can be found, so I“m guessing I was just unlucky.
I changed from AVG to MSE only about a week before (“cos it seemed to slow my “puter down) and was thinking initially that MSE was maybe not so good.
@ hellsbrink
Really not sure what you are getting at?? Identical, I doubt it, but very hard not to describe the problem without it sounding similar to other peoples experience, i would assume.
I changed from AVG to MSE only about a week before (“cos it seemed to slow my “puter down) and was thinking initially that MSE was maybe not so good.
@ hellsbrink
Really not sure what you are getting at?? Identical, I doubt it, but very hard not to describe the problem without it sounding similar to other peoples experience, i would assume.
AVG isn't bad, pretty good detections, about the same as most other AV's, including MSE.
People sometimes blame the AV for letting one through, and change to something with a better reputation. This usually makes little difference; almost all of them will let one through, on the wrong day. So what MSE might block on one day (and AVG, or Avast, or Norton fail to block) the others might block on another day, a different variant, and AVG (say) lets through.
If you're otherwise happy with MSE, and it doesn't slow the 'pooter down like AVG does (it has that reputation with a lot of users) I'd stick with it.
Or try Avast.
People sometimes blame the AV for letting one through, and change to something with a better reputation. This usually makes little difference; almost all of them will let one through, on the wrong day. So what MSE might block on one day (and AVG, or Avast, or Norton fail to block) the others might block on another day, a different variant, and AVG (say) lets through.
If you're otherwise happy with MSE, and it doesn't slow the 'pooter down like AVG does (it has that reputation with a lot of users) I'd stick with it.
Or try Avast.
Interesting since I got nailed by this yesterday! It totally disabled my
McAfee and even after I got rid of the virus, McAfee kept switching off. I'm currently with AVG which seems to have sorted the problem.
McAfee and even after I got rid of the virus, McAfee kept switching off. I'm currently with AVG which seems to have sorted the problem.
Join Date: May 2009
Location: Bradfield CO11 2XD
Age: 81
Posts: 174
Likes: 0
Received 0 Likes
on
0 Posts
I had the same problem about six weeks ago and it disabled my laptop,getting past Spyware Doctor and Avast,it disabled both!!My local computer doctor recommended downloading Malwarebytes via the Safe mode with networking route.It worked a treat and all is now well.
Colin.
This same virus wanted me to pay $59.95 for their security programme.
Colin.
This same virus wanted me to pay $59.95 for their security programme.
Last edited by KING6024; 27th Feb 2011 at 15:40. Reason: Afterthought.
Usual disclaimers apply!
Join Date: Nov 1999
Location: EGGW
Posts: 843
Likes: 0
Received 0 Likes
on
0 Posts
I've just spent an interesting couple of hours getting shot of this from a friends PC. It had crippled the desktop and Avast (first failure I've ever had after loading Avast free for a couple of dozen people). A 'safe mode' scan with MBAM found nothing!!! I then tried RKILL which gave me back control. Another scan with MBAM didn't find anything either. I also ran CCleaner. However on a complete restart it's now gone and I cant find any lingering trace?
I thought RKILL just gave back control while the infection was dealt with, so I'm at a loss as to where the files and reg entries are. Any idea anyone?
@BOAC
So would I! The lady in question had OE open at the time (minimised) and was uploading to ebay at the time when everything closed down and the desktop appeared with all that scaremongering crap on it!
I thought RKILL just gave back control while the infection was dealt with, so I'm at a loss as to where the files and reg entries are. Any idea anyone?
@BOAC
So would I! The lady in question had OE open at the time (minimised) and was uploading to ebay at the time when everything closed down and the desktop appeared with all that scaremongering crap on it!
Join Date: May 2009
Location: Bradfield CO11 2XD
Age: 81
Posts: 174
Likes: 0
Received 0 Likes
on
0 Posts
Snap,I had IE open when a blue screen superimposed itself on my PC,it had large red message on it which told me I had become infected with a virus and I should download their System Tool at a cost of $59.95.PC totally frozen,all I could do was switch off the power and try again with the same result.Thats when I rang our local computer expert and he told me what to do and he didn't charge.His home visits are £20.00 an hour on a no cure no pay basis.
Colin.
Colin.
Join Date: Jan 2008
Location: Bracknell, Berks, UK
Age: 52
Posts: 1,133
Likes: 0
Received 0 Likes
on
0 Posts
I've just spent an interesting couple of hours getting shot of this from a friends PC. It had crippled the desktop and Avast (first failure I've ever had after loading Avast free for a couple of dozen people). A 'safe mode' scan with MBAM found nothing!!! I then tried RKILL which gave me back control. Another scan with MBAM didn't find anything either. I also ran CCleaner. However on a complete restart it's now gone and I cant find any lingering trace?
I thought RKILL just gave back control while the infection was dealt with, so I'm at a loss as to where the files and reg entries are. Any idea anyone?
I thought RKILL just gave back control while the infection was dealt with, so I'm at a loss as to where the files and reg entries are. Any idea anyone?
Usual disclaimers apply!
Join Date: Nov 1999
Location: EGGW
Posts: 843
Likes: 0
Received 0 Likes
on
0 Posts
Did a boot time scan with Avast, still found nothing
The other option I might look at, although at the moment after switching off and on again all appears to be ok.
The other option I might look at, although at the moment after switching off and on again all appears to be ok.
Join Date: Mar 2000
Location: Location Location
Posts: 448
Likes: 0
Received 0 Likes
on
0 Posts
This 'System Tool', rather than Security Tool, hit my laptop while using Google. After reading here and online I fixed this as follows:
Press F8 while starting to get to safe mode. Go to system restore and restore to recent date.
Why doesn't McAfee pick this up?
Press F8 while starting to get to safe mode. Go to system restore and restore to recent date.
Why doesn't McAfee pick this up?
Join Date: Nov 2007
Location: Hoylake
Age: 50
Posts: 414
Likes: 0
Received 0 Likes
on
0 Posts
I had this last week took me 2 days to find it, as none of the common virus/malware software got rid of it! It was hidden as a Java plug in, found and disabled it in safe mode. The only way I found it was going to the microsoft website and running a full service scan (free) that detected it after several hours but could not remove it! but at least it showed me were it was.
I tried so many different methods but none of them touched it, but stumbled across the Java thing and follwed the posters on screen resolution and its fixed it.
This nasty little bugger starts off as a Spy Tool trying to sell you software whilst disabling your installed antivrus, after a while it stops this and starts redireting your google searches, no idea were it came from though.
The claw, thats because you have not got rid of it, just doing a recovery still leaves the trojan on your PC.
I tried so many different methods but none of them touched it, but stumbled across the Java thing and follwed the posters on screen resolution and its fixed it.
This nasty little bugger starts off as a Spy Tool trying to sell you software whilst disabling your installed antivrus, after a while it stops this and starts redireting your google searches, no idea were it came from though.
The claw, thats because you have not got rid of it, just doing a recovery still leaves the trojan on your PC.
You folk who got the infection, are you using the latest Java?
Current version is 6, update 24.
I have seen the exe (of the variant I saw- there will be many different variants) run from a temp folder in the Java cache. Maybe that's why running Ccleaner (in one case above) seems to have helped remove it.
Current version is 6, update 24.
I have seen the exe (of the variant I saw- there will be many different variants) run from a temp folder in the Java cache. Maybe that's why running Ccleaner (in one case above) seems to have helped remove it.