´Security Tool´virus
 

I got infected with this security tool virus yesterday, its a bit of a bugger ´cos it blocks everthing on the computer, but seem now to have got rid of it.

This virus is fairly old, and as i´m running Microsoft Security Essentials- totally up to date- I wonder how this virus got through? Surely the dfinition updates would cover this virus?

This is the 1st virus I´ve been hit with so just curious that even with updated antivirus how these óld´viruses can still get through :8

The rogues are being updated/morphed all the time. Almost all AV's, by nature of their reactionary process, will only detect the latest variant when they have a sample of same, and add it to the database. By which time a new variant is released.

This is multi million dollar business. The only way to prevent such things is to use a good behaviour blocker, and/or have a multi-layered security approach that you understand and can manage.

As you see, just an antivirus is sometimes not enough.

With your specific recent infection, I'd be inclined to download the free version of MBAM (get it here) Malwarebytes install it, update it, and run a quick scan. Remove anything it finds.

Mbam is a very good demand anti malware scanner. Like Spybot or AdAware, but updated.

Sorry to bang on about it, but don't run as an administrator or equivalent.

Viruses and other nasties mostly operate with the privileges of the logged-in user, so if you have no ability to modify the OS and / or install nasties, neither does the malware.

SD

Something I found strange after reading the OP was the results I found after doing a google search on the issue.

I found a HELL of a lot of IDENTICAL posts on various forums, including Microsoft's, with the wording being identical to the original post here.............



Just sayin

Being using the internet for nearly 20 years so getting my first proper virus came as a bit of a surprise. I appreciate now the comment that a virus has to be released before a solution can be found, so I´m guessing I was just unlucky.
I changed from AVG to MSE only about a week before (´cos it seemed to slow my ´puter down) and was thinking initially that MSE was maybe not so good.

@ hellsbrink

Really not sure what you are getting at?? Identical, I doubt it, but very hard not to describe the problem without it sounding similar to other peoples experience, i would assume.

AVG isn't bad, pretty good detections, about the same as most other AV's, including MSE.

People sometimes blame the AV for letting one through, and change to something with a better reputation. This usually makes little difference; almost all of them will let one through, on the wrong day. So what MSE might block on one day (and AVG, or Avast, or Norton fail to block) the others might block on another day, a different variant, and AVG (say) lets through.

If you're otherwise happy with MSE, and it doesn't slow the 'pooter down like AVG does (it has that reputation with a lot of users) I'd stick with it.

Or try Avast.;)

Interesting since I got nailed by this yesterday! It totally disabled my
McAfee and even after I got rid of the virus, McAfee kept switching off. I'm currently with AVG which seems to have sorted the problem.

I had the same problem about six weeks ago and it disabled my laptop,getting past Spyware Doctor and Avast,it disabled both!!My local computer doctor recommended downloading Malwarebytes via the Safe mode with networking route.It worked a treat and all is now well.
Colin.
This same virus wanted me to pay $59.95 for their security programme.

I'd be interested to hear HOW you victims were caught!

I've just spent an interesting couple of hours getting shot of this from a friends PC. It had crippled the desktop and Avast (first failure I've ever had after loading Avast free for a couple of dozen people). A 'safe mode' scan with MBAM found nothing!!! I then tried RKILL which gave me back control. Another scan with MBAM didn't find anything either:confused:. I also ran CCleaner. However on a complete restart it's now gone and I cant find any lingering trace?
I thought RKILL just gave back control while the infection was dealt with, so I'm at a loss as to where the files and reg entries are. Any idea anyone?

@BOAC
So would I! The lady in question had OE open at the time (minimised) and was uploading to ebay at the time when everything closed down and the desktop appeared with all that scaremongering crap on it!

Snap,I had IE open when a blue screen superimposed itself on my PC,it had large red message on it which told me I had become infected with a virus and I should download their System Tool at a cost of $59.95.PC totally frozen,all I could do was switch off the power and try again with the same result.Thats when I rang our local computer expert and he told me what to do and he didn't charge.His home visits are £20.00 an hour on a no cure no pay basis.
Colin.

Mine was also whilst working with Ebay!

Safe Mode MBAM needs to be done in Safe Mode with Command Prompt, as most of the newer variants of virus embed themselves in explorer.exe and hence are active even in safe mode. Hence you need to manually start MBAM.EXE from the command prompt.

Alternatively schedule a boot time scan with AVAST or AVIRA .(yes, or run these from a DOS prompt)

Did a boot time scan with Avast, still found nothing:confused:
The other option I might look at, although at the moment after switching off and on again all appears to be ok.

This 'System Tool', rather than Security Tool, hit my laptop while using Google. After reading here and online I fixed this as follows:

Press F8 while starting to get to safe mode. Go to system restore and restore to recent date.

Why doesn't McAfee pick this up?

Thats how I did it but I could not recover my McAfee:confused:

I had this last week took me 2 days to find it, as none of the common virus/malware software got rid of it! It was hidden as a Java plug in, found and disabled it in safe mode. The only way I found it was going to the microsoft website and running a full service scan (free) that detected it after several hours but could not remove it! but at least it showed me were it was.

I tried so many different methods but none of them touched it, but stumbled across the Java thing and follwed the posters on screen resolution and its fixed it.

This nasty little bugger starts off as a Spy Tool trying to sell you software whilst disabling your installed antivrus, after a while it stops this and starts redireting your google searches, no idea were it came from though.

The claw, thats because you have not got rid of it, just doing a recovery still leaves the trojan on your PC.

You folk who got the infection, are you using the latest Java?
Current version is 6, update 24.

I have seen the exe (of the variant I saw- there will be many different variants) run from a temp folder in the Java cache. Maybe that's why running Ccleaner (in one case above) seems to have helped remove it.

Part of the removal for me included deleting that file in the cache.

NT, If it is still there AVG isn't picking it up and everything (fingers crossed) seems back to normal?

AVG didnt pick it up for me either, sounds like you have a result though, is everything working at normal speed? if you have a few hours spare might be worth running the full service from microsoft, it defrags as well as find things that shouldnt be there.

Windows Live OneCare safety scanner: Free online tool for PC health and safety

What's the name of this virus?

Spy Tool and/or Security Tool

Oh ok, I got hit by this the other day:-

Encyclopedia entry: Rogue:Win32/FakePAV - Learn more about malware - Microsoft Malware Protection Center

As soon as it popped up on the screen I thought it looked "hooky", so I shut down my browser and started a scan. Microsoft security essentials cleared it no problems, so I guess it wasn't the same thing.

Nearly There, thanks a million for that link.:ok: My computer is now much faster!

That virus is definitely linked to Ebay, whilst browsing Ebay I had another attack only this time it was stopped by AVG.

Apologies
 

Bugger, think I have a similar problem.
A fishing website has unwittingly been hosting something nasty in Java apparently and last night PC started displaying multiple windows "store" failure messages, the badness stops only after un-installing AVAST completely and restarts when AVAST is reloaded.

Any hints on online viri checkers that check system before you reload an AV program??

GR

Sorry guys should open eyes more :ok:

Malwarebytes

Download it, update it, boot into safe mode with command prompt and navigate to c:\program files\malwarebytes' antimalware by using 'cd' commands in the command prompt, then run mbam.exe
Do a full scan, and remove anything it finds that's bad.

It seems that the PC won't let me use safe mode as it no longer recognises the Admin users password!

Hmm.

Hari Kari time.

Have you tried just hitting return ie a blank password?

No GG I have never never heard of that one :( --what happenned was eventually the person remembered her admin password (spaces are a terrible thing) and it went to the welcome rotating blue circle working symbol, then about 10-15 seconds later reverted back to the wrong password/user name window thing.

Also I have isolated all startup items via msconfig, still doing it, last software addition-from HP [cd for a new printer], has been removed, can't get fully into safe mode,[ however it tries to load windows files but freezes/stops at one called #####CHDISK#### in the file listing ......:ugh:] running full malware scan at preent but obviously not in safe mode.

Thinking of booting from the supplied Dell OS disk to see if it will go into a OS repair mode........................scratching head now I'm afraid...

GR.

Offline NT Password & Registry Editor
:ok:

Picked mine up from iMdB checking out who the gorgeous actress in The Sea Wolves is/was. (Barbera Kellerman if anyones curious).

Avast would scan but CCleaner wouldn't. I did a system restore to the previous week and ran CCleaner in safe mode. This seemed to do the trick. A quick (half an hour) Avast system scan picked up nada, but all seems ok now.

It seems a Java vulnerability is letting it in, from what I can glean from the t'interweb. :ok:

Thanks for the link to Mbam.:ok:

Glad Rag You can start in safe mode by swithching on from dead while holding the F8 key down. You don't need any password for this.

Microsoft Essentials stopped something from eBay yesterday. Big red screen warning stating that "shopping.Ebay" page was unsafe and not to continue.

Clicked off the page and came back later with no problems.

A lot of websites are currently dangerous due to poisoned adverts.

Tainted ads punt scareware to surfers on LSE and Myvue sites ? The Register

In other words, every website with ads is a potential risk.

PPD

Hello PPD - long time no see....

Isn't PPRune a website with ad
v e
r
t s

Damn - what has happened to my screen? :)

So we can reclassify Adblock as an anti-virus program then. :)

I'm baaccckkkk
 

http://t1.gstatic.com/images?q=tbn:A...5forIkg_bqDnHA

:)


In my case the damn thing got through adblock/noscript as the "site" already had "permissions" Grrrrr

Which neatly brings me onto a point.
When the site owner casually writes up the infection [on his forum matters thread] as a Java problem and will be" fixed within a week", does this not leave them liable for the damage caused by their continuing to keep their infected site up?

Just been talking to my local PC shop who are rubbing their hands in glee. 48 machines in in 14 days. Culprits appear to be McAffee and AVG at the moment