Security Tool is a rogue antivirus scam, using generic name for disguise. Together with Cyber Security, they are hitting computers hard and forcing users into buying their “full” versions to remove non-existing virus infections. Typically, Security tool states that one’s PC is infected with Spyware.IEMonster or similar parasites, however, the real infections are very different.

The main problem with Security tool and alike is that they prohibit most of downloads and render computer unusable. However, there is a way to remove it.

Step 1.

Check if you can access your Task Manager and Regedit. Task manager can be accessed by pressing ctrl+alt+del and choosing it from menu. regedit is accessed by simply running it.

If you can not access task manager, but you can access regedit, search for TaskMgr entry in registry (using regedit) and delete it. This should reenable task manager.

Alternatively, you can download process explorer (you might need to rename it to iexplorer.exe or iexplorer.bat for launching) . Also, you might need to download it to another PC and bring it using USB drive

Step 2.

If you can launch process explorer or task manager, do it. If not, go to Step 3.

Now you need to kill the processes blocking downloads. Typically, it is run under your username, and not under system user. Search for processes named with random numbers or unknown applications. And stop them. Note down the process names ( you will need these in step 4).

Step 3.

Now you need to check if there are additional blocks to visit other websites. This includes : disabling all proxy servers on your internet explorer or firefox browser, checking your hosts files ( it should be nearly empty, no known sites except localhost).

Step 4.

You have a choice : Search for Security Tool files in Security tool removal instructions or download anti-spyware like spyware doctor, and execute scan and removal.

If you choose manual removal, delete the files you have stopped in step 2 ( with random numbers in name). Also, modify registry and delete all keys mentioning these names.

Step 5.

Reboot and check if everything is ok. If not, repeat steps 2-4 And scan with antispyware you havent scanned. Superantispyware would be my choice nr2, but malwarebytes anti-malware will work too.

Thats it.

Categories: Security

Giedrius Majauskas

I am a internet company owner and project manager living at Lithuania. I am interested in computer security, health and technology topics.

6 Comments

katie · December 26, 2009 at 12:26 pm

Thank you!

anonymous · February 7, 2010 at 1:33 am

I tried what you suggested and even spyware doctor won’t seem to get rid of it. It blocks everything.

    Giedrius · February 7, 2010 at 5:05 am

    There are ways to launch removal programs, anonymous : rebooting into safe mode, launching from another user, or renaming program to something.com or killing security tool processes before launch

opal · March 10, 2010 at 3:33 pm

after using the task manager to turn off the eight digit code in the process tab i used an old webroot spysweeper cd that got rid of it for good thanks for the help to get in to my computer to get the cd to work.

Do not stop removing malware halfway · October 28, 2010 at 3:01 pm

[…] popularity of rogue anti-virus programs, such as Security Tool, or the fake Microsoft Security Essentials clones like Think Point, speaks to the fact that many […]

Palladium Pro – ThinkPoints successor in the wild · January 7, 2011 at 6:26 pm

[…] was lead by ThinkPoint (or fake Microsoft essentials alerts) family of malware. Together with Security Tool Virus it was one of the biggest and the most promoted parasites. Most of other parasite families were […]

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *