Security Tool also known as SecurityTool is a rogue antispyware program. It is a clone of widely spread rogue antispyware application called Total Security 2009. Security Tool is distributed through the use of malware and trojans that masquerade as an Adobe Flash Player update.
Once installed, Security Tool configures itself to run automatically every time, when you start your computer. Once running, the software starts scanning the computer and found a lot of adware, trojans and spyware. All these infections are fake, so you can safely ignore them.
Security Tool blocks the ability to run any programs, including Malwarebytes Anti-Malware. The following warning will be shown when you try to run any program:
Security Tool Warning
mbam-setup.exe is infected with worm Lsas.Blaster.Keyloger.
This worm is trying to send your credit card details using
mbam-setup.exe to connect to remote hosts.
While Security Tool is running your computer will display a lot of false security alerts and nag screens. Some of the alerts:
Security Tool Warning
Intercepting program that may compromise your privacy and
harm your system have been detected on your PC.
Click here to remove them immediately with Security Tool
Security Tool
WARNING 23 infections found!!!
Security Tool Warning
Some critical system files of your computer were modified by
malicious program. It may cause system instability and data
loss.
Click here to block unauthorized modification by removing
threats (Recommended)
All of these warnings are a fake and like scan false results should be ignored! Use the following Security Tool removal instructions below in order to remove this infection and any associated malware from your computer for free.
More screen shoots of Security Tool
Symptoms in a HijackThis Log
O4 – HKLM\..\Run: [96015930] C:\Documents and Settings\All Users\Application Data\96015930\96015930.exe
O4 – HKLM\..\Run: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe
Use the following instructions to remove Security Tool (Uninstall instructions)
Step 1
Download HijackThis from here, but before saving HijackThis.exe, rename it first to explorer.exe and click Save button to save it to desktop.
Doubleclick on the explorer.exe icon on your desktop for run HijackThis. If Security Tool hides your desktop icons, then right click to Windows task bar, then click Show Desktop.
HijackThis main menu opens.
Click “Do a system scan only” button. Look for lines that looks like:
O4 – HKLM\..\Run: [96015930] C:\Documents and Settings\All Users\Application Data\96015930\96015930.exe
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Note: list of infected items may be different. Template of the malicious entry: O4 – HKLM\..\Run: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe. Please be very careful, do NOT check any other boxes!
Step 2
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Security Tool infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Security Tool removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Security Tool creates the following files and folders
C:\Documents and Settings\All Users\Application Data\{RANDOM}
C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe.
C:\Documents and Settings\Administrator\Desktop\Security Tool.LNK
C:\Documents and Settings\Administrator\Start Menu\Programs\Security Tool.LNK
Security Tool creates the following registry keys and values
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
Hello,
I’ve been reading some of the help notes on this application (PC infected, and it keeps coming back). I did run Malwarebytes and it found some items, but it seems still to be embedded in my PC.
I was looking in the registry and found a TEN-digit number there in a few places (the RUN area, Software, etc), when all of the times I’ve killed Security Tool (or wounded it), it was an EIGHT digit number.
Since I didn’t know how to stop it originally, and booting in Safe Mode only made my PC crash, could these be remnants that are letting it come back?
Thanks for any advice you can offer.
This is how I removed Security tool from a laptop,
First of all its important to know where its installed in your computer, you can do this by right clicking the shortcut and choosing the properties, it usually shows the folder and subfolders such as C:\programdata\securitytool… etc. this is just an example, in the laptop it was installed in the program data folder and not the programs, the other thing is it was using a different name, and the most annoying of all is that it uses numbers rather than letters e.g. 1337722, and it hides the program data folder so you can not go into C: and the program data, you have to type it in the explorer address bar.
To remove it start windows in a safe mode, and assuming you know where its installed go to the folder by typing it, and just delete the whole folder, that is the one that contains the security tool usually numbered. that is all you need to do.
I think, knock on wood (because it has seemingly been dead before) it might be gone. I did remove the 10-digit number from everywhere in the Registry except the search area (where it must keep records of things you looked for).
Booting in about 3 minutes instead of 5, and no problems so far!
Thanks!
Don’t listen to the short sighted, greedy, misinformed, uneducated, ignormaus, terorist name sounding, douche, named Ashuun! If you have seen references to one of those 10 digit file name files, then you have a trojan virus. Which means that deleting the folder will resolve the issue temporarily but hte problem WILL come back. You HAVE to run a full malware bytes scan in safe mode to ensure the removal of the virus/malware.
Hi, I recently downloaded hijackthis.exe. My computer has the SecurityTool virus.the scan results did not present any numbers 96015930 anyplace. any comments?
Tammy, “96015930” is example. The virus uses random numbers to hide itself.
hello i just fixed it yes it done my head in lol. Thanx allot !!! by the way tammy just check the ones saying [hmtl] hope this helps…
LEGENDS!!!!!!!!!!!!!!!!!!
Thanks a lot!!!!!i cud remove that bugger security tool from my laptop by following the steps u mentioned above….CHEERS!!!!
Ok how do i get this security tool off my computer when it wont even let me go to a web sight to download anything..
I encountered security tool 59723026. I got rid of it within a few hours by restarting my computer and while it was reloading i quickly jumped into the task manager and stopped the process by clicking on the number. I also stopped any process associated with the name or number above. Then I found the program and deleted it using Programs from the start menu.
good luck. this could bring a grown man to tears
tutman, Please read the article: How to reboot computer in Safe mode, but reboot your computer in the Safe mode with networking (Select second option in the Advanced Options Menu).
In the mode try download and use HijackThis.
Hey all I just finally dealt with Security Tools, which I think came up while watching a movie online. My anti-virus and firewall were off to test other things.
Well I noticed all these links to downloading SpyDoctor, and with all the amazing comments, I was about to pay for it (even though a cost was not advertised).
SpyDoctor also seemed to know lots about this Security Tools ;S
It even showed the name SecurityTools as a problem found!
Well I kept looking and found SpyBot Search and Destroy, a very civilized program that asked you to donate what you thought the program was worth. It did find errors, but it did not work for removing SecurityTools.
I checked around my computer and found that I also had MalwareByte’s Anti-Malware and THAT WORKED! Boom a quick scan and ST is gone. THAT is the one to get. Its free.
Wow it really does work!! Its so much of a relief.
Thank you sooooooooo much
i cnt get rid of the security tool help these instructions dont work is there some thing i can pay to get it done
carol, ask for help in our Spyware removal forum. I will help you.
This is what I did…took it from one of the comments here..it worked great!! THANK YOU!
This is how I removed Security tool from a laptop,
First of all its important to know where its installed in your computer, you can do this by right clicking the shortcut and choosing the properties, it usually shows the folder and subfolders such as C:\programdata\securitytool… etc. this is just an example, in the laptop it was installed in the program data folder and not the programs, the other thing is it was using a different name, and the most annoying of all is that it uses numbers rather than letters e.g. 1337722, and it hides the program data folder so you can not go into C: and the program data, you have to type it in the explorer address bar.
To remove it start windows in a safe mode, and assuming you know where its installed go to the folder by typing it, and just delete the whole folder, that is the one that contains the security tool usually numbered. that is all you need to do.
Comment by Ashuun — October 14, 2009
WOW that was some slick!!!!!! shit man.
thanks a zillion it really helped a bunch
i was infected too, did all of the above and it got rid of the virus. problem now is that i dont have anywhere near the performance as before…very slow and frustrating. i assumed it was still hanging around somewhere, but i have scanned multiple times by different spywares, incl malware, and it finds nothing. Anyone have any ideas
larry, probably your are sill infected with unknown hidden trojan/rootkit. Make a new topic in our Spyware Removal forum.
man thanks my computer was almost dumbed by that fucking security tool thanks alot u saved money thanks alot
i got caught up in this before searching and paid the $50. Then found out what it was and got rid of it from malwarebytes. My question is is anything known from this person(s). Any one had excessive unauthorized charges from this or just the fifty bucks. Want to see if anyone knows what they are doing for getting a new cred card
jjo_rocker, if you have already purchase the program, contact your credit card company and tell them what has happened.
Appreciate the help in removing Security Tool f…k
Kudos to Malware Bytes.
this security tool sh it is a set up
i cant get malware
Can anyone help me? I’ve downloaded MBAM.exe, Spydoc, and God only knows what else. This security tools crap won’t allow any program to run or open… I barely get IE up & running! What do I do if I can’t run MBAM or SpyDoc? PLEASE HELP!!!!!
Myles, you need use HijackThis before Malwarebytes. Also you can ask us for help in our Spyware removal forum.
Thanks So Much now them fuckers is dealt with.
I tought my computer was gonna get destroyed so i googled “how to delete Sercuirty tools” and found this.
Much Love for those who made this site..
Cheers!
Thank you so much! This really helped and worked perfectly! That stupid tool (pun intended) was ruining everything! Keep up the good work!