Security Tool also known as SecurityTool is a rogue antispyware program. It is a clone of widely spread rogue antispyware application called Total Security 2009. Security Tool is distributed through the use of malware and trojans that masquerade as an Adobe Flash Player update.
Once installed, Security Tool configures itself to run automatically every time, when you start your computer. Once running, the software starts scanning the computer and found a lot of adware, trojans and spyware. All these infections are fake, so you can safely ignore them.
Security Tool blocks the ability to run any programs, including Malwarebytes Anti-Malware. The following warning will be shown when you try to run any program:
Security Tool Warning
mbam-setup.exe is infected with worm Lsas.Blaster.Keyloger.
This worm is trying to send your credit card details using
mbam-setup.exe to connect to remote hosts.
While Security Tool is running your computer will display a lot of false security alerts and nag screens. Some of the alerts:
Security Tool Warning
Intercepting program that may compromise your privacy and
harm your system have been detected on your PC.
Click here to remove them immediately with Security Tool
Security Tool
WARNING 23 infections found!!!
Security Tool Warning
Some critical system files of your computer were modified by
malicious program. It may cause system instability and data
loss.
Click here to block unauthorized modification by removing
threats (Recommended)
All of these warnings are a fake and like scan false results should be ignored! Use the following Security Tool removal instructions below in order to remove this infection and any associated malware from your computer for free.
More screen shoots of Security Tool
Symptoms in a HijackThis Log
O4 – HKLM\..\Run: [96015930] C:\Documents and Settings\All Users\Application Data\96015930\96015930.exe
O4 – HKLM\..\Run: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe
Use the following instructions to remove Security Tool (Uninstall instructions)
Step 1
Download HijackThis from here, but before saving HijackThis.exe, rename it first to explorer.exe and click Save button to save it to desktop.
Doubleclick on the explorer.exe icon on your desktop for run HijackThis. If Security Tool hides your desktop icons, then right click to Windows task bar, then click Show Desktop.
HijackThis main menu opens.
Click “Do a system scan only” button. Look for lines that looks like:
O4 – HKLM\..\Run: [96015930] C:\Documents and Settings\All Users\Application Data\96015930\96015930.exe
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Note: list of infected items may be different. Template of the malicious entry: O4 – HKLM\..\Run: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe. Please be very careful, do NOT check any other boxes!
Step 2
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Security Tool infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Security Tool removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Security Tool creates the following files and folders
C:\Documents and Settings\All Users\Application Data\{RANDOM}
C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe.
C:\Documents and Settings\Administrator\Desktop\Security Tool.LNK
C:\Documents and Settings\Administrator\Start Menu\Programs\Security Tool.LNK
Security Tool creates the following registry keys and values
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
Will McAfee antivirus remove this Security Tool nonsense?
Very helpful guide on removing Security Tool. One thing worth mentioning is the “96015930.exe” executable file will be unique to each infection. So you are looking for a 10 digit numbered .exe file. Once you stop and delete this file it is not that hard to fully remove the rest of this thing.
I NEED HELP PLEASE THIS SECURITY TOOL WONT COME OFF MY LAPTOP!!
Ava, if the instruction above does not help you, then ask for help in our Spyware removal forum.
hurray …. thanks dear .. it helped me solve my problem
My vista PC had this. the hijacker works good to allow a scan to be run. my process was 27690529.exe . this thing was a pain. thanks for posting the above directions.
thank you
i download hijakthis but i can’t scan because every time i double click the icon in the desktop security tool interferes then appears on screen “explorer.exe.exe is enfected w/ wormLsas.blaster.keyloger…can you help me pls!
bill, download it again, but in save dialog rename Hijackthis.exe to explorer.exe. This is important!
Thank you very much! God bless you for posting this. It helped me solve the problem.
Thank You sooo much!! The Security Tool has gone!!
We just got hit with “Security Tool” on a Vista Home Premium Rig w/ SP2. The hit came in on a pdf through Adobe Reader 9.1.3. It appeared only hit the affected user. So I was able to login with another user acct okay. But the suggested scan there yielded no info. Which is not unexpected in Vista.
I had to boot in Safe Mode and login with the affected user to kill the trojan startup. On first reboot, I found _ex-08.exe running and siszyd32.exe in my startup. I killed these from running and the MSconfig startup. On the next reboot Windows Defender found and cleaned “Trojan:Win32/Hiloti.gen!C”
I think I am clean now but I will be ditching McAfee and will be reloading with TrendMicro before the night is out. Thanks for the assist guys. Mucho Gracias!
UPDATE: windows Defender did not Kill this for good. On my third reboot after thinking this was clean, _ex8.exe was back. I am going to run the MalwareBytes AM s/w and we’ll see after that.
Thank you so much for the instructions. My husband’s computer was hit today with this and we have no idea how he got it. This fix worked wonderfully – we’re back in business with just a small amount of frustration towards our antivirus-antispyware program. We think we’re paying for the best, but somehow this skated through.
will mcafee help remove security tool ?!?
geraldine, probably yes.
i really want to thank you its so powerfull and simple.its really wooooow. i advice all of you to do the instruction as above and its will work, dont try another websites.this is the best,thanks again
This has worked for me so far for Windows Vista, because Security Tool would not let me install regcure or Spyware Doctor. I rebooted in Safe Mode –might have to hit F8. I first took the ST icon off my desktop then went into the Control Panel and into Folder Options. Clicked on View, then Show Hidden Files and Folders. I then right clicked on the Start button and then clicked on Explore went to Programs which brought up a list with Security Tools on it. I right clicked on it and deleted it. Then I emptied my Recycle Bin – you may have to empty each item manually. Then I went into Accessories and down to System Restore and picked an earlier restore point. When it restarted my desktop was back to normal and the ST icon was gone from my startup. I think if the person who started this pain in the a*& spyware is ever found, they need to be put in front of a firing squad and I get first shot. Hope this might help you. I was about ready to puke. I just hope this did it , but so far so good.
my god that security thing is driving me nuts. finally doing what this website says and with malwarebytes. i hope i get rid of it. its icons are still on my bar at the bottom and still dont know how to get the sob off.
kimberly, probably this is only icon. Right click to it and select Delete.
i appreciate all the help from every site i have gone to but none of them worked at all.security tool wouldnt even let me run any kind of virus scan and such.I dont know why this worked for me but i went into safe mode and restored my laptop to a previouse date so maybe others could try that . it worked for me:) shrugs and such a simple solution to a big problem ,i dont know maybe i was just lucky.
I have no computer experience. I got this Security Tool virus on my laptop today and I want to use the Malware Byte Anti-Malware, but don’t know how to do it. Is there a website on which I can find this? What is the process. Please help. Thank you!
JACT, follow above instructions.
When I scanned with Hijack this, I did not see the O4 – HKLM\..\Run: [xxxxxxxx] C:\Documents and Settings\All Users\Application Data\xxxxxxxx\xxxxxxxx.exe
I’ve dealt with this virus before and last time I was able to see it.
Jake, ask for help in our Spyware removal forum.
what is security tools phone number? i’m going to call and give them a peas of my mind
THANK YOU SOOOOOO MUCH!! I was very fustrated when i thought i couldnt get rid of it and therefore had to pay someone else to fix my computer. But these instructions worked well, its gone. Get the HIJACTHIS first then download malwarebytes. After downloading hijackthis, suddenly my windows defender ‘woke up’ and the pop up stopped and the malware removed the nasty piece of work!
But how can i be sure that IT IS REALLY gone and won’t come back again. Is is safe to start logging on into my emails and online banking? I thank you sooo Much!
ALSO MINE WAS A 8 NUMBER DIGIT (93999241), so i guess it can range from 8 to 10
flora, you can also check your PC using an virus online scanner.
Unbelievable. It worked, I do not believe it.
I just devirusat laptop a very dangerous virus blocking all executable files (. Exe) (Security Tool)
Thank you all for your help.