Restart You computer Safe Mode with Networking:



1. Log out and reboot your machine.

2. When the machine starts the reboot sequence, press the F8 key repeatedly.

3. Select Safe Mode with Networking from the resulting menu.

4. Login. If the malware has changed your password, try logging in as Administrator. By default, Administrator has no password.

5. The machine will continue booting, but the Windows desktop will look different.

Then in The Safe With Networking .Download and Scan By Using Malwarebytes’ Anti-Malware http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=contentBody;mostPopTwoColWrap&cdlPid=10997763

Download and Scan By Using Super Anti-Spyware Press here http://www.superantispyware.com/



Download and Scan By using Norman Malware Cleaner Press here http://majorgeeks.com/downloadget.php?id=5450&file=1&evp=6980e63d4e482f0670e991265b3250e7



Download ATF is a new, freeware, temporary file cleaner for Windows, IE, Firefox and Opera with a simple, easy-to-use interface.



The main screen allows the user to either clean all temporary files, or select files for cleaning. The program also knows if Firefox and or Opera is being used, and gives the option of cleaning the temporary files associated with those applications.



ATF Cleaner provides the user with a window showing the total bytes freed upon completion. The program is small (36kb), quick to run and no installation required. to Download ATF Cleaner press this link http://majorgeeks.com/ATF_Cleaner_d4949.html



6. When you're finished Remove Virus log out and reboot back into normal mode

Security tool is a rogue anti-spyware program that is promoted by trojans.

You havent got it installed, but your computer is infected, so you need to remove trojans.

Here are manual instructions how to get rid of security tool : http://www.2-viruses.com/remove-security-tool

Removal tool

http://removal-tool.blogspot.com/2009/02/malware-of-security-guard-2009-when.html

Security Tool Removal Instructions For Xp

1.Download and run this free cleaner, choose "Select all" and "Empty selected".

(Free)http://download.cnet.com/ATF-Cleaner/3000-18512_4-89432.html



2.Right click on "My Computer and choose "Properties","System Restore tab",check the box "Turn off System Restore to all drives" and hit apply,Ok.



3.Hit Ctrl Shift and Esc at the same time and bring up your task manager and choose the processes tab and look for 4946550101.exe? Rt click on it and choose end process.If you can't end the process move on.



4.When your done shutting it down click on [File] at the top left corner of your task manager and choose New Task (Run).Type msconfig and hit Ok. Go in BOOT.INI tab and tick both "Safe boot" and to the right of that "Networking" and hit Apply and Close.(It will boot in "Safe with networking mode" Choose Administrator)



5.While in "Safe with networking mode" download Malwarebytes.

(Free) http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol

(Note)If you already have Malwarebytes installed and it won't run go in it's program file and rt click on the red mbam app and rename it mbam.bat then rt click and choose send to-> Desktop (create shortcut) now close out of everything and go to your desk top and use that app to launch M-Bam for now on.



6.Right click on the mbam setup app you downloaded and rename it xxxx then Dbl click on it and install and update it and run a full scan and delete/quarantine all entities it finds and restart if it asks? (Note) If it won't update use this link to download and install the latest rules: http://www.malwarebytes.org/mbam/database/mbam-rules.exe



7.Go to Start,Run,type msconfig and hit ok.Go in BOOT.INI tab and untick Safe Boot and then go in the Startup tab and (uncheck) all programs (not) needed at startup (Only check programs you want running all the time like antivirus,IM,etc)"Less is better in this case" and hit apply,close,restart.

Your computer will boot normally and on your desktop a window will popup,check "Don't show this message" box and hit ok.



(Note)Check here for info's on startup programs http://www.techspot.com/startup/

(How to video) http://www.youtube.com/watch?v=rbSwtNiBx5A&feature=channel_page



8..Download Bitdefender free antivirus and install,update,and run a "System Scan" and delete/quarantine all entities it finds

(Free)http://www.bitdefender.com/PRODUCT-14-en--BitDefender-Free-Edition.html



(Note) Don't turn on "System Restore" till your sure your clean and everything is running ok.



If you need more battle plans

drop me an email by clicking

on my name under my avatar?



Stay Safe Out There (^.^)

This is one of the newest polymorphic rogues out as of October 8th 2009. NickLockard.com Remote Service has now successfully removed this infection from multiples systems which the following security scanners failed to detect all of it completely. Malwarebytes, AVG, Combofix to name a few big ones. Security Tool is an infection that requires a manual removing



These are known rootkits security tool packs with its punch



c:\windows\system32\Dc50.exe (Rootkit.TDSS)

c:\windows\system32\Dc51.exe (Rootkit.TDSS)

c:\windows\system32\Dc52.exe (Rootkit.TDSS)

c:\windows\system32\Dc41.000\FILE0035.CHK (Rootkit.TDSS)

c:\windows\system32\Dc58.sys (Rootkit.TDSS)

c:\windows\system32\Dc59.sys (Rootkit.Rustock)



%System Root%\Samples

%User Profile%\Local Settings\Temp

%Program Files%\SecurityTool

%Documents and Settings%\All Users\Start Menu\Programs\SecurityTool

%Documents and Settings%\All Users\Application Data\SecurityTool

Security Tool.exe

uninstall.exe



%UserProf%\Application Data\4946550101

%UserProf%\Application Data\4946550101\4946550101.bat

%UserProf%\Application Data\4946550101\4946550101.cfg

%UserProf%\Application Data\4946550101\4946550101.exe

%UserProf%\Desktop\Security Tool.lnk

%UserProf%\Start Menu\Programs\Security Tool.lnk



C:\WINDOWS\system32\tadeyike.dll

c:\windows\system32\pikusuba.dll

c:\windows\system32\daregihe.dll

c:\windows\system32\bovejuto.dll

c:\windows\system32\lavufanu.dll

c:\windows\system32\boyimeta.dll

c:\windows\system32\Dc48.exe

c:\windows\system32\Dc49.exe (Trojan.Vundo)

c:\windows\system32\Dc56.exe (Rogue.SecurityTool)

c:\windows\system32\Dc57.dll (Trojan.Vundo)

C:\windows\system32\tadeyike.dll

c:\windows\system32\pikusuba.dll

c:\windows\system32\daregihe.dll

c:\windows\system32\bovejuto.dll

c:\windows\system32\\lavufanu.dll

c:\windows\system32\boyimeta.dll

c:\windows\system32\wusorevo.exe

c:\windows\system32\bujusufe.exe

c:\windows\system32\nehirule

c:\windows\system32\jubawiro.dll

c:\windows\system32\noleriji.dll

c:\windows\system32\rumikegu.dll

c:\windows\system32\tonasuta.dll

c:\windows\system32\jomoziyi.dll

c:\windows\system32\harizepu.dll

c:\windows\system32\tonasuta.dll

c:\windows\system32\bujusufe.exe

c:\windows\system32\wusorevo.exe

c:\windows\system32\kozeyizu.dll

c:\windows\system32\venelumi.dll

c:\windows\system32\vohelipe.dll

c:\windows\system32\gatinuro.dll

c:\windows\system32\hijagolu.dll

c:\windows\system32\nijufagi.dll

c:\documents and settings\All Users\Application Data\19251927

c:\documents and settings\All Users\Application Data\19251927\19251927.bat

c:\documents and settings\All Users\Application Data\19251927\19251927.exe

c:\windows\system32\gatinuro.dll

c:\windows\system32\norodifa.dll

c:\windows\system32\ps2.bat

c:\windows\system32\sanidayi.dll

c:\windows\system32\vohelipe.dll

c:\windows\bthservsdp.dat

c:\windows\PEV.exe

c:\windows\system32\lamisefi.dll

c:\windows\system32\hijagolu.dll

c:\windows\system32\wufewoga.dll





HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gasfkyqtyqjwqo (Rootkit.TDSS)

HKEY_CLASSES_ROOT\CLSID\{d03ffaa3-5238-4df8-9a2a-97d2d80ae8d9} (Trojan.Vundo.H)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rotatigov (Trojan.Vundo.H)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\31503719 (Trojan.FakeAlert.H)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d03ffaa3-5238-4df8-9a2a-97d2d80ae8d9} (Trojan.Vundo.H)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\tufuridey (Trojan.Vundo.H)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rirawapola (Trojan.Agent)

C:\Documents and Settings\All Users\Application Data\31503719

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

4946550101.bat 4946550101.cfg 4946550101.exe Security Tool.lnk Security Tool.lnk

%UserProfile%\Application Data\4946550101

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "SecurityTool"

HKEY_CURRENT_USER\Software\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecurityTool

HKEY_LOCAL_MACHINE\SOFTWARE\SecurityTool

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "SecurityTool"

HKEY_CURRENT_USER\Software\Vista Antivirus 2010

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecurityTool

HKEY_LOCAL_MACHINE\SOFTWARE\SecurityTool





The above are examples, it will randomize the names and folder names for the numbers above. You may need to kill off the running process for SecurityTool in order to remove Security Tool. If you are otherwise unable to delete the files that you find, use the task manager to kill off the running process that matches the randomized name for the exe that you find. It will likely stick out like a sore thumb in the task manager. (Very few legit programs have 10 digit numerical names)





After the manual removal, or at least the manual disablin