• Please be sure to read the rules and adhere to them. Some banned members have complained that they are not spammers. But they spammed us. Some even tried to redirect our members to other forums. Duh. Be smart. Read the rules and adhere to them and we will all get along just fine. Cheers. :beer: Link to the rules: https://www.forumsforums.com/threads/forum-rules-info.2974/

Security tool pop ups

mak2

Active member
Yesterday before my wife went to the store she wanted me to run off Kroger coupons for her. I clicked on a link to a page from google search. A Spyware blocker poped up and has popped up hundreds of times since then. It says I have every terrible virus and worm known to man and for 29.95 this spyware firewall blocker can make it go away. It has popped up hundreds of times since. How do I make it go away without paying? I have avast running now. Help.
 

Cowboy

Wait for it.
GOLD Site Supporter
If Your running Avast & its updated , Then its more then likelly a bug in googles search pages & You may very well have nothing wrong . I Would download & update this & run it to be sure .

.http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html


I keep it on My desktop & run it every once in awhile as it will pick up somethings the others wont catch . Let us know how it comes out . FYI NEVER download something from the net that is in a pop up that claims You have a virus . :hammer:
 

jpr62902

Jeanclaude Spam Banhammer
SUPER Site Supporter
Run Ad-aware (by Lavasoft) or SpyBot. One, or both should find the problem.

I used to be a fan of Ad-Aware, but it turned into a huge memory hog. I've switched to Malwarebytes since. Good software.
 

mak2

Active member
I have tried to download the Malwarebyte but the Security tools pop up keep popping up and stopping the program. I shoot down 100's of popups in a minute or two. Probably 10 while I have been typing this. My background for my desktop is gone and every once in a while I get the blue screen of death. Something must be helping because this is the longest I have been a ble to stay on line, dammit there was another popup. So if I aint back for a while it is not because I have been arrested or you guys ran me off. Thanks for the advice everyone, I am trying to use it but....
 

jpr62902

Jeanclaude Spam Banhammer
SUPER Site Supporter
I have tried to download the Malwarebyte but the Security tools pop up keep popping up and stopping the program. I shoot down 100's of popups in a minute or two. Probably 10 while I have been typing this. My background for my desktop is gone and every once in a while I get the blue screen of death. Something must be helping because this is the longest I have been a ble to stay on line, dammit there was another popup. So if I aint back for a while it is not because I have been arrested or you guys ran me off. Thanks for the advice everyone, I am trying to use it but....

Do you have another computer? It sounds like you've got some persistent malware. If you can download the Malwarebytes install file on to another computer, then put it on a flash drive. You can do a search about your specific problem (Is the pop up from Windows XP Internet Security?) and there are some good instructions on how to get rid of it, but it includes editing your registry, so be careful. I just dealt with this in the office a couple of months ago.
 

Cowboy

Wait for it.
GOLD Site Supporter
Mak can You post the name of the type of security its asking you to download ? SpySherriff used to be one of the toughest ones to remove a few years back , But I haven,t heard of it for awhile . Best of luck sounds like you are indeed infected :w00t2:. Bob
 

jwstewar

Active member
My sister just had this same virus on both of her computers. Couldn't do much with either computer. Finally booted into Safemode with Network Support and downloaded Spybot S&D on it. It found the problem (and a few others) and corrected it on both of her computers.

I think Spybot wanted to do 2 or 3 scans on each computer, it finally got both of them cleaned up though.
 

mak2

Active member
Security tool, wants me to send them 49 bucks. It has taken me about 45 min to get to this thread because of all the pop ups, and they pop up over and over. I cant get anything to download because the pop ups seem to stop them. Damn it, this is frustrating. Probably 50 popups that I have to exit out of while I was trying to type this.
 

mak2

Active member
I have tried everything you guys have reccommended, and the security tool blocks everything I try to download.
 

thcri

Gone But Not Forgotten
Once you have the malware file on a memory stick can you try booting your computer in Safe Mode and then try installing it?


Murph
 

jpr62902

Jeanclaude Spam Banhammer
SUPER Site Supporter
I have tried everything you guys have reccommended, and the security tool blocks everything I try to download.


It doesn't matter if you boot up in safe mode. You have to delete the registry entries for the virus before you can reboot and download\install Malwarebytes or some other virus removal tool. Use the instructions Cowboy linked to.
 

Cowboy

Wait for it.
GOLD Site Supporter
At least try to open the Bleeping computer link I posted Mak . Then Scroll down to this & read the instructions rkill.com Download Link , Or If clicking on the link might let you do it from here Download this file . The trojan may not block You But I,m not sure .

Heres some of the instructions in case its blocking the link .

  1. Print out these instructions as we may need to close every window that is open later in the fix.
  2. It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If you find this is the case when following these instructions, then you will need to download the requested files in this guide to another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
  3. Before we can do anything we must first end the processes that belong to Security Tool so that it does not interfere with the cleaning procedure. To do this, download the following file to your Desktop.

    rkill.com Download Link
  4. As this infection hides the Windows desktop, we need to open up a window that allows us to see the icons.

    If you are using Windows XP perform the following steps:
    Click on the Start button and then click on the Run menu item. When the Run box opens, type %UserProfile%\desktop in the Open: field and then press Enter on your keyboard.​
    If you are in Windows Vista or Windows 7 perform the following steps.
    Click on the Start button and type %UserProfile%\desktop in the Search field at the bottom of the start menu. Then press Enter on your keyboard.​
  5. You should now see a window that shows all of your desktop icons, including the rkill.com program. Now double-click on the rkill.com in order to automatically attempt to stop any processes associated with Security Tool and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Security Tool when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Security Tool . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of the guide.

    Do not reboot your computer after running rkill as the malware programs will start again.
  6. Now you should download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:

    Malwarebytes' Anti-Malware Download Link
  7. When the file has finished downloading, look on your desktop for mbam-setup.exe and right-click on it and select Rename. The title of the program will now have a blinking cursor where you can edit the name. Please change the name of the program to Explorer.exe.
  8. After you rename the mbam-setup.exe to Explorer.exe, close all your programs and Windows on your computer, including this one.
  9. Double-click on the icon on your desktop named Explorer.exe. This will start the installation of MBAM onto your computer.
  10. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing and is at the last screen, make sure you uncheck both of the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware check boxes. Then click on the Finish button. If Malwarebytes' prompts you to reboot, please do not do so.

    If you receive a code 2 error while installing Malwarebytes's, please press the OK button to close these errors as we will resolve them in future steps. The code 2 error will look similar to the image below.


    code-2-error.jpg

  11. As this infection deletes a core executable of Malwarebytes', or does not allow it to run, we will need to download a new copy of it and put it in the C:\program files\Malwarebytes' Anti-Malware\ folder. To download the file please click on the following link:

    When your browser prompts you where to save it to, please save it to the C:\program files\Malwarebytes' Anti-Malware\ folder. When downloading the file, it will have a random filename. Please leave the filename the way it is as it is important that it is not changed. You may want to write down the name of the file as you will need to know the name in the next step.
  12. Once the file has been downloaded, open the C:\program files\Malwarebytes' Anti-Malware\ folder and double-click on the file you downloaded in step 14. MBAM will now start and you will be at the main program screen as shown below.


    mbam.jpg

  13. Before you can perform a scan, you must first update the program. To do this click on the Update tab, and that at the new screen click on the Check for Updates button. Malwarebytes' will now check for new updates and download and install them as necessary. When the update is completed, you will be prompted with a message stating either that you already have the latest updates or that they have been updated. Either way, you should now click on the OK button to continue.
  14. Now click on the Scanner tab and make sure the the Perform full scan option is selected. Then click on the Scan button to start scanning your computer for Security Tool related files.
  15. MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.


    scanning.jpg

  16. When the scan is finished a message box will appear as shown in the image below.


    scan-finished.jpg


    You should click on the OK button to close the message box and continue with the SecurityTool removal process.
  17. You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  18. A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.


    mbam-security-tool.jpg



    You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.
  19. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
  20. You can now exit the MBAM program.
  21. As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system. Please note that if you or your company has added custom entries to your HOSTS file then you will need to add them again after restoring the default HOSTS file. In order to protect itself, SecurityTool changes the permissions of the HOSTS file so you can't edit or delete it. To fix these permissions please download the following batch file and save it to your desktop:
    When the file has finished downloading, double-click on the hostsperm.bat file that is now on your desktop. If Windows asks if you if you are sure you want to run it, please allow it to run. Once it starts you will see a small black window that opens and then quickly goes away. This is normal and is nothing to be worried about. You should now be able to access your HOSTS file.
  22. We now need to delete the C:\Windows\System32\Drivers\etc\HOSTS file. Once it is deleted, download the following HOSTS file that corresponds to your version of Windows and save it in the C:\Windows\System32\Drivers\etc folder. If the contents of the HOSTS file opens in your browser when you click on a link below then right-click on the appropriate link and select Save Target As..., if in Internet Explorer, or Save Link As.., if in Firefox, to download the file.
    Your Windows HOSTS file should now be back to the default one from when Windows was first installed.
  23. You can also delete the Explorer.exe program from your desktop.
Your computer should now be free of the SecurityTool program. You may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future, as if you had the real-time protection component, that comes with the paid for version, activated it would not have allowed this infection to install.
If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Associated Security Tool Files:
Please note that the files and folders for Security Tool and SecurityTool have random names.

%UserProfile%\Application Data\4946550101
%UserProfile%\Application Data\4946550101\4946550101.bat
%UserProfile%\Application Data\4946550101\4946550101.cfg
%UserProfile%\Application Data\4946550101\4946550101.exe
%UserProfile%\Desktop\Security Tool.lnk
%UserProfile%\Start Menu\Programs\Security Tool.lnk​
Associated Security Tool Windows Registry Information:
Please note that the files and folders for Security Tool and SecurityTool have random names.

HKEY_CURRENT_USER\Software\Security Tool
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "4946550101"​

This is a self-help guide. Use at your own risk.
BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can ask for malware removal assistance in our Virus, Trojan, Spyware, and Malware Removal Logs forum.
If you have any questions about this self-help guide then please post those questions in our AntiVirus, Firewall and Privacy Products and Protection Methods forum and someone will help you.






Once You do that it should kill the process thats stopping you from downloading malwarbytes .


Mods if This is not OK to do it this way feel free to Delete .
 

mak2

Active member
thanks Cowboy and everybody, man that is a killer virus. Literally. My wife went out and bought me a new laptop, I have been wanting one anyway but she broght it home last night to suprise me. I dont have it up and running yet. Right now I am at work. When my wife bought that laptop she bought a anti virus CD with it and it has already been downloaded to the new one. Is it ethical to download the antivirus on the old lap top or is the user agreement to use it on just one machine? I am going to try cowboys last post when I get home tonight, but the virus blocks everything I try. Thanks again everyone.
 

Cowboy

Wait for it.
GOLD Site Supporter
thanks Cowboy and everybody, man that is a killer virus. Literally. My wife went out and bought me a new laptop, I have been wanting one anyway but she broght it home last night to suprise me. I dont have it up and running yet. Right now I am at work. When my wife bought that laptop she bought a anti virus CD with it and it has already been downloaded to the new one. Is it ethical to download the antivirus on the old lap top or is the user agreement to use it on just one machine? I am going to try cowboys last post when I get home tonight, but the virus blocks everything I try. Thanks again everyone.

Congrats on the new puter Mak , It might depend on Which Anti Virus disk Your wife bought . But as far as I know Unless its windows related it dont make no difference on how many computers you put it on .

Best of luck on the old puter , Just make sure & try to download the rkill first , Even if you have to do it from here I Doubt the virus will let you go to any computer help sites thats why I C&P,ed it here . :biggrin:
 

tsaw

New member
GOLD Site Supporter
CB.. has the answer with that great (long) post. You will have to follow them instructions to the tee.
You certainly have a nasty one. It is so bad that it has put the "fix" in your "hosts" file. The hosts file contains websites that are banned from viewing. Thus - you can't d/l the fix.
 

Galvatron

Spock and Galvatron < one and the same
Might be worth just for a simple solution checking if this virus as been added to your Add-ons on your browser...hit tools on your internet browser and look through the Add-ons.

Happened to my son once but only a stab in the dark from me....good luck Mak.
 

mak2

Active member
I will try it, I am on a different computer now. I had heard of people getting viruses and it shutting down their computer, but I was nto sure I beleived them. Do now. Made mine unusable in seconds.
 
Top