SecurityTool makes your PC INsecure

Secure Tool screenshot

This Trojan Horse seems to be helping you defend against infections. Unfortunately, it’s an infection that’s trying to steal your money.

 

I’ve recently encountered a Trojan Horse program called SecurityTool that has a very convincing friendly facade. When I first saw it, I thought that it was a legitimate antivirus program / firewall, similar to Norton 360. It seems to scan your PC and discover infections. It disables all user programs except itself “for your protection” and hijacks the web browser to point the user to a web page where it attempts to have the user buy a program that will “fix” his/her computer. It’s essentially ransomware. Please don’t enter your credit card number when this program is active — who knows who will then capture your credit card info?!

It looks like this originated from the same evil geniuses who created PC Antispyware 2010: http://russbellew.spaces.live.com/Blog/cns!D5F86162D2CCCC87!495.entry

Here are simple instructions to remove SecurityTool: http://www.2-spyware.com/remove-security-tool.html. I’ve found that the folder that contains the SecurityTool executable may have a different name than the one referred to within the article. You may have luck discovering its folder’s name by booting into Safe Mode (press F8 at startup) and running msconfig.exe to examine the startup group. The SecurityTool executable file is easily identifiable because it will probably be the only startup group executable file that’s located in a subdirectory beneath Documents and Settings.

I’ve used a different removal procedure. I physically remove the infected PC’s hard drive, and temporarily hang that hard drive as a slave from a known clean PC, and then (step1) use the clean PC to scan the infected hard drive. AVG 8.5 will detect and remove the offending executable files. This method treats the registry as just another set of files, so after returning the hard drive to the infected PC, you’ll need to scan it. When you’re done, you will probably be left with a vestigial item in the startup group. To avoid this, note what was removed in step 1 and remove any reference to it within the startup group. (Use either msconfig.exe or SpyBot Search & Destroy in Advanced / Tools / Startup to do this.)

Increasingly, I find myself routinely removing infected hard drives from victims’ PCs to scan them on clean PCs. Otherwise, I’m trying to clean an infected PC with an infected PC.

 

Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s