Security Tool

Security Tool is a rogue antivirus program that displays false scan reports intended to convince the user that his or her computer is infected with various forms of malware. This misleading software will tell the user that he or she needs to purchase the full version of the software to remove these threats. These so-called infections do not actually exist, however, as they are only attempts to frighten the user to purchase the full version of the software. This rogue is designed to scam the operator into giving the fake purchase panel their credit card number and information.
Methods of infection/variants
This fraudulent program is promoted through dangerous Trojans and hijacked browsers. It is fairly easy to determine the presence of the virus, as warning pop-ups continuously appear. Security Tool is a clone of Total Security 2009.
Another method of infection is that the user is directed to go to fake video websites. When the user clicks on the "video", a box will pop up with what appears to be a flash player update. It is actually the installation file for the Security Tool program. If the user clicks on it, then it will claim that there was an error in the update, and the "video" will not play. However, the Security Tool virus will not appear until the computer is restarted.
Also, a user might be redirected to a site titled "My Computer Online Scan". This site appears like the "My Computer" Window in Windows XP and will look like an online scan. However, the scan essentially the same thing as the Security Tool scan and after the scan, a normal-looking OS prompt will appear with the only options being to choose "Yes", or "No". Either button will install Security Tool onto the victim's computer immediately and will begin its first fraudulent scan. This happens usually due to a browser hijacker being present in a user's system. Installation through a hijacker can vary from including both the site and the OS prompt or just the OS prompt on its own.
It has also been known to mimic the Mozilla Firefox update screen, informing the user to update flash player.
Symptoms of infection
Security Tool gives unrealistic warnings from the Windows Security Center when downloaded onto the computer so that the user believes that the software is real and that their computer is legitimately infected with malware. It can lead to the worsening of the state of the computer system; and can also dramatically delay the speed of the computer. Security Tool also hijacks the web browser, essentially blocking the use of the browser. Every time the user attempts to run any program or any .exe file, it states that Security Tool has blocked it and prompts the purchase of Security Tool, which is supposedly required to delete malware. Messages that Security Tool tells the user can include:
"Your Computer is Infected!" and "Warning! 55 Infections Found!" With the next message being a prompt to upgrade to "full protection". The number of infections is randomly generated, making it extremely obvious when the numbers are inconsistent between scans; or that there is more files you aren't allowed to open than the number shown in the scan.
"Spyware.IEMonster activity detected. This is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs.
Click here to remove it immediately with SecurityTool."
"Security Tool Warning
Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss.
Click here to block unauthorized modification by removing threats (Recommended)"
"Malware LSAS.Blaster.Worm is trying to use .exe to steal credit card numbers and send them to a hidden PC"
An occasional symptom of Security Tool is the computer failing to acknowledge that a flash drive has been inserted into the USB slot.
Another symptom is that the computer's default desktop becomes an empty black or yellow screen with no icons, shortcuts, etc. displayed.
Depending on the severity of the infection, the computer may instantly shut down upon reaching the Windows login window as well as possibly disabling safe mode (by means of a BSOD upon entering it).
Security Tool Registry Entries
*HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “SecurityTool”
*HKEY_CURRENT_USER\Software\Vista Antivirus 2010
The best way to get rid of it is to restart your computer and go into Windows safe mode by pressing F8. When in safe mode choose "system restore" up to the last date before Security Tool was installed, and start the restore to get rid of the problem.
< Prev   Next >