1 reply to this topic

[LollyOllie]

After my sons laptop was infected with Security Tools, it would not let me download Malwarebytes. It would not let me open malwarebytes even after downloading it from a clean computer to a thumb drive and transferring it to a thumbdrive. I even renamed malwarebtyes and it would still not fool Security Tools.

Here is how I removed "Security Tools": (despite the fact malwarybytes wouldnt install or renaming wouldnt fool Security Tools)


My sons laptop got the nasty rogue called Security Tools. It was very slow as it was constantly being bombarded with pop-ups telling us that his laptop was infected and that we needed to purchase their product. He kept getting Security tool warnings. Security tools made the desktop icons disapeear (actually just hid) his desktop icons.

This nasty rogue would not allow his computer to open in safe mode, nor would it allow him to download Spybot, Adware Se or Malwarebytes.

So from my clean computer I downloaded Spybot, Adware Se or Malwarebytes, all of them (saved them) to a thumbdrive and tried to sneak it on his infected computer via a thumbdrive,…no luck.

I download them again, this time renaming them before I download (a trick that sometimes work)….still ….no luck If you rename your anti-spyware or ante-malware the rogue spyware might not recognize the new name and let you run it. Unfortunately this spyware (System Tools) was to smart for that.

Here is what finally worked

From my clean computer I downloaded "HijackThis" to a thumb drive but before saving HijackThis.exe, I renamed it \to explorer.exe.

I stuck the thumb drive into the infected computer, and sent (HijackThis.exe) disguised as explorer.exe to the infected computers desktop.

Even though the computer infected with SecurityTools wouldn’t allow us to download SpyBot or AdwareSe or Malwarebytes, it allowed us to download HijackThis.exe.

Since this bad spyware Security Tool hid our desktop icons, I had to right click on the Windows task bar, and then click Show Desktop so that the desktop icons would appear.

Now that I could see the desktop icons I saw the icon for the spyware SecurityTools. Of course deleting the icon would do nothing but delete the shortcut. But when I right clicked on it and I found clues in the properties:
The nasty booger was….. C:\Documents and Settings\All Users\Application Data\94345126\94345126.exe
So now I knew where the spyware was and the important number 94345126 (note this number varies….your number will probably be an 8 digit number, just right click on the securitytools icon and write down your number.

As the desktop icons were now visible I clicked on the desk top icon for HijackThis.exe that I had falsely named explorer.exe and ran it. I did a system scan only. I looked at the log and found O4 – HKLM\..\Run: [94345126] C:\Documents and Settings\All Users\Application Data\94345126\94345126.exe.
I put a checkmark in this and pressed the “fix checked” button”

After HijackThis.exe did its magic on O4 – HKLM\..\Run: [94345126] C:\Documents and Settings\All Users\Application Data\94345126\94345126.exe.
* * * I could now run the Malwarebytes that I had previously downlowaded to a thumbdrive. * * *
Malwarebytes found (4) problems which I fixed with malwarebytes. I then cleaned out my sons recycle bin.

His laptop is now free from this awful Security Tooks

I had never heard of HijackThis until today. (see Go.TrendMicro.com) I had used Malwarebytes a few years ago. I recommend downloading this from CNET, because you never know what you are getting anywhere else.

[Jaxryley]

Nice bit of work there in getting rid of that rogue LollyOllie.

Malwarebyte's online guide "I'm Infected - What Do I Do Now" recommends Hijackthis in one of the steps.