SEARCH

How-To Geek

How To Remove Security Tool and other Rogue/Fake Antivirus Malware

If you have a PC infected with Security Tool, you’re probably reading this article so you can understand how to get rid of it. Thankfully we’ve got the instructions to help you get rid of this virus.

Security Tool is just one of many fake antivirus applications like Antivirus Live, Advanced Virus Remover, Internet Security 2010, and others that hold your computer hostage until you pay their ransom money. They tell you that your PC is infected with fake viruses, and prevent you from doing anything to remove them.

image

This particular virus blocks you from doing most things, like Task Manager…

sshot-2010-01-21-[00-28-01]-[1]

It also gives you loads of error messages that just seem to pop up constantly.

sshot-2010-01-21-[00-30-29]-[1]

And worse, it blocks you from running malware removal tools:

sshot-2010-01-21-[00-34-56]-[1]

First we’ll walk through the general steps that usually apply, but you can skip down to read the specific steps that we used to remove this virus.

Removing Rogue Fake Antivirus Infections (General Guide)

There’s a couple of steps that you can generally follow to get rid of the majority of rogue antivirus infections, and actually most malware or spyware infections of any type. Here’s the quick steps:

Those are the rules that normally work. Note that there are some malware infections that not only block safe mode, but also prevent you from doing anything at all. We’ll cover those in another article soon, so make sure to subscribe to How-To Geek for updates (top of the page).

Removing Security Tool

Since the above steps don’t always work, and Security Tool seemed to do a pretty good job of killing the malware removal tools I tried to use, I found another method to kill the virus off so I could begin the work of removing it.

First, we’ll need to know the username—if you aren’t sure what that is, right-click on the Start button and choose Open, then you can see it right in the location bar:

image

Next, open up the Start Menu, and then click the Run button (or use the Win+R shortcut key), and then type in the following command, substituting your own username if it is something other than administrator.

taskkill /f /fi “username eq administrator”

Note: If it doesn’t kill the virus the first time, you might have to use it again. Don’t be alarmed when your start menu disappears.

image

If all went well, the virus is dead and so is everything else including your start menu. Use the Ctrl+Shift+Esc shortcut key combination, and then go to File –> Run, and type in explorer to re-open the start menu and taskbar.

image

Note: If you find that the virus still isn’t dead, you can repeat the steps again.

Use SUPERAntiSpyware to Clean the Malware

Now that we’ve killed off all those processes, we’ll get to removing the actual malware from the system by downloading SUPERAntiSpyware and installing it. You should be able to grab the full version, or you can use the portable variety that we’ve already recommended.

image

If you grabbed the full version, make sure to use the Check for Updates button, and then click the Scan Your Computer button… make sure to perform a Complete Scan, and select all of your drives. 

image

Once it’s done, it’ll let you remove them all in a click, and then prompt you to reboot. Job isn’t done, however!

Install Malwarebytes and Scan 

Next you’ll want to install MalwareBytes and run it, making sure to run a full scan. The main reason to do this is because there’s no way a single malware removal tool can know about every single piece of malware out there, and you may as well make sure your system is clean.

image65

Install Microsoft Security Essentials

You should definitely install Microsoft Security Essentials and run another full scan once you’re done.

Note: If you used a thumb drive at any point during this process, you should make sure and scan that as well—I’ve had viruses hop over to the thumb drive, ready to infect the next machine.

What About You? Had any Virus-Killing Experiences?

Have you had any experience lately killing this virus, or other similar ones? Let us know in the comments, or feel free to email into the tips line at tips@howtogeek.com with your best method for killing these viruses. We’d love to hear your expert feedback!

Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on if you'd like.

  • Published 01/26/10

Comments (186)

  1. Albert Kolkin

    My opinion, a non-lawyer’s, is that what they are doing is extortion. Isn’t a lawsuit or shutdown of the distributors possible?

  2. Mayur

    I just had to remove malware last night on my dad’s friends computer. The thing was riddled with malware, couldn’t open task manager, I got IE pop ups literally every 3 seconds. Tried running malware removal tools but the thing was just so bogged down on crap. Botted into Ubuntu LiveUSB, backed up data, formated and rebooted Windows. All done in an hour and half.

  3. Odeho19

    @ Albert, Let’s play Hide-n-Seek…….Except this is the BIG version……Okay, I’m gonna jump on the internet and go hiding…..now you come find me…..GO!

  4. Slowhand

    I tried various things that were similar to what is suggested above to get rid of Antivirus Live. When I ran windows in safemode with networking, Malware Bytes wasn’t able to find the virus, I think because it wasn’t running yet. I ran windows normally, then as soon as my desktop came up I started Malware Bytes and started a scan. Within a few seconds I started getting pop-ups from the virus, but Malware Bytes was already working. I did have to try and eliminate some of the pop-ups because at one time I came back to my screen and had 3 tabs open on Internet Exporer and they were all hardcore porn. Good thing my 6 year wasn’t in the room. Had to disconnect the net to keep that from happening. Eventually Malware Bytes finished its scan finding 5 infections and I have been clean for weeks now.

  5. Blake

    I’m having problems running “taskkill”. I’ve noticed you mentioned using it a few different times like in in this one and another where you run “taskkill /f /im winlogon86.exe” etc. I’m trying to fix my friends computer and every time I try to run it says taskkill isn’t a recognized command. Am I’m missing something here?

  6. Dinesh

    Hi Geek, please write a review on Hitman pro,

  7. Desert

    It has a nice GUI though. :D

  8. bk

    Once my pc was infected with kidoh(conflicker worm) with Kaspersky installed. Kas gave me a lot of indound attacks warning. kas detected it but couldnt remove it. using registry manual had to remove the keys and delete virused files and had format all cds and pen drives. Kaspersky is good at detection but poor at removal so i switched to eset

  9. Aaliyah

    I dont see my adress bar when i go to the program thing…so when I check the addres bar..it doesnt show up…????

  10. enthreeoh

    If you’re quick enough, you can open task manager before the virus loads and blocks it from launching. I was able to do this to remove anti-virus 2010 from a friends machine. Once I had that removed, I went into msconfig and disabled it from starting up (incase it or some other virus blue-screened me while scanning). I was then able to run mbam and remove it fully.

    Just remember, a virus is a program too, and it’s subject to the same rules as other programs. There’s a hierarchy in loading, and how they load.

  11. Josh

    I tried these steps and couldn’t figure it out. I worked with a guy on remotetaskforce.com who removed it for me. The guy who helped said there are different versions of Security Tool and he said the version I had was in a different location than it usually is but I had a couple other viruses too that were giving me problems.

  12. Dave

    How does this virus get onto a pc with mcafee virus software? I don’t want it to happen again.

  13. Emma

    what happens, if like my mum, you have given your credit card details?? do they take the money or what many thanks

  14. CJ

    I just went through another form of extortion in trying to remove this. I called Dell and found out that I had HARDware warranty not software help. They put me through to their tech person who told me that I had three choices: $239 for 1 year/4 incidents help, $129 for 3 days help or reinstall of system. I had told him that I had directions for how to remove it online and he said I might just get another virus and make things worse. So after paying the $239, they just did what you folks recommended here and I had found similar at bleepingcomputer! I’m mad at myself but not happy with Dell either. I really feel they took advantage of me.

  15. Peter

    Here’s what worked for me:

    First off, download maleware removal software (I used Malewarebyte’s)and then rename the downloaded file to anything of your choosing (myapp.exe, file.exe etc..)

    1. Restart Windows in “Safe Mode”
    2. Start>Run> type msconfig (this allows you to stop the app from starting when your pc boots)
    3. Look for .exe and uncheck it
    4. Restart windows (regular mode)
    5. Run malware software and perform a FULL SCAN
    6. Remove infections and restart PC

    This worked for me, but then again each variation can be different and you might have to do a little more. These “viruses” are getting trickier every time. Sure sucks if you don’t have any PC experience, I feel for these people and try to help whenever possible. I think these companies need to be stopped, somehow…(?)

  16. Peter

    Step 3 update: look for .exe and uncheck it

    Sorry

  17. Lauren

    I downloaded Spyware Doctor to remove Security Tool from my laptop, which appears to have been successful, except that I still have a security tool icon in my toolbar. It won’t delete, rightclicking it does nothing and it doesn’t show up anywhere else I can find. Does anyone know how to get it off? All my scans come up clean and my laptop doesn’t seem to be having any problems… but I’m definitely NOT a pc girl so I’m not sure. Is my laptop still being harmed by this thing if that icon is still there? Do I need to take further steps? Would any of the above entries help me? Ah! I’m so fed up with this thing! Please help, someone!

  18. Lauren

    Finally got rid of it by repeated scans with Spyware Dr. It took me several hours of tedious anxiety, but it’s gone. People who download these programs to remove it: just be patient (I sat through eight scans some of which lasted over an hour) and keep trying, use more than one if you have to, it’s worth it. A word for those who gave away credit card or check card info… go to the credit card company or your bank immediately and file a fraud and/or loss claim! Most likely they will stop payment or reimburse you, as this is pretty easy to prove as being an illegal scam.

  19. Kevin

    rebooting into safe mode with networking will stop this crap app from loading…. i am doing this on my kids laptop right now and seeing it cant load in safe mode i am able to run spybot search & destroy (safe w/ networking you can download/update spybot if needed) and first thing it found was the fake in question amongst other thing that find their way onto a teens computer…. now that it is done and booted up in noral mode and avast installed… i doubt i will see this again… that will teach them to listen to their father =P

  20. cant tell

    aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa the dumb security tool is stoping all of the programs i tri amd cant get it off and it even stops task manager help

  21. Megan

    I’m trying to follow these steps but I can’t open my Internet to download anything please help

  22. eliud medina

    CAN I I US THE ANTIVIRUS FOR ANOTHER TWO COMPUTRE LAPTAP AND DESKTAP

  23. Dave

    For Albert,

    The folks who are doing these are more than likely in a country that ends in “stan” and the in the local market you can buy AK’s and RPG’s. Lawyers might not be much help.

    What might help is rkill http://www.technibble.com/rkill-repair-tool-of-the-week/
    Try all 4 versions to kill Malware processes, then install and run Malwarebytes.
    If that doesn’t work, try ComboFix.
    If that doesn’t work, (hope you backed up) REFORMAT

  24. Lew Glenn

    Your article on How to Remove Security Tool was very well written and appears to have successfully resolved my problem with this nasty pest. Many thanks.

  25. anonymous

    If you have a non-admin account, try logging in under that account and Security Tool will not start. You can then install Malwarebytes to remove.

  26. Dave

    Restart your computer in Safemode with Networking so that you can go online, watch the Security Tool Removal video on You Tube and follow the instructions – I got rid of it in 5 minutes, even managing to restart in Safemode with a wireless keyboard.

  27. Maria

    I tried Safe mode and then System Restore – it restores your computer to a day in the past where it didn’t have the program, but keeps files and stuff intact. It worked! :D
    What a nightmare of a virus! :(

  28. Megan

    If I paid for the antivirus can they get my information again and is there any way to get my money back?

  29. SongThan

    System Restore posted by Maria is the way to remove any virus, but she did not provide how to do it.
    I just removed XP Antivirus today in less than 30 minutes.

    Window restore procedure.
    1) Open Window Explorer
    2) Goto C:\Window\System32\Restore
    3) Open rstrui.exe
    4) select back a good date to restore (date before infected with virus).

    Good luck!

  30. grandtechgeek

    Recently, a client of mine had Security Tool on their Alienware Windows 7 computer. McAfee literally found nothing. Afterwards, I started How-To Geek’s recommended SUPERAntiSpyware which I have used many times and I would also highly recommend. It found 350 infections in almost no time.

  31. Jeffrey T Valerie

    Dear How to Geek

    I am not and no way an expert very much a novice, but I have been putting AVG on all my friends laptops/PC for them and just last week I done this for a friend. Today he called me and showed me that this same thing had happened to his laptop and I saw the same anyway I took it to a company that I used and he recognised it straight away, I only recognised it by the fact I went through the same thing when scareware attacked my PC the same way middle last year and he went through the same thing pressed the wrong button in a panic and embedded it in.

    When you say portable tool you do mean to be held on say your USB Memory Stick, as these viruses are becoming more regular dont you think that a more simplified understanding can be given as to what to look for for beginners that they may be able to see through the viruses when they come.
    Would not that be better and time saving for all world wide I suppose.

    I will be adding your tool but it will have to be tomorrow but so pleased to be able to find your cure and help.
    Your Blessed
    JTValerie

  32. sarah

    Hi , i had this virus on my computer last night , i tried getting rid of it by going into safe mode but the virus took that 2 i spent hours trying to get rid of it last night. I tried sytem restore but that never worked so i restarted my computer in normall mode and got my anti-virus open quick before it took over the program. i done a full system scan it took some time but i got there in the end , it found the viruses and deleted them from my system. i just hope it doesnt happen again.

  33. Sian

    I saved this onto my memory stick, started the computer up on safe mode with network and opened it, and after scanning for just under an hour, it did the trick. Thank you so much for posting this – you’re a life saver!

  34. Dan

    I got rid of this bugger as follows:
    1. go to C:\windows\system32\ and find the task manager executable, taskmgr.exe. I made a copy of taskmgr.exe and renamed it iexplore.exe.

    2. Run your newly renamed task manager (the malware allows iexplore.exe to run so you can access their payment portal).

    3. kill the malware processes and run the anti-malware app of your choice. I used malwarebytes and it cleaned it up just fine.

  35. Ticha

    Just change the file name and the document name then restart your computer after that use the Systems Tools- Systems Restore in your accesories and restore your settings to before you got the trojan and your pc is as good as it was. you dont have to download any software to remove it

  36. Baz

    Maria! You are a genius thank you. That worked a dream and it was so much quicker and easier than so many other methods. Ta

  37. Brian

    Many thanks to all the above posters for the various suggestions. I went the following relatively simple route. Basically it took an hour of carefully reading the suggestions on many web pages, 10 minutes to do the job, and a couple of hours of scanning afterwards.

    I just got rid of SecurityTool from a dell inspiron running vista as follows

    1) Reboot into ‘safe mode with networking’ (hold down F8 while booting). This stopped SecurityTool from starting so now I can see what is going on. SecurityTool had a shortcut on the desktop. Right clicked on the desktop shortcut and looked at ‘properties’ which told me the ‘target’ (ie where to find the exe). It was a file called 80081926.exe, in a folder called 80081926 somewhere below a directory called c:\ProgramData. I gather from the web pages that this number is different on different copies of the virus. Now c:\ProgramData is normally a hidden (system) directory, but ‘search’ in windows explorer seemed to find the bad directory ok.

    2) Deleted the offending 80081926.exe in the normal way for deleting a file. (It went to the recycle bin)

    3) Reboot normally. SecurityTool did not start up, so I have control of the computer back. Looks like the delete was successful.

    4) As recommended, downloaded and ran SUPERAntiSpyware (got rid of about 280 items, mostly adware) and Malwarebytes (found 17 more, mostly adware). Each full scan took about an hour on a machine that has about 70Gb of files. I found the tools by googling their name and downloading each of them from download.cnet.com.

    Good luck to the next readers infected by the virus.

  38. chris_uk

    antispyware is the best of the best ,i took a chance and downloaded this porgram for my infected pc with sistem tools ,, gone in to safe mode with internet and fix all my problems thanks for the perfect program … very graetfull bye

  39. praveen

    Praveen says:
    April 14, 2010 at 10:01 pm

    TRY THIS METHOD

    1. Start the system
    2. Press f8 while booting
    3. Use arraow keys to select Safemode with network
    4. Now you can download the Malwarebytes
    5. Install it and scan the full system
    6. After scan remove the treats
    7. Now restart the system
    8. Now you are ready to go

  40. Regina

    Only this Video helped me to remove this Security Tool
    http://www.youtube.com/watch?v=qCdmPZbdycA

  41. Firas Al Kadhmi

    Hi … I just look for shortcut of security tool in start menu and find location of application ,,,,, then I rename the folder .. and restart computer …. security tool not working and every thing work normally then I delete it

  42. Adrian Lamphier

    thank you so much , i had so much trouble deleting it. now its gone!! yeah!!

  43. John Prescott

    I was having problem,s with this security tool and could not get rid off it but finally after some messing around I pressed F8 ON REBOOT and selected safe mode with networking and then deleted it and it worked computer is now free of this. The only thing I can’ get rid of is the file location on my task bar but it flashes up as not working.

  44. Droid

    Hi How-To Geek and thanks for your useful information about “Security Tool” and other subjects. I recently had to remove Security Tool from a friend’s computer running Vista and thought I would share how I went about it as this might assist others. (I note with thanks earlier comments that contain similar but not as comprehensive instructions.)

    The infection had all the symptoms you have mentioned – including blocking Task Manager, the Command Prompt window, Windows Defender and other software that might be used against it from running properly, if at all. It also covered up most of the desktop so that you couldn’t see what you were doing anyway.

    I first tried following instructions from several websites and using a number of automated malware removal programs to remove it, including Malwarebytes Anti Malware and rkill.com. As excellent as this advice and software may be, unfortunately it did not work in my case and Security Tool was still there. Part of the problem may be the way Security Tool identifies its executable files and processes with a numeric string, for example, “4946550101” is mentioned on some websites. But Security Tool can morph itself, changing the identifying string to thwart countermeasures. However, ironically this string is also its weakness.

    Here’s what I did next. I noticed that after rebooting the PC, Security Tool would automatically start up again, so I rebooted into Safe Mode with Networking (just Safe Mode would also be fine) and ran msconfig, where it is possible to inspect the Startup processes. The one we wanted stood out because it was identified by a numeric string instead of a legitimate name. Once we had this string it was a simple matter to search for and delete its entries in the registry (using regedit) and then to search for the similarly named files and delete them. Reboot – problem solved. (Cautious people might like to back up the registry first before editing it but as it is infected with a virus, at this stage there does not seem to be much point.)

    I hope this simple solution helps others.

  45. jim

    I fell for the scare wear and paid. I have now started in safe mode and restored it seems O-K but now what? Do I put a stop to my card or am i just out the 80 bucks?

  46. Gordy

    I tried Brian’s approach and it worked like a dream. Once I identified the offending file, I just dragged it to the Recycle bin. When I rebooted normally, Security Tool was gone! I then just dragged the desktop shortcut to the Recycle bin and I see no more vestige of Security Tool. Nothing in the task bar either, as John Prescott found..

  47. Jenny

    Thank you thank you thank you!
    I’m not particularly computer savvy, but when this nasty bug arrived on my computer I was devastated. Couldn’t do anything without a pop up popping up every other second, couldn’t start word, task manager or anything. Thank God I found this site and SUPERantispyware worked a treat to rid my computer of that nasty, evil security tool. I’m not really one to post messages, but when I saw it had gone I could have cried with happiness. Thank you for your altruism in making it free. xx

  48. Bryan McMahon

    Hell,I just got infected with the security tool virus,and succesfuly removed it,my comment is”is this not illegal?can the owners of this software be sued?this is extortion.

  49. B2BScheib

    All of these bogus ways of downloading software to delete these files is RIDICULOUS!

    Here is a simple step-by-step to remove this stupid program.

    1.) Boot your computer into Safe Mode (with or without networking)

    2.) Once in Safe Mode, click Start.

    3.) Click “Run” and type msconfig.

    4.) Move to the Start-Up Tab and locate the four numerical (eg. 71236892) processes that run on start up. Uncheck their boxes. Blose MSConfig, but do not restart.

    5.) Click Start > My Computer > C:Local Disk > Users > usernamehere > Applications&Data > numerical (eg. 71236892). There should be four folders with numerical headings. Delete them.

    6.) Empty the Recycle Bin.

    7.) To make sure all the files off of your computer, Start > Search > All Files and Folders > “Security”
    All instances of “Security Tool” but NOTHING ELSE may be deleted.

    8.) Restart your now virus-free computer.

  50. BlueBrazilian

    Heres a nice easy way to get rid of this without downloading anything.
    1. Start your PC in safe mode (press F8 when your PC is starting up)
    2.when in safe mode , check your desktop, Security Tool places a shortcut icon on it.
    3. Right click on the icon, choose properties.(deleted your shortcut item – go to step 7)
    4.Click on the “find target” button – this will take you to the folder where ST is hiding.
    5.The folder name is a number, 67XXX something can’t remember, delete this folder.
    6.In Vista the path was c:\program data\67xxx\67xxxx.exe (note program data is a hidden file, you have to set up explorer to view hidden files)
    7.Last thing to do is remove it from startup, press your start button and then “run”
    8.type MSconfig, cick the startup tab.
    9. uncheck the box, if your unsure what its called, look under the “command” this shows you where the startup item is located, which is also helpful if you’ve deleted the shortcut Item. take a note of the path which should be similiar to step 6.
    10.once you’ve unchecked the box, restart your PC and all should be good.

  51. Jennifer Cruz

    I have found the security tool files and tried to delete them, but it’s “not allowed”. I have downloaded Malwarebytes, and Microsoft’s Malicious Software Remover. The problem is, after I download the install.exe files for the software, it won’t open. I’ve tried everything I know to do. I can’t open .exe files, and I can’t open add/remove programs from the control panel. I also can’t open system restore…help me pllzzzz

  52. Mia

    thanks alot!. i tried using the taskkill but my pc kept on saying it couldnt find the ‘taskkill’ folder. anyway, i went to C:/Documents and Settings/All Users/Application Data then i open the folder with numbers then i renamed the security tool file there by adding more numbers to it. then i LOGGED OFF. that killed the process. i then installed your Superantispyware and scanned.

    thanx again

  53. Marc S

    Thank you very much for VERY useful article! It made me save a lot of time.

  54. Stan

    I just finished dealing with Security Tool today. It manifested itself a bit differently from what was mentioned above. This means the creators approach and methods are evolving. If I had fallen prey to their scam and bought it, I would cancel my credit card and have the CC company reissue me a new card – why take any chances?

    After booting in Safe Mode, loading MSConfig and electing to boot without loading any startups, etc., Security Tool continued to load. It was tougher and more nasty than ever. It had loaded a file into C:/Windows/Temp as “_x08.exe”. A startup entry in MSConfig Startup pointing to that file existed, but unchecking the entry and rebooting had no effect. Security Tool would replace and reactivate that entry thus making it very hard to disable it. I was not able to clear it until I found references to it in the following places and deleted them:

    Registry: HKEY_LOCAL_MACHINE > Software > Microsoft > Windows > CurrentVersion > Run,
    Entry was listed as “Sniffer” and executed C:\Windows\Temp\_ex-08.exe (removed it).

    Note: You will not be able to see some of the following folders/files unless you go to Tools > Folder Options > View, and then select the option to “Show Hidden Files & Folders”.

    Then I found entries for Security Tool in
    C:\Documents and Settings\”username”\Local Settings\Application Data\
    Here there were two data files that had the same icon as “Security Tool”
    They were listed as “36441” and “51939341” (names may vary)
    There was also a shortcut named “Security Tool” pointing to the above files located in
    C:\Documents and Settings\”username”\Local Settings\Start Menu\Programs

    After removing those AND perminantly deleting them from the Recycle Bin, I was able to boot normally and run appropriate scans and such. Security Tool was gone.

    While working on this for over two hours, I cannot begin to tell you all of the very evil thoughts I had about what I would like to do to the scammers that create and force such a product on all of us.

  55. Ed

    Security Tool took control of my pc tonight and I was able to get rid of it by restarting in safe mode with networking and then using the SystemRestoreWizard. When I restarted, Security Tool was no longer apparent. I think it’s gone.

  56. Kalie+

    I had this hoax on my computer and I tried almost every program to remove it, but none of them worked. I finally got rid of the virus by using system recovery. I just reset my computer to about three days before it showed up and now my computer is as good as new.

  57. Fred

    The creators of this rouge anti-virus software make me rethink my opposition to the death penalty, public flogging, and castration. I really hate these people.

  58. aaron

    how does this system restore thing work? i can get this crap off my computer. i deleted it with spybot and i cant find the security tool file anywhere but the stupid pop ups wont stop when i go back to normal mode. i really need help bad.

  59. Darin

    After days of using all these tips over and over, every time I restarted, it was back. I tried System Restore, but I could only go back 2 days and the bug was downloaded 3 days ago.

    So, I decided to right click on Security Tool under All Programs in the Start menu, clicked properties, and clicked the Find Target tab. This opened up windows and highlighted the Security Tool icon. I right clicked on it and then clicked delete which sent it to the recycle bin. Then I emptied the recycle bin, restarted the computer and it is GONE!

    Thanks for all the tips! The Superantispyware found some other stuff, so I’m thankful for all the FREE advice!

  60. Female

    Guys, I tried doing what was written on this website, and it didn’t work for me. When I tried to type in that phrase inside Run, it wasn’t working, even though I substituted my username in the phrase. I tried a couple times, and it still didn’t work. So I freaked out a bit, and then I tried opening up Task Manager. It wouldn’t open! It kept on opening and then closing.

    So then I pressed Ctrl, Alt, Delete, and then held it like that for a couple of seconds. Only then, after I let go, did the Task Manager stay open. After that, I went to Processes and tried to find Security Tool. Of course, it’s not labeled. Instead, it was a number in the list. It was something like 804133 or something. So, I selected that and clicked End Process. After that, Security Tool stopped bothering me. :) Hope it works for you guys too!

  61. Female

    Okay, so I’m back, and realized the whole Ending Process thing in the Task Manager didn’t really delete the whole Security Tool program out of my computer. So I followed the buddy’s advice on top of my comments, Darin’s, and did his whole locating target and deleting that thing. It seems to have worked iA! Thanks Darin! :)

  62. Conrad

    Okay, today I finally manhandled this stupid virus. The way I did it involves incredibly good reaction time + this guide. Myself, and (I think others here) have realized that this virus has adapted since the guide was written so that the software used (Malewarebytes, SUPERantispyware) couldn’t be opened. I did this by using task manager’s ‘end task’ function very fast. What you do is:

    HAVE ABSOLUTELY NOTHING RUNNING ON YOUR COMPUTER (Besides F’ing security tool of course). Reason being, Security Tool MUST be the top item on the list in task manager.

    Press the CTRL ALT DELETE buttons like usual, taking you to the window with 6 buttons (one of them being task manager), then click task manager. Task manager will either open for a fraction of a second, or not at all. What you do is get task manager to open for long enough for you to see where the window appears in relevance to your computer screen, and hover the mouse over where the ‘end task button’ was. It doesn’t have to be exact, just the general location. Then press the ctrl alt delete commands again, and instead of clicking the task manager button, use the arrow keys or the tab key to highlight the task manager button, and then press enter. What you do is continue this (should only take 3 or 4 times) until you have your mouse exactly over the area where the end task button is.

    Then, with one hand on the mouse, and one finger on the enter key, hit enter and immediately click. It may take a few tries, but I managed it so it really shouldn’t be too hard, and you can “end task” the shit out of security tool until it closes (which it did for me, but chances are if you read this comment a year from now the creators may have made the stupid rogue program even sneakier).

    After that I was finally able to open and run SUPERantispyware and MalwareBytes. I ran the former once and after the reboot it came back. Then I ran them both at the same time and chose the “reboot later” option for both programs, and removed the files twice (I guess?) by selecting the removal option on either programs. When I used them both then rebooted, it appeared to be gone.

  63. Roger

    I got infected too. It took me about half an hour to figure out and killed it. My OS is Window 7 Pro. Here are the simplest procedures:

    (1) Restart your system to Safe Mode by pressing F8
    (1) Find the security tool icon in all programs, right click the icon and you’ll see “open file location.”
    (2) Click the “open file location’, you will see a file name of 9 digits that was randmly generated.
    (3) Delete the file and then delete the icon of Security Tool.
    (4) Restart the system to the normal mode and the virus will be destroyed for good.
    (5) You cannot do the above procedures in the regular mode. These criminals knew how to protect their Trojan Horse.

  64. I stopped it

    if your computer installs updates while you are infected, it goets rid of it

  65. Kenny

    Thank you Roger!!!!!!!!!!!!!!!!!!!!!

  66. Lisa

    Thank you Roger!!!!! That was simple!

  67. Abby

    I run Windows XP, and I am *unable* to get into safe mode. Maybe the virus is blocking me, but F8 is just bringing me to a boot disk menu, and once I choose my disk, the computer boots normally instead of in safe mode. I’ve tried every combination of timing and F keys.

    I was able to get Task Manager to stay open on my 5th or 6th try, by opening it as soon as Windows booted up. Right now, I’m scanning the computer with AVG. The virus blocks me from visiting anti-virus sites. I’ve downloaded SUPERantivirus portable and Malware Bytes from my other (uninfected) computer to a USB drive, and I will run those next.

    Sigh … a full wasted day of scanning. I hope that those people who paid by credit card provide a way to track down the assholes who wrote this virus.

  68. Abby

    UPDATE: Following these steps has gone a loooong way towards helping me clean my computer. Thanks! SUPERantispyware found a ton of trojans, and Malwarebytes found a ton more. With Task Manager open, I ended _ex-08.exe, which is part of the infection.

    I don’t think everything bad is off my computer, as I am still getting weird error messages (a missing dll, a black screen saying wrong disk on startup), but at least my computer is working somewhat normally. I’m now running a Full Scan with Malwarebytes (as opposed to a quick scan). It already found two additional infected files. After this, I will run my normal program, AVG, and I’ll also scan the thumb drive I used. I’m still looking online to see if there are any files I should manually check for, such as malware in my registry or temp folder.

  69. Naifa

    I just wanna thank you being having such a useful website without too many hassle.. I have done what you tell me to do – Removing Security Tool – It really works. THANKS.

  70. Hans J

    Thanks for this web site! Quite easy to get rid of Security Tool:
    1. Start PC in safe mode (F8 during start-up)
    2. Click START, then PROGRAMS and identify the Security Tool icon
    3. Right click and find path under Properties (on my PC the file 999696498.exe was hidden under Program Data and Documents and Settings on the C drive)
    4. Click on the Find Target buttom and delete the folders that holds the Security Tool exe file.
    5. Then delete the short cut, and finally delete the content of the Recycle bin

  71. Paul

    Thank you soooooooo much b2bscheib, this security tool thing was freaking me out. I followed your instructions and its gone. THANKS AGAIN.

  72. Adam Ch

    I used SAS and it found the viruses but it didn’t remove them properly as they came back when I rebooted the pc. I managed to remove it by using system restore and restoring the pc to the day before.

  73. Bob Farrell

    The taskkill command cannot be found by the infected computer. Is SECURITY TOOL responsible for
    this or is something else wrong?

  74. Rene`

    None of this worked…. so should I just use System Recovery????

  75. Nikunj Chandak

    this is simple..
    100 % WORKS..

    1. go to start.all programs.right click on this security tool shit,properties and.go to the short cut tab.find target as..
    u will see a place in which this file is stored..it will generally be in c/documents and sett/admin/local settings/application data.
    2. now u cannot delete the file now cause it is already is use..and this shit wont allow u to stop the use.
    3.now reboot and as soon as ur comp starts..press ctrl + alt + del and go to task bar…go to processes in that and u would find that number again..end that task..”end now”.
    4.now relax..go to wherever the file is located and delete it…
    done.

  76. Yiorgos

    Follow the below steps if you still can’t get rid of this malware.

    If your system has been meshed up or you can’t do any of the above,
    just put a Linux live CD (Ubuntu is easier)
    and mount your C: drive.
    By booting from Linux you will gain a full control in your files during the whole process of removing the virus without anything to block you.

    Then make a search in the whole C: drive looking for the suspicious file.
    Just make a search like

    *0.exe
    *1.exe

    *9.exe
    until you fine this file consisting of digits.

    Write down the exact name.
    Delete that file.
    Make a search of this exact name and delete any other entries.

    Then your system is back. You can safely log in to your windows
    and be able to run the recommended tools to remove the malware remnants.

  77. Hungryolle

    Roger you’re a legend!!

    I think tried it all, started scanning with Superantivirus but to no avail, it just kept coming back. Over the next few hours I scanned repeatedly with Superantivirus, Malwarebytes McAfee etc etc – nothing helped, soon as I re-booted it came back. Next I tried the taskkill trick – that didn’t work either.

    Almost ready to give up when I read your VERY simple solution which worked perfectly!!!

  78. kalaiku

    what do I do if the Ctrl+Shift+Esc doesn’t work?

  79. Jason

    Thanks Roger, your method worked for me. Win 7 OS.

    Next question – how to get revenge on the jerks who created this thing?

  80. WarriorKalia

    Strangely, I did what Roger suggested immediately upon seeing the program pop up. Just ou

  81. WarriorKalia

    just out of instinct. I have yet to see whether the thing worked, [I rarely restart my computer, so I guess it didn’t have the ability to get fully entrenched- I started the task manager just fine. Although I think it was open anyway…] Will get back to you if it does.

  82. Paul

    Roger you are THE MAN! Thanks heaps for a no frills, easy fix to an annoying problem. You really know your stuff.
    Thanks again.

  83. Almost crying...

    Thanks Roger… worked a treat! Tears were on their way a few minutes ago until I read your suggestion. Now… how to recoup those lost hours of sleep….

  84. Mikey

    Had Security Tool on a colleagues computer. I tried the tools mentioned above to no avail but then I remembered something that worked on a similar malware infection. I ran a system resore to a week before the infection and, hey presto, Security Tool was gone. Checked the system registry…nothing. Checked msconfig….nothing. Fingers crossed I got it all. =)

  85. ITS GONE!!

    wow thanx alot Roger u saved me XD
    but to all of the other comments, what happens if i didnt have those numbered folders? the only thing i could find was the numbered exe file and the start menu shortcut?

  86. dj

    Oh my, it took me a few days but i got the bugger thanks to all this good advice but I doubt I can remember all I did except for finding it and having to rename it and using task manager and delete! I ran superspyware, do I really need to do malabytes too?
    I didnt see if this virus actually STEALS anything tho? DOes it?? Like passwords, etc?
    How did we get it??

  87. dj

    PS another ? tho, when I try to do system restore, I get this popup asking which account user do I want to use and I click on it but it won’t open anything? I”m on XP. Thanks

  88. Peri

    My usual trick for closing virus’ like this is to log off (im using windows 7) and wait for the forced restart button to come up. (when it’s closing down programes) and then click cancel. It seems to kill the program and stop it from restarting. Then malware bytes all the way.

  89. Tegan

    Running Windows 7, tried at first booting into safe mode and running Super Anti Spyware as suggested… got rid of over 600 adware (-_-) and a few things that were named something like “fake trojan” but when I booted back into normal Security Tool still started up… so I tried a suggestion from the comments which worked for me!

    Booted back into safe mode, searched all programs and files for “Security Tool”, found the shortcut. Right clicked, chose “open containing folder” or “open file location” something like that. The program was named something like “14808.exe”, deleted it. Booted back into normal mode, Security Tool is gone. =) Running Malware Bytes now to make sure all its constituents are gone…

    My laptop (which was given to me by my university) came with a program installed called “Symantec Endpoint” – not sure if it’s a normal Windows thing or if my university installed it? Anyway, it’s still coming up with notifications periodically. It just came up with 118 of them at one time, all say something like this:

    Scan type: Auto-Protect Scan
    Event: Risk Found!
    Security risk detected: Trojan.FakeAV
    File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ69D2.tmp
    Location: C:\ProgramData\Symantec\SRTSP\Quarantine
    Computer: STUDENTWIN7
    User: Wildcat
    Action taken: Cleaned by Deletion
    Date found: Friday, October 01, 2010 1:39:13 AM

    It’s a little concerning but at least it says “cleaned by deletion” — before similar notifications were coming up but saying “access denied” or something similar, which I’m assuming was the work of Security Tool blocking real anti-virus programs.

    Anyway I hate these viruses and am glad to have found a good way to get rid of them without having to get my hard drive reimaged! (Which is the only service the university tech center offers if you come to them with a virus.)

  90. Jen

    I just wanted to add that I found this virus file in the c:\users\AppData directory. It did not have a subfolder or a desktop icon or even an shortcut in the start menu. This file did not show up in the msconfig startup items either. The SUPERAntispyware did not find it either. I manually searched for it using *0.exe, *1.exe, etc. I was able to delete the file in safe mode. My file was called 1392051.exe (but I think that is different for everyone) and had a recognizable icon (although that will probably change in future versions to hide better).

    Windows 7 OS
    I have no idea which version of the virus I had but it seems to be hiding itself better and better.
    Infected Date: 9-30-10

  91. Ruthless Dutchman

    I’m sure there must be an easier way to solve this…

    My computer received the virus after my younger sister innocently went on a website to help her research with her homework (Facts about planets, and it was within the first 10 results!!!), unfortunately I suspect this site had the virus hiding in the shadows. I noticed that when I turned on the computer a ‘Security Tool’ program popped up, immediately I thought there was something fishy about it since we already had AVG (the free version) so I asked everyone if anyone downloaded a program (to which I found my little sister and the website thing), and to comfirm my suspicions about it being a virus, everytime I tried to open the AVG User Interface the program popped up saying it was infected by some Worm/Trojan/Virus/etc and blocked it, doing the same to Spybot – Search & Destroy… Thing was, everytime I clicked on it, there was a different virus or problem with it, showing inconsistency which confirmed that it was just scareware.

    After attempting to manually delete the file (I found the root folder where the program was hiding by right clicking the shortcut and clicking ‘find target’). This opened the folder where the virus was running from, two folders with numbers for names were there with the same icon, and a modification date of today. I couldn’t delete one of them, which was the one where the virus was running from (Windows said that I couldn’t delete the file because the ‘disk is write protected or the program is currently running’, a respectable windows feature preventing you from deleting running programs, but I wanted to delete it.). I searched around the computer hoping that task manager would help, unfortunately it blocked that too. I couldn’t restart in Safe Mode since holding or tapping F8 caused a hardware error.

    Then I thought I had a stroke of genius, partially thanks to recently watching ‘Troy’ and having the ‘back door trojan’ idea in my head. I switched off the internet box, hoping that this may cut off the ‘oxygen supply (so to speak)’ to the program. And eventually the program decided to Blue Screen the computer… I noticed it didn’t look like the usual blue screen that I usually know (not saying my computer blue screens a lot!) and to test this I pressed Crtl-Alt-Del… and task manager flashed for a split second… I realised that the virus ITSELF stuck a phoney blue screen up and otherwise the computer was running normally (to whatever extent normal was), or course before I realised this I pressed the power button and the computer was logging off and shutting down. Upon restart it did the same as it had done before, the program loaded and began a scan, which I cancelled.

    I contacted a friend about the virus who happened to have the same incident a while ago, and he found a way to get rid of it (through the wonders of internet research and youtube)….

    Find the root folder where the virus is, rename the ‘[random numbers].exe’ to something different, restart the computer and now that you have renamed the file, the virus startup program can’t find the main program so it won’t load, now you can delete the shortcut, the renamed folder any the virus is gone! As far as I know anyway…

    The best part of this is that NO PROGRAMS HAVE TO BE DOWNLOADED, and you don’t even need the internet to fix it! I suggest that as soon as you notice you have this virus, turn off the internet box while having this page loaded (preferably on a different computer) and follow the things I did, you should be able to get rid of the virus without the hassle of downloading free software (although I understand the long-term benefits to these programs I prefer not to stuff my computer with truckloads of antivirus programs).

    I’m currently running a full computer scan with AVG and then going restart the computer to confirm the virus’ ‘EXTERMINATION’ (Yes, I’m a Dr Who fan :P ). (BTW I’m typing this from a separate computer in order to not disturb the scanning process)

    I found this virus to be quite well designed and the programmer who made this is quite skilled at programming, although I’d rather this guy (or gal) use their skills more profitably. (I’m asking myself now why the hell I’m praising the programmer for a well made virus, something not right here? XD )

    I have windows XP with ‘AVG Anti-Virus Free Edition’ and ‘Spybot – Search & Destroy’

    Infection Date: 02/10/10 (English calendar, 2nd October 2010)
    Cure date: 02/10/10

    A fellow Geek logging out,
    The Ruthless Dutchman

  92. Ruthless Dutchman

    I apologise for the incredibly long comment, and the overuse of brackets, and the lame humour I attempted to put in. But I hope it has helped many other people.

    – Ruthless Dutchman

  93. leslie

    i tried everything and it all failed for me so i did system restore!
    it worked!!

  94. Ruthless Dutchman

    You tried my way? No downloads needed, not any system restore or anything new to learn, no dowloads. Just simple rename, restart and delete!

  95. Jc

    This saved my life. Thanks!!!!

  96. Connfused?

    WTF!!! i cant get eany of the steps 2 work iv tryed everythin what do i do!!!!!!!!!!!!!!! HELP PLSSSSSSSSSSSSSS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

  97. Nidya

    Malwarebytes is the best, I’ve tried some of the ways to remove this virus and still not success until I use malwarebytes in Save mode and do some scanning and remove the virus, then My Computer is Back to Normal :)

    Thanks Admin

  98. Tiffany

    I have this thing on my computer. It wont let me open ANY KIND OF PROGRAM that may be able to help get rid of it. I have Windows Vista and there IS NO run button on the start menu. I have no idea what to do and I have no money to pay anyone or anything to fix my computer. HELP PLEASE!!!

  99. Tiffany

    ALSO I CANT FIGURE OUT HOW TO GET INTO SAFE MODE. I TRIED BUT IT DIDNT WORK.

  100. Angel

    If you’ve just opened your PC, race against the Security Tool by Ctrl+Alt+Del during the computer is loading programs…. Try it, works for me but I know its still not removed and my programs were working well when I do it… :D

  101. David

    Thanks so much for that. I found the easiest way was to open windows in safe mode, downnload malwarebytes, run scan, kill virus….. Done!!!! Easy as 1 2 3…. Thanks everybody fir making this so easy.

  102. rainet

    For my desktop i had to shut down and start up, then QUICKLY press win+R (then taskkill /f /fi “username eq administrator”), before security tools had enough time to load up (it wasn’t even letting me play spider solitaire or open itunes if i let it load). from there i could open the task manager etc. For me, I had to win+r pretty much right after I entered my account password.
    But thank you so much for this guide, I would have hated to bring my computer back to get cleaned and waste another 90 bucks.

  103. Tom

    worked like a charm. thanks!

  104. Paul

    the authors of this attack seem to modify its behavior pretty often. for example, i just spent my sunday afternoon cleaning up a windows 7 system in which (1) the desktop link was not installed (making it harder to find the .exe manually) and (2) the .exe location had shifted to \Users\\AppData\Local\.exe (which is a bit different from what’s reported above, just a few weeks ago). the attack managed to get past mcafee antispyware/viruscan enterprise (!).

    given that one doesn’t really know how deep the trojan has managed to inject itself, it’s not clear how much one can really trust any fix that involves booting the infected OS. so i yanked the hard drive from the infected system, put it in an external enclosure, and attached it to a clean system (making sure that AutoPlay was turned off!). then i ran SuperAntispyware Portable on it. i did have to do this twice because i forgot to “Update” the signatures first, and the signature file built into the downloaded executable wasn’t able to find the most recent version of SecurityTool (!). but after updating, it found and quarantined the SecurityTool .exe file.

  105. Paul

    the above filename should have been \Users\AppData\Local\(randomnumbers).exe, but i used characters (angle brackets) that were eaten by the formatting here. sorry.

  106. jerry

    your help would be greatly appreciated.. :)

  107. John

    I have had Security Tool last Sunday and I removed it within 30 minutes, only because my girlfriend’s account I was working on was user-priviliged and had no admin rights. What happened was that I got an update message for Sun Java 6 (yes, I know that that no longer exits as Sun is taken over by Oracle, but we had a death in the family and I was not really discriminative in what I saw and klicked…) So I klicked it and something installed yielding a barrage of virus, trojans and worms messages. Furthermore, I could not start anything anymore.
    I knew I was user privileged so the same messages as seen here above did not make any sense. Systemfiles could not have been altered. So I created a test account and on that account all worked well, no problems whatsoever. I figured that something must have been installed in my own account… and yes… I found an exe in Apps…. killed and removed that while being in the testaccount and removed also a folder, named Sun, that was created at the same time as I erroneously accepted that install.

    Since then no more Security Tool messages and all works well.

    Morale of this: do not use an admin account while being on the net!!

    User privileges will force the infection to install in the user account and nothing more. It saved me a lot of hassle.

  108. marta

    Hi,
    I managed to remove it launching the task manager very quickly when windows was still starting, and then cancelling a process called 05864404.exe.
    Once this process was cancelled I could run malwarebytes and it seems the problem is solved.

  109. ch

    this worked for me and was really easy
    1) Turn off computer
    2) Turn on computer and press F8
    3) Select safe mode option
    4) Once done loading it will look like really old windows setting
    5) Go to Start and in Search bar type in “System Restore”
    6) It should take you back to when your computer was fine. Press Restore
    7) It restarts computer into normal mode.

  110. Nina Knows

    It worked!!!! Thank you so much… I had that nasty security too virus and the think point virus!! I’m happy now… Thanks again

  111. Alex

    I got hit by the SecurityTool malware, which was disguised as a antivirus security measure for Google Chrome. Your advice was terrific. Thanks!

  112. Brontstar

    hay i tried the task kill thing but i cant get the username because i probably have a different type of windows so im a little stuck because it keeps coming uo with a black box then leaving so maybe it is working but security wont let it happen! heeeeeeelp iv’e tried everything but it wont work so maybe you could show how exactly to type it in the box?

  113. randika

    wow,its really worked for me.thank you so much…..

  114. Ando

    Hi person who wrote this :)
    Thank you, sooooooooooo much. This “Security Tool” was drivin me nuts!
    I was afraid that it was a virus, so i googled it and found this page ;)
    It was in my own language and all, so i thought it was OK. (the virus)
    So thank you so much. :) I tried the “Run : taskkill…” option twice, and then i was gone.. I think..
    At least it stopped buggin me :)
    Again: THANK YOU!

    – Ando (‘:

  115. john

    If you get the security Tool bug, do this…. it’s quick & really simple & removes it 100% & hassle free…. boot you’re comp in safe mode (F8 on start up then on the black screen choose to start in safe mode)…. go to the System Restore menu… this may take a few minutes while you’re comp figures everything out so don’t worry,the suggested time to roll back to should be fine, just think of how far before contracting the virus it is,then just click to get it rolling into action.It will remove it completely without compromising any of you’re system files. Then ya good to go again :)

  116. drakata3

    OK, I got Security tool nad, thanks to this site and MalwareBytes, was able to remove it. Now I found another site and the author there says that once the computer has had security tool, the HOSTS file should be deleted and replaced by a deault one. Now, I have zero computer knowledge and experience and, therefore, am not sure what to do…
    Any help will be greatly appreciated!

  117. Ineedhelp

    ummm yea, I kinda need these instructions for windows 7. SHUT UP SECURITY TOOL CANT YOU SEE IM TYPING! Its blocking my google chrome, my firefox, my notepad, and its blocking malware bytes, I need some help. I have ZERO knowlage of computers and didnt understand a thing anyone is saying here. So umm yea Any help would be greatly apreciated.

  118. Olie457

    Its easy, just boot into safe mode, find the security tool program, delete it then empty the recycle bin.
    Then reboot in normal mode and it should be fine. (:

  119. Norm2683NZ

    Thanks yet again for your assistance.

  120. harry smith

    thanks brian, your advice help me loads, really bad

  121. Felix

    Thanks man. The taskkill option worked great.

  122. Mark Howard

    EASY FIX! (at least i think it is still fixed)
    i could not access restore points from normal start up. So…. here is what i did
    1. shut down, start up while hitting F8
    when prompted, select and have computer start up in ‘safe mode’
    computer then puts up tips for operating in safe mode, including how to find and use restore points.

    I just followed those directions. Very easy. The virus did not disable restore points in safe mode like it did normal mode.

    Let’s all wish for an early painful long drawn-out death for the creators of this and all virus’s

  123. Andrea McManus

    I have tried all the above but windows is still saying that it cannot find ‘taskkill’
    Can you help please?!
    Thanks
    Andrea

  124. tc

    Well done guy’s the safe mode gets rid of it…
    bring back hang drawing and quartering in public I will pay for a front seat.

  125. Jonas

    Everything was locked down on my friend’s computer…. none of the stuff mentioned here worked. Finally just searched all the common locations for anything out of the ordinary and BAM! C:\Users\[username]\AppData\Local\44596.exe Wiped everything in the security tab and denied all to the Everyone group then logged off and back on. Neutered… Recommendations: If you can’t access something in the security tab or the tab itself or the file properties, try closing everything and trying again. If that still doesn’t work, try restarting your computer and try it again. Hope this helps someone.

    O/S: Windows Vista Home Premium 32bit
    Virus removal tools used: None

    Virus – 0
    Me – Undefeated

    -No trees were harmed in the transmission of this message. However, a few billion electrons were temporarily inconvenienced.

  126. Evan

    Thank you so much! Security tool was bothering me like crazy but now thanks to you its gone!

  127. TomD

    In Windows XP in normal mode I right clicked on ‘Start’ and selected ‘Open’. Opened the ‘Programs’ folder and there was the shortcut for Security Tool. Highlighting this showed where the program was hidden. I moved the shortcut on to the desktop, rebooted and run PC Tools Spyware Doctor as soon as possible. It located and wiped the shortcut. I deleted the rogue file. I’ve rebooted a couple of times since and so far no sign of those lousy pop ups.

  128. Noah P

    There is a MUCH easier way to get rid of this rogue! Follow these steps.
    First, restart your computer. As soon as the Windows desktop loads, and I mean the INSTANT it pops up (after you enter your password if applicable) hit ctrl+alt+delete and open your task manager. If you did it right, you should have beaten the auto-run programs. Within seconds Security Tools will pop up with it’s usual scare tactics (you don’t really have any virus… well you might, but not the ones Security tools is telling you about). Anyway, you should now be able to end the process. This is the first step to deleting any program, you have to close it first. Security tools is pretty good at not letting you close it, but this is a backdoor that it doesn’t seem to account for. Now, in your start menu, there should be an icon for security tools. DON”T OPEN IT. Rather, right click, hit properties and then “find target” this will take you to the folder where the .exe exists. Delete it and empty your recycle bin. Done.

    If you wait too long to ctrl+alt+delete after start-up, security tools will open and you won’t be able to get the task manager open. Just restart and try again. Remember, end the process and delete the program, it’s that easy!

  129. Noah P

    Just a quick note on task manager. Once it’s open go to the “Applications” tab. Right click on “Security Tools” and pick “Go To Process” this will take you to the process tab with the Security Tools process highlighted. just click the end process button at the bottom. Done. (except for the deleting the program part, for that read the above post.)

  130. Angie P

    I paid for this crap and now I think I did a bad thing. Was I wrong to buy this? Now what do I do. Will all my information be stolen because of this. I am so scared. Please help

  131. shahab

    hi all
    never pay any money to these fucking asshole,
    you can solve it by yourself ,trust me
    you need to try some way that they mention here in this site ,it works but it takes some hours.
    I solved it by using Malwarebytes not in safe mode you must restart yr pc and run Malwarebytes very fast
    before that fucking security tool goes up
    hope u all be successful

  132. Jordo

    Noah P…you’re the best! This worked for me on the first try (after I wasted a bunch of time trying the other suggestions). No safe mode necessary, just a quick click finger. The process was named with a string of numbers like 242345665.

    BAM…Security Tool can EAT IT!

  133. Andy M

    Hi guys,
    This is a great article, but alas none of the steps seem to work on my friend’s daughter’s laptop, as the Security Tool program seems to run even in safe mode, and when we try to run any program, or even the command prompt, the malware shuts it down straight away.

    Any advice how to neutralise the malware so I can at least get into command prompt or an anti-malware program?

    Thanks in advance.

  134. Tammy

    Hey

    I just had same problem it took over my entire computer would not allow me access to certain things and blocked me out. I finally got it removed with simple task. If you pull up start menu, find security tool and right click on to that or find path to where it is. Right click on its security you will see it has access to all, edit and deny then click yes. I then ran adaware and quarantine the rest of the cookies from it. I just finished this task within hour ago and i have not notice it popping up and i have access to my drivers and all other programs again. Hope this will help and seems to be very simple.

    Good Luck

  135. Tammy

    When i meant it had access to all when on properties for security tool mine had systems, hpuser, and administrative. Each on i select edit and denied access to all and this has worked.

  136. Ags

    Thanks for the information! Just follow the steps in this article and you should be set. It took a while, but I finally got rid of that bloody Security Tool BS.

    Thanks again.

  137. Terry

    Spent 5 hrs trying to remove this puppy. Eventually had to do 4 things
    1. Go into safe mode windows xp with networking and run the super anti spyware free version detect and removed “rogue security tool”.
    2. Re booted into normal mode and pop ups were still there!
    3. Re ran the super anti spyware in normal mode. This time however it didnt block it ,so it ran successfully and I detected and removed the rogue security tool again.
    4. Re booted again in normal mode and eurika ! I cannot begin to express the relief

  138. Siva

    I hv just solved Security Tool prob in my pc based on steps provided in this article.
    Thanks for all.

  139. austin

    I did the steps exactly as said, It took a few times to do taskkill but after the 3rd try, I ran it again 3 more times,

    CTRL+ALT+DEL, look for the processes that have a bunch of numbers, there are 2, and end process, run taskkill again

    repeat these steps 3 times,

    Download superantispyware, and the Mbytes, run those

    As well I recommend running Kaskersky Antivirus after those steps are completed.

    Thank you this information was very helpful!

    What are the legal issues with security tool, can’t they get into trouble for distributing this? I think it should be illegal.

  140. Andy

    Security Tool Kiss my ass! All aboard noah’s ark…..

    Cheers Noah you are the man! Sorted that pesky problem out in no time thanks to your top-notch advice.

  141. abdirahman gaas

    thnks noah

  142. Lucie

    Thank you Noah P, easy few steps and the bug is out of your computer. Great advice!

  143. ken

    So irritated by stupid virisus like this. These people are nothing but thieves and low lifes. Your taskkill under run absolutly will not work on my pc for some reason

  144. sheetal

    Right click on this tool and find target and delete from this location

  145. ken

    Wanted to inform you that another way to rid this irritating virus is to reboot pc into safe mode as stated and just run a system restore to before the virus. Works perfect and no signs of virus at all

  146. lester

    I too had to remove Security Tool,thats the last time i try to view pic from someone i dont know.They were sexy pics,thats what roped me in.Tried everything listed above and im lucky we have four accounts on our PC.It didnt effect all accounts thankfully.Mine woudnt let me open anything so i downloaded MBAM its a trial version,useless.Superantispy also usless.im running win7 so Mic.Sec.Ess.worked right away.Thank you how to geek forum I can now ignore sexy pics again.Oh yeah my safe mode was unusable.so try it ,down load MSE on another account it takes a bit to scan but its worth it…..:)

  147. anirudh

    i tried doing the 1st method of using run command but it failed

    now what to do

  148. Dave

    i found that using system restore,repeated clicking inbetween closing security tool popup and after several times system restore catches.Then after restored delete all restore point except most resent.Then i used malwarebyts and ccleaner problem solved.

  149. Bill

    Thanks, Geek! Follow the Geeks advice step by step! I started with “Removing Rogue Fake Antivirus Infections (General Guide)” just as he says. Wouldn’t let me go to safe mode, but the geek told me how. With patience, this works!! Found out I had all sorts of infected stuff…… My scan lasted over an hour using both pieces of software in safe mode followed by a scan with my normal antivirus…

  150. Gem

    for windows 7.
    restart on safe mode.
    click start button.
    type on search for “security tool”.
    right click, then click open file location.
    delete Security Tool, represented by numeric string file name.
    delete from recycle bin.
    re-start in normal mode.

    these scoundrels deserve to die or better suffer serious ailment, with their flesh rotting worse each day.
    people, if you are prompted to pay online for uninspected stuff, no matter how compelling it may seem, think twice or more, most likely it’s a hoax.

  151. Gem

    unexpected stuff

  152. Prutt

    I had this pop up on a dell with XP sp2, all i did was boot to safe mode, system restore, search manually for security tool, delete all remaining files and Its clean!

  153. Sree Thampi

    GUYS LISTEN UP:

    Removing Security tool infection is the most easiest of all

    all you need to do is follow these steps:

    1. enter safe mode w/n(tap F8 right after u start the computer) no pop ups in safe mode

    2. enable hidden file options (run window – control folders)

    3. go to the location:
    XP C:\documents and settings\(current user)\application data
    vista , W7 C:\users\app data\local

    and u’ll find a randomly named number file

    example: 73453495.exe with a blue icon next to it

    select that hit shift+del

    security tool is gone!!

    cheers

  154. Keith

    Security tool took hold of my w7 yestarday. Started in safe mode and right clicked on security tools. Under properties clicked on (go to file location) Deleted file and then deleted shortcut. Deleted filed in recycle bin and restarted computer. No problems now.

  155. Diego

    Or just go safe mode and delete the aplication… Duh!

  156. Manül

    @Noah P
    Thank you
    Thank you
    Thank you very much! Got rid of the sh*t in less than five minutes, including the reading of your instructions!

  157. robert mcculloch

    that virus i found would not let my dodo connect to the internet so started computer in safe mode and was able to delete it i was then able to connect to the internet and download the superantispywear and run it also i even tryed using brute removal but it told me that that was a virus after deleating the spywear the computer worked ok so i could get on the net to fix it

  158. Cutis

    Haha my half brothers girlfriend came to me with this virus. I think the thing that really gave it away was the fact it asked for your credit card details. But I loved the fact it poped up saying there were people trying to connect to my computer… when we weren’t even on the internet

  159. lupe

    i had microsoft security essentials and i still got the virus. i couldnt get rid off it until i disconnected my self from the internet and was able to delete and remove all the files it had regarding the virus. after i got connected back to the internet and scanned my computer with micrsoft security essentials and it worked. thank you for all the information you’ve given me. now i know where to come if any other problem occurs. thanks!!!

  160. rachel

    hi, i have got this application called ‘security tools’ which keeps appearing. i have tried to follow the steps above but my computer just keeps shutting down. i have tried it in safe mode with networking but even then it still doesnt work. as well as this, it will not let me download any software to get rid of it.will you be able to help me with this problem? thank you.

  161. Peter olijnyk

    Easy way to get rid of this security tool
    1. Re start computer
    2. As windows opens. Hit ctrl alt delete to open task manager. This needs to be done quickly and soon as windows starts
    3. task manager will open before security tool
    4. Find the program security tool or it’s exe file. Mine was a 5 digit number
    5. Stop the process
    6. This disables program but DOES not remove it
    7. Download malwares tool and scan computer
    8. Remove file once found. Re start computer
    9. Do full system scan with your virus scanner
    10. Do same with windows malicious file removal tool to get the broken infected files
    Note.. My security tool buried itself inside my auto cad program and opened when I imported some files. I’m running 3 virus protectors and it passed all 3 because the virus is written as a self installing program that by passes security. It’s not dangerous just a pain in the bum as it hold computer hostage. It can’t send out information and all “warnings are fake”. The government needs to shut them down and jail the owners as legally they are trying to extort money to free your computer. Report all incidents to authorities and police fraud. If you have virus scan and windows tools. It’s very hard for anyone to get your information. Be careful of free wi fi spots. Like maccas or any that don’t have passwords. Email me peter.olijnyk@iinet.net.au for personal help if you are still stuck.
    Do not give security tool any money.
    Thanks. Hope this helps

  162. Steven

    I fought this Virus for 13 hours, and Yes I know nothing about computers, Obviously!!! I followed what Terry did (Post on Nov. 14,2010 11:04am), but as super anti spyware free version scanned, it would not completely finish before being shut down, but within the first 5 mins of the scan the Trojan and rogue security tool were noticed, so after 5 attempts, I just stopped the scan and removed the security tools from my PC and then rebooted. Then I ran a full scan and clean as a whistle.

    I have to agree with some of the post, if you are a “noob” at understanding how computers and this crap works, then don’t get in a hurry, read everyone’s post, be patient, but you will win in the end. And the Annoyance of this virus will be dealt with.

    One thing I notice people never say where they got it from, I got mine from my kids playing games on one of those free game sites. Sponge Bob did it!!!! lol It happens and lessons learned. Thanks for the post and the help from howtogeek.

  163. Andi

    Thank you, thank you, thank you!!! This popped up on my husbands computer last night. I downloaded the super anti spyware first, took about 40 mins to run the scan, then restarted the computer. Couldnt get safemode to come up so I shut down the computer, restarted it and got into safe more and downloaded and ran MalwareBytes. This also took about 40 mins. Restarted the computer and it was gone. I have mcafee and tried that first but the computer shut down by itself about half way through. Ran a mcafee scan once i was all done and everything was gone. I noticed though that my husband didnt have mcafee automatically scanning for viruses, he’s only had the computer for about a month and it hadnt ran a scan since he got it. I’m not sure where he got the virus from, he said he was on facebook when it popped up. Frustrating as viruses are this worked. The only trouble i had was finding it once i downloaded it. I didnt pay attention to where it was saving it at. It ended up saving it in my music file. Thanks howtogeek, my husband thinks im a computer whiz now.

  164. Davezilla

    Like so many others here, my 11-year-old daughter panicked and clicked on the wrong button when this popped up on her computer. I ran her virus checker – Webroot antivirus with antispyware. It found it, and supposedly got rid of it. Of course, it came right back. So I went into safe mode, ran a scan again, supposedly got rid of it, and again, it came back. I went through this routine for about an hour, and every time, it came back. Then, like others here, I noticed that it had an entry on the start menu. I went into properties, brought up the folder containing the program, which was a long line of numbers like others have mentioned here, and deleted it manually. I then went back into the start menu and deleted the shortcut. This seems to have worked – so far, so good. What pisses me off is that we purchased a virus scanner with her new pc, but I had to (and was able to) get rid of this threat by my little own lonesome self. I know virus software is important – we use Eset on our computer, which is much better. But as far as I am concerned, Webroot blows!

  165. Osama

    EXCELLENT MAN I GOT RID OF THIS PROBLEM

  166. BUSH

    Where are you osama?

  167. Josie

    I FREAKED OUT! when i saw this virus had taken over my computer, and it wouldn’t let me run any executable files. i finally got it off by starting my computer in safe mode, and then just deleting the file like I would do any other file. it lives in PROGRAM DATA and has a funny name with many numbers. RECYCLE BIN! :D

  168. Mudslinger

    My recovery tactic for any kind of infection: Virus Spyware/Malware (for when basic tools like avg, spybot, clamwin, etc. fail to do the job)

    -Boot into a liveCD/DVD distro of linux (Knoppix, Linux Mint & Ubuntu are fairly good for this)

    -Mount the hard drive of the computer

    -Backup your document files and stuff you don’t want to lose (if you haven’t backed them up already) to an external drive (a large USB storage drive is often good for this).

    -once your data is rescued – then reinstall windows.

    *TIP*
    if the virus has a stronghold on boot partitions or keeps reappearing after reinstalling – you can use the linux live CD/DVD partition tools to regenerate a new partition table or format a partition. This gives windows no choice but to reformat the partitions when there is no recognized windows filesystem. Thus wiping out any functional traces of previous files on the drive.

    – once you’ve reinstalled windows – install all your reputable security software and get all updates to toughen up your system before it does anything else.

    – install your favourite applications.

    *TIP*
    Make a secondary account for yourself – give it basic permissions so that you have an administrator account AND a limited account. Use the limited account at all times unless you need to do some changes like install a program. Avoiding use of the administrator account reduces your chances of getting infected badly. (so that you could wipe and recreate the user account whenever you get a minor infection.

    Personally from my opinion – unless you got something specific that only runs in windows that you can’t live without. I reccommend giving linux a go.

  169. computer guy

    After installing, i first started to become suspicious when it would say ~”trojan found in ” (i know, as i wrote these apps MYSELF!).
    I was quickly running out of ideas on how to remove it. It wouldn’t allow ANY .exe to run (eg to load a process-killing app). It wouldn’t even run NOTEPAD!!. This is the MOST “aggressive” malware i’ve ever come accross.
    But somehow it “bit itself in the b**”, as it CRASHED, thereby allowing me to invoke Task Manager, and to remove it’s process, and all was back to normal (thankfully).
    I then, via it’s Start Menu entry, found it’s .exe location (“C:\Documents and Settings\\Application Data” –> 44750907.exe), and deleted it.
    Then as well, to tidy things up, I deleted it’s “run on startup” entry (used a startup-manager).
    Previous to that, i had one a search of C:\ for all files created (when i installed this malware). It found the .exe (as above), but i couldn’t delete it as it was still running (didn’t think to rename it). And there were no other new files on the system.
    So that was simple – no need for reinstalling Windows, or even running an anti-malware program.

  170. Ed

    I have had this and another variant and searched for solutions. I tried to run Antispyware and MalwareBytes neither of which would run. I rebooted and things got worse, I could not run anything.

    I rebooted again into linux and began researching. I came across a forum posting somewhere (sorry this was a while ago so a bit hazy) where the poster said Security Tools runs from a filename which is just a number and that it is a different number for each different computer. I think it was associated with the user profile. Anyway the poster recommended deleting it then running Antispyware and MalwareBytes and all would be well. After that deleting any proxy settings in your browser options restores internet access. So a similar solution to computer guy but the key thing is for you the file will not be 44750907.exe.

    I lloked and found a file with a numerical name AND in my case it even had a Security Tools icon associated with it. I deleted rebooted to Vista, and no Security Tools, I ran the anti programs, reset proxy settings and good as new but I do wonder what was left behind.

    The variant I had was a little different but I shut down straight away and performed a similar procedure and all was good. I have never had anytthing like this before even with years of running no antivirus software and then twice in a week.

    Hope this helps somebody

  171. FIDELIS

    There are new variants of these and they are really persistent. I cleaned a couple of computers with ThinkPoint which was really easy to clean. The Bad One was called Security Master AV.

    — Rkill.com
    — SuperAntiSpyware
    — Malware Bytes
    — Kaspersky live cd
    — Combofix

  172. Clueless!!!

    Does anyone know what happens if you enter your card details?? Do they just take the money stated or wipe your account???
    Any info appreciated please!!!

  173. Han

    Guys if you have any issues with any virus or any hacker related issues pls give me a mail or call at +917259178503.And if i am not busy.I gurantee that your virus or hacker is dead. I am not mentioning any troubleshooting because every issue have a root cause and needs to be tackled in a different manner.
    So be aware or awake when you are on Internet.Dont fall prey to any hacker or any virus.

  174. refurbman

    Security Tool
    Malwarebytes removed three Trojans and one virus initially however the “Tool” kept popping up.
    Malwarebytes has a procedure for specifically removing ST at their site I noticed in the “cures” in the comments I failed to see a mention of going to the Safe Mode (F8) at boot, then working Malwarebytes magic from there. Worked beautifully on two computers infected at the same time. I was able to download a couple of helpful programs while in the Safe Mode.
    After removal, ran Microsoft Security Essentials and finished with a de-frag.

  175. Stephanie

    I tried using SUPERAntiSpyware, but that didn’t help. I ended up restarting in Safe Mode with Networking and downloading MalwareBytes. I ran a full scan and followed directions for removing threats/infections, then restarted. Problem solved!

    Thanks for all the great tips!

  176. Elaine

    Tried super anti spyware worked a treat, thank goodness, malwarebyte didn’t work although it did 2 years ago. Think security tool as upgraded their virus!

  177. Microft® Group

    Dear Custommers Of Microsoft®

    Microsoft® is working to get standard with Windows 8 ®
    (That Will be released in 2012)
    A Antivirus Called “Security Windows Protection 8 ®”
    And It Can Stop Any Spyware , Virus , Worm , Trojans , …
    And if there will be a Virus or Spyware that “Did” infect your PC
    Then you will get Payed For that because of warning Microsoft®
    and we will Update the Antivirus and even that ‘New” Virus
    can not Infect you PC or Notebook

  178. Microsoft® Group

    Dear Custommers Of Microsoft®
    Microsoft® is working to get standard with Windows 8 ®
    (That Will be released in 2012)
    A Antivirus Called “Security Windows Protection 8 ®”
    And It Can Stop Any Spyware , Virus , Worm , Trojans , …
    Because its impossible for Any Virus To Get even Trought the,
    First step of what virusses do , so dont worry with Windows 8 ®
    And if there will be a Virus or Spyware that did “Infect” your PC
    Then you will get Payed For that because of the warning for Microsoft®
    because then we can Update the Antivirus and then even that ‘New” Virus
    can not Infect you PC or Notebook

    Microsoft® Group

  179. tommy

    this antivirus 2011 attacked into a download of EXPLORE 8… I can’t get rid of it and it has taken over my computer…I am not a geek and looks like I will have to send it into repairs..I would say that it is a crime that people can do these things and get away with hurting other internet users. What can be done against these thugs? I have re-booted, ex all the virus spyware etc. and it still has a hold on my computer. i follow the GEEK guide with no help and now my lap top is fried. I am just venting on my other computer, but there outta be a law against these hackers and their assets frozen. surely someone process their proceeds.

  180. GILSON

    EU PEGUEI O VIRUS E SÓ RESOLVI DA SEGUINTE MANEIRA:
    REINICIEI O PC E APERTEI VARIAS VEZES A TECLA F5 ATÉ O PC ABRIR A TELA DE SEGURANÇA. CLIQUEI EM MODO SEGURO E QUANDO A TELA ABRIU CLIQUEI EM NÃO E RESTAUREI O PC PARA MAIS CEDO, UM DIA ANTES. DEPOIS DE RESTAURADO, O PC REINICIOU E O VIRUS DESAPARECEU…GILSON

  181. kontrol

    Iexplore did the trick…thank you very much.

  182. kolby

    i think i got most of the malware stuff off.. but i still cant use the internet on my account.. i can get of the user accont and use the internet on the but it wont let me search anything on search engines like google and bing.. anyone know why?

  183. Jessica V

    WOWZERS! Thank you, what a lifesaver you are GEEK!!!!!
    I followed your instructions and did the following:

    1) Restarted computer on Safe Mode with Networking

    2) Downloaded SUPERAntiSpyware (took a few hours)
    then afterwards it found about 74 unwanted files

    3) Restarted the computer back in Safe Mode and downloaded
    the software MalwareBytes, it ran a scan and found more unwanted
    programs. After that it quarantined all files and I restarted the computer
    once more and FINALLY I could use my computer again!
    Back to normal!

    Thank you so much Geek! Hopefully this doesnt happen in the future again, I’ll be more careful now :)

  184. Bri

    Thank you sooooo soooo much for posting this step by step! It totally saved me!

  185. nike mercurial superfly iii

    Its like going thru chemo therapy all over again!!! Terrible breakage that everytime I was and or brush more comes out! Im having terrible flashbacks of chemo treaments. This product is the worst!

  186. Jay

    Or you could get linux

Enter Your Email Here to Get Access for Free:

Go check your email!