The purpose of this article is to provide information about removing Security Tool rogueware and its fake virus warnings.
Security Tool: One Implement You Don't Want In Your Virtual Toolbelt
These days, most people understand the dangers lurking just outside the computer, and many even have a bit of knowledge surrounding the need to protect their machines. Unfortunately, protection isn't always as easy to come by as it should be thanks to hundreds of rogue antispyware and antivirus software circulating even well-trodden virtual pathways, and avoiding them can be rough without the right support. Security Tool is just one of those programs posing as helpful software.
Defining Security Tool
This program is classified as rogue antispyware, and it has a number of counterparts you may also encounter. It's also been called SecurityTool, and it's in the same family as System Security, which is also related to Winweb Security.
Rogue antispyware tends to be rather frustrating to users, as it has a number of properties that mislead computer owners into thinking that their systems are safe while, in fact, they've been compromised. While the software looks like it's keeping your systems safe, the reality is that it's not designed to actually protect your computer. The coding just isn't there as it might be with real security software.
Security Tool has a number of unique properties. One of the first things you might notice if this program is installed on your machine are alerts. These can not only appear on the desktop, but also within your taskbar as well. There are two fairly common alerts that most individuals see:
Security Tool Warning
Spyware.IEMonster activity detected. This is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook, and other programs.
Click here to remove it immediately with SecurityTool.
Security Tool Warning
Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss.
Click here to block unauthorised modification by removing threats (Recommended).
The other major thing people notice is the scans that run both at startup and throughout any given computing session. These usually open up the full program window, which makes it look like a very safe program. A shield appears in the upper left corner, and the program name is across the top. Down the left side are fairly common program tabs including System Scan, Protection, Privacy, Update, and Settings. The main window is devoted to the scan, and the progress of the scan. Each time the scan completes, you'll get a new window that says something like "Warning! 32 Infections Found" in large red letters. It then lets you know that programs like the ones it supposedly found can cause system crashes as well as data loss. It also suggests that you remove all of potential threats. Clicking on that button, however, takes you to a page where you can download the full version of the program.
While you're online, you may get pop up messages that suggest they're web warnings from the page you're viewing. In most cases, they say something like: "Warning!!! Your computer contains various signs of viruses and malware programs presence. Your system requires immediate antiviruses check! System Security will perform a quick and free scanning of your PC for viruses and malicious programs." You may also get notifications that say something like "Security Tool Firewall Alert: Security Tool Firewall has blocked a program from accessing the internet."
Security Tool Propagation Methods
The first question many people ask as soon as they realize this program is installed is how it got there in the first place, and there is one primary way that Security Tool can be installed on your machine. Typically web pop up advertisements are used to install a Trojan, which then installs Security Tool on your system. The web pop ups typically tell you that your machine is infected, and clicking on the pop up takes you directly to an ad that poses as an antimalware scanner. It acts as if it's scanning your machine, then suggests there are a number of different infections. The only way to cure these, according to the program, is to install the full, paid version of the program. Because it's rogue antispyware software, however, even buying the full version won't be able to offer you the results you need.
While that is the most common way individuals end up with Security Tool, there are a number of other potential methods. Peer to Peer networks could potentially install the same Trojan with similar results. Additionally, it's possible to click on a link within an email that may install the Trojan on your machine.
Removing Security Tool
If this program is installed on your computer, the best step you can take it to remove it immediately. It's important to note that you cannot rely on your current antivirus software to handle this process for you. It's rogue security software, not a traditional virus, so most virus definition updates won't be able to catch Security Tool on your machine.
That often leaves you with two different choices to remove Security Tool. First, you can manually eliminate all of the associated files and registry keys from your computer. This can place your computer at risk if you delete important system files or registry keys. Understanding how to work within your program files as well as your system registry is key to tackling that process. If you haven't done it before, it's best to have help on your side before you get started, so please feel free to contact us if you do need help. You will need to start by showing hidden files and folders and protected operating files (do change these settings back later). You can do this in Explorer via Tools > Folder Options > View. You may have to stop Security Tool processes from running by renaming its exe and rebooting. Security Tool may use randomly named folders and files, which can be recognized as an 8 digit number instead of a meaningful name. Be sure not to rename or delete legitimate files.
The list of associated files and keys (excluding randomly named files and folders):
%AppData%\4946550101
%AppData%\4946550101\4946550101.bat
%AppData%\4946550101\4946550101.cfg
%AppData%\4946550101\4946550101.exe
%UserProfile%\Desktop\Security Tool.lnk
%UserProfile%\Start Menu\Programs\Security Tool.lnk
HKEY_CURRENT_USER\Software\Security Tool
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "4946550101"
The second way to remove Security Tool is to use a respectable antispyware program like Malwarebytes' Anti-Malware 2.0. It will automatically detect and remove Security Tool from your system, but make certain you set it up to update and scan on a regular basis to keep problems like this from happening in the future. If you choose to remove Security Tool manually it's still highly advisable to scan your system anyway to make sure their are no traces left behind or downloader Trojans lurking and waiting to install another piece of malware.
