"Security Tool" virus - help!

Discussion in 'Malware Help (A Specialist Will Reply)' started by DMerz, Sep 24, 2009.

  1. DMerz

    DMerz Private E-2

    I have tried the malware removal instructions, but cannot perform most functions.

    I cannot run down loaded anti-virus software
    I cannot remove Viewpoint Media Player
    I cannot install Sun Java
    I cannot install CCleaner
    I cannot access mxconfig
    I cannot open my email program

    I get the "Security Tool Warning" infected with worm lsas.blaster.keyloger on most anything I try to do.

    Various warnings keep popping up. Also get a Security tool FireWall alert. It claims to run a scan and has pop ups wanting me to buy the "Security Tool" software for fifty bucks.

    System is Windows XP

    Any help would be very much appreciated.

    Don
     
    DMerz, Sep 24, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!


    You made no mention of running the below required scanning tools
    • SUPERAntiSpyware
    • Malwarebytes
    • ComboFix
    • RootRepeal
    • MGtools
    Did you try to run them as requested? If not, please try them all (one at a time).

    If you did try ALL of the above scans and none would run then do the below.

    Download and save the below to your PC (save it anywhere you can find it. The Desktop is fine). Then doube click on it to run it.

    AVPFind.bat

    It should take a couple minutes to run. You will see a black command prompt window while it is running and it should close when it is finished. Once it finishes, attach the c:\avplog.txt file that is will hopefully create as long as the malware does not block the batch file from running.



    Now download and Run exeHelper
    • Please download exeHelper to your desktop.
    • Double-click on exeHelper.com to run the fix.
    • A black window should pop up, press any key to close once the fix is completed.
    • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


    Also please try running the below online scan:

    http://www.superantispyware.com/onlinescan.html

    Reboot immediately after scanning if it finds and removes anything. Let me know if anything was found. See if you can save a log with it.


    Then try running these instructions: Using MGtools


    Attach the below logs when finished with all of the above:
    • C:\avplog.txt - from AVPfind
    • a log from online SAS scan if you could make one
    • log.txt - from exeHelper
    • C:\MGlogs.zip - from MGtools
    The C:\ assumes that drive C is you Windows boot drive. If you boot from another drive, then use the correct drive letter above.
     
    chaslang, Sep 28, 2009
    #2
  3. DMerz

    DMerz Private E-2

    I have a long response that probably doesn't have the info you need to help me, but here goes.

    View attachment mbam-log-2009-09-28 (17-58-12).txt

    View attachment mbam-log-2009-09-28 (20-56-07).txt

    View attachment mbam-log-2009-09-28 (22-11-14).txt

    I was able to get Malwarebytes downloaded before I could no longer download any anti-virus software. I ran Malwarebytes in Safety Mode as that was the only way it would run. I ran it three times. 1st result - 23 hits 2nd result - 9 hits 3rd result - no hits .... supposedly clean.

    The fake anti-virus program (Security Tool) was still there and continuing to shut things down. As I lost email and then Internet Explorer I knew big problems were occurring.

    The closest thing to a computer help shop to me is Best Buy's "Geek Squad" - 1.5 hr drive to the nearest town with any population or business's (guess you would call me rural). Away I go.

    3 days and $200 later they say I'm clean and good to go. I'm still having problems. They removed my anti-virus program (PC Security Shield 2009) due to infection. It will not load. I tried AVG free and it will not load. I ran Malwarebytes again 3 times until clean. Still will not load.

    I just called the "Geek Squad" and they say Windows installer is corrupted and I need to run the computer back to town for more lookysee and probably reinstall windows. Will get it fixed .... No more charges to me.

    Is there a way for me to do this without two more trips to town?
     
    DMerz, Sep 29, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes, just do what I requested in my last message starting with AVPFind.bat and complete the rest of the instructions.
     
    chaslang, Oct 3, 2009
    #4
  5. DMerz

    DMerz Private E-2

    As mentioned in my last message, I could not run the programs to complete the rest of the instructions. The virus stopped me. I had Windows reinstalled before I could not turn on my computer. Things were shutting down that fast.

    Problem solved. I've got my email and internet connection back. Just reloaded my Anti-Virus program.

    Thanks for the help and links. I'll keep the software mentioned in the instructions downloaded and ready to use.
     
    DMerz, Oct 12, 2009
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Oct 16, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds