security tool

my grandson has a dell laptop running windows 7 home

he got hit with the security tool described here:

http://www.bleepingcomputer.com/virus-removal/remove-security-tool

i saw no details on avast about this malwear but did finally find a way to manually remove this crap software.

being 12 he probably said ok to install with a game we wanted to try. once installed nothing would work

task manager would launch then close with a dialogue from security tool saying his system was infected with xx infected files …over and over

notepad would not launch

regedit would not launch

well they did but were replaced with the security tool dialogues.

I know he is using only a free version of avast but it would seem to me that avast could have kept his system from becoming useless…

This program was being run from a hidden folder in windows 7 programdata folder.

i downloaded sysinternals.exe from the microsoft live support site. renamed it explorer ran it and could then stop the process that was security tool. the folder and program was a numerical name.

i did try to let avast scan find the problem but nothing happened and the normal checking methods were not catching this programs redirection activity.

Again i know its free but this thing was one executable in a hidden folder

so its foot print is fairly straight forward.

thanks

hey and welcome to the forum i suggest you try a boot scan with avast http://www.techiecorner.com/166/avast-how-to-schedule-boot-time-scan-before-window-start/. if noting is showing up i suggest you try MBAB and/or SAS and see what they comes up with.

http://filehippo.com/download_malwarebytes_anti_malware/
http://filehippo.com/download_superantispyware/

good luck and write back if you get any problems.

I am running Windows 7 and get an error saying only works in 32 bit operating system. Any other suggestions?

MBAM works on 64-bit.

You can also try Hitman Pro.

How to Start Hitman Pro in Force Breach Mode

Hold down left CTRL key while starting up Hitman Pro.

@ DrLife,

  1. Please tell me what your OS is and if you have a 32 or 64-bit machine?

  2. Please check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
    · Download free http://www.malwarebytes.org/ for an on-demand scanner.
    · Double Click mbam-setup.exe to install the application.
    · After install, click update so you have latest database before scanning.
    · Under Settings:
    o General: Automatically Save File After Scan Completes is checked off
    o Scanner Settings: Check all boxes
    o Updater: Download and install update if available is checked off
    · Once the program has loaded, select “Perform FULL Scan”, then click Scan.
    · The scan may take some time to finish, so please be patient.
    · When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
    · Click the “remove selected” button to quarantine anything found. You will find the infection details under the Quarantine tab.
    · The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    · Copy & Paste the entire report in your next reply.

  3. Update your Avast definitions, then run a Full scan, and if you have a 31-bit machine also run a Boot-time scan. Report these results as well. If anything positive comes up, put the items in the Virus Chest and Do NOT delete anything. If possible, give a screen shot of anything in the Virus Chest if anything goes in there.

MBAM and Avast work differently, so that is why I am having you run both scans. Once we see your logs, we may have you run other diagnostic tools. Thank you.

Did you run the same “Security Tool” as the OP and have the same issue? If not, please start a New Topic of your own as this will just confuse the current thread and we will help you there.

Go to this link, http://forum.avast.com/index.php, scroll down to the Avast Virus and Worms forum and click it, click the New Topic button at the top of the list and post there. Thank you.

something that should work
download process explorer from here http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
install it and kill the security tool process
download mbam from here www.malwarebytes.org

install,UPDATE,scan