also @ TechSpot: Windows 8 Release Preview leaked, Microsoft may raise OEM prices

TechSpot
Collaborate in the cloud with Office, Exchange, SharePoint, and Lync.
Microsoft Office 365. Pay-as-you-go starting at $8/user/month. Begin your free trial now.

Security Tool -- please help

Discussion in 'Virus and Malware Removal' started by meg32an21, Nov 27, 2009.

Thread Status:
Not open for further replies.

  1. meg32an21 Newcomer, in training

    Hello Everyone.
    I have run into some recent problems with my school's laptops. My first laptop, the motherboard crashed on it so they gave me this loaner. I'm thinking that this virus/malware was already on the laptop before I recieved it.
    I've been trying to get rid of "Security Tool" for a while now. I have tried doing it manually through the Task Manager; however because this is the school's laptop I do not have the correct permissions to even get into the Task Manager. I have also tried downloading a few anti-virus type or programs and none will work because I do not have correct "permissions".
    Is there anyway to get rid of "Security Tool" Without going through Task Manager? Also, could this cause my entire laptop to crash or will it just be annoying?

    Thanks for your help in advance,
    Megan
    meg32an21, Nov 27, 2009
    #1

  2. AnonymousSurfer Newcomer, in training

    Hi Megan,

    Before you do anything, Please read 8-step Virus Removal and download the Programs requested in the thread, then post the logs after you have run scans. It sounds that you may have a Rogue Software, but as I stated before, please read the Thread and download the 3 programs it asks you to download. Only the 3:

    The others are not needed right now, but you may need them later.

    EDIT: I am now 100% sure that you have a virus. Looked up on google and Security Tool is one of the Rogue Software's.
    AnonymousSurfer, Nov 27, 2009
    #2

  3. meg32an21 Newcomer, in training

    I downloaded all 3 programs and with each one a message popped up saying -- HJTInstall.exe is infected with a worm....

    Also, in the process I recieved a message saying that "A problem has been detected and windows has been shut downto prevent damage to your computer"....
    & I had to restart my computer. It just doesn't seem that there is going to be a fix to this anytime soon since I have no permissions to do anything on this laptop and everything I download to this laptop is blocked because it is infected by a worm.
    meg32an21, Nov 27, 2009
    #3

  4. EXCellR8 TechSpot Chancellor

    might be a false-positive, but the safest thing to do is backup all of your stuff and then try running the HJT installer with AV disabled and disconnected from the internet. if something happens or the infection spreads, just reformat and copy all of your stuff back to the hard drive afterward. it's a pain in the **** i know but sometimes if you're unable to remove whatever is plaguing the system a reformat is the easiest route to take.
    EXCellR8, Nov 27, 2009
    #4

  5. Bobbye Helper on the Fringe

    meg32an21, please do the following:

    Change all of your passwords and monitor any online transactions.

    • Make sure to use Internet Explorer for this
    • Please go to VirSCAN.org FREE on-line scan service
    • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
      • c:\windows\system32\userinit.exe
    • Click on the Upload button
    • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.
    Also scan these,

    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\svchost.exe


    Virut is a Polymorphic File Infector that infects ..exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.
    It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker

    Good explanation here:
    http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html

    Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files.

    * Backup all your documents and important items only.
    * DON'T backup any executable files (,exe .scr .html or .htm)
    * DON'T back up compressed files (zip/cab/rar) that may con

    Attach the log in the next reply.
    Bobbye, Nov 29, 2009
    #5
Thread Status:
Not open for further replies.