poorvisol Posted October 4, 2009 ID:137884 Share Posted October 4, 2009 A rogue virus that calls itself Security Tools Anti Virus software, has installed itself on my desktop. It has disabled Task Manager and Registry. I cannot execute or open any files on this PC anymore. A message prompting to buy the software keeps popping up. It also keeps opening windows with supposed threats. I am not even able to start the computer in Safe Mode. I even copied file mbamsetup.exe on another computer, renamed it and copied it onto a USB key to transfer it to the infected desktop computer. I've known about other similar viruses out there that take for example the beeping computer. I've searched on internet and am unable to find adequate information about this particular one called Security Tools.Can someone please help me with resolution of this issue? Has someone else come across this particular virus before? Link to post Share on other sites More sharing options...
poorvisol Posted October 6, 2009 Author ID:138800 Share Posted October 6, 2009 I tried installaing HijackThis, but was unable to. I even tried renaming the file on download before saving it to the computer. I was still unable to install it. I also tried executing Win32kDiag.exe, however once more was unable to. In all the instances where I've tried to open a file or run any of the above mentioned diagnostics, the file opens and then closes within a couple seconds.Can someone please help? Link to post Share on other sites More sharing options...
AshleyH Posted October 6, 2009 ID:138806 Share Posted October 6, 2009 This is what infected my computer as well. I had some success with going into Safe mode and renaming mbam.exe but there is still something wrong. Link to post Share on other sites More sharing options...
fester Posted October 7, 2009 ID:139358 Share Posted October 7, 2009 Hi,this is just an FYIthis Secure Tool rogue is infecting my XP PC now too. (i detected it on 4 Oct 2009) I haven't tried to remove it yet, I'm trying to learn about it before I try a Counterattack.It appears to put a false desktop in front of the real one. I see my real desktop for split second before the malware screens it, and i seems to have disable all my protection software including malwarebytesI'll post more as I wade into it Link to post Share on other sites More sharing options...
poorvisol Posted October 8, 2009 Author ID:139557 Share Posted October 8, 2009 Hi festerThank you for the response. My computer got the virus on 4th October 2009 as well. I've seen a few other posts on the same issue on or around the same day. I can see my desktop if I right click on the screen and select "Show Desktop". I've disconnected the infected computer from internet and haven't tried anything since my last post. Please keep me posted on your progress. I will post here if I am able to find any solution. Link to post Share on other sites More sharing options...
fester Posted October 9, 2009 ID:140447 Share Posted October 9, 2009 I've likewise disconnected the infected PC from the internetI can boot in safe mode but Malwarebytes won't even run from safe mode.AVG & Nod32 will run but neither one even finds an infection. So I suspect that Mbam is a threat to this thing and that's why it is suppressing it so aggressively I'm going to take another run at reinstalling Mbam with cryptic aliases this weekend and see if that helps me get the tongs on it. This is a NASTY infection, i clean PCs and a large network in my day job and I can tell you this is a a sophisticated type of attack.l Link to post Share on other sites More sharing options...
Recommended Posts