January 14, 2011

Manual Removal of Security Tool

Security tool which is a rogue anti-virus program that automatically scans the computer and will show fake security alerts, and induces users in to purchasing a fake anti-virus. It will disable all the windows legitimate programs and shows them as infected which actually are not.

Removal Instructions:

  • The first and foremost thing we need to do is go to safe mode with networking.
  • Kill the processes that are running in the background using MS-config or download Rkill.exe from the site www.bleepingcomputer.com or Process explorer.exe and run it. It will kill all the processes. Don't restart the computer.
  • Open Run and type  %user profile%\desktop which will open desktop and click on Iexplore.exe
  • Download the Malware Bytes and rename it as Explorer.exe while saving  which is safe and does not give any code 2 error while execution as Security tool thinks it as a Windows Process.
  • Run the tool and perform a full system scan on it. It will complete and show results like this.
Malware bytes displaying the results of Security Tool
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system. In order to protect itself, Security Tool changes the permissions of the HOSTS file so you can't edit or delete it. To fix these permissions please download the file hosts-perm.bat file and save it to your desktop.When the file has finished downloading, double-click on the hosts-perm.bat file and click Ok. We now need to delete the C:\Windows\System32\Drivers\etc\HOSTS file. Once it is deleted, download the HOSTS file that corresponds to your version of Windows and save it in the C:\Windows\System32\Drivers\etc folder and delete the Explorer.exe program from your desktop.

0 comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog

Followers

Categories

Twitter Delicious Facebook Digg Stumbleupon Favorites More