January 14, 2011

Security Tool

This is a very frustrating Fake Anti-virus program that keeps on showing you fake threats on the computer and asks to purhcase. Security tool is a rogue anti-spyware program from the same family as System Security which is promoted through the use of Trojans and web pop-ups.

Attacking Mode:
  • When this rogue is promoted via a Trojan it will be installed onto your computer without your permission or knowledge and keep on attacking system's important utilities like Task manager and registry editor.

  • When promoted via web pop-ups, you will be shown a pop-up while browsing the web that states your computer is infected and if you click on the pop-up you will be brought to a page that shows an advertisement that pretends to be a fake online anti-malware scanner which will state that there are infections and then prompt you to download and install Security Tool onto your computer
  • Once attacked, the files that the program shows as infected are windows legitimate files like Internet Explorer, Mozilla Firefox etc.
 Effects :When the program is running you will be shown numerous alerts on your desktop and from your Windows taskbar. These alerts will state that your computer is under attack, that the Security Tool firewall has blocked a malware program, or active malware infections have been detected.Example:
Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss.
Click here to block unauthorised modification by removing threats (Recommended)

These notices are not real like the alerts that it show.The biggest problem this program poses is that it will not allow you to run any program other than ones required by your operating system to load, it will shut all the programs saying that they are infected which is very false. It installs itself in the name of random numbers and in Application Data folder of current user profile

In Xp it will be C:\Documents and Settings\user name\Application Data\any random number with extensions bat , exe, cfg, lnk. This is in case of Windows XP and 2000, the folder varies in Vista and windows7 it will be C:\Users\Username\application data
  • %AppData%\7895461684
  • %AppData%\7895461684\7895461684.bat
  • %AppData%\7895461684\7895461684.cfg
  • %AppData%\7895461684\7895461684.exe
  • %UserProfile%\Desktop\Security Tool.lnk
  • %UserProfile%\Start Menu\Programs\Security Tool.lnk 
 In registry it installs itself in the folder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run  to enable its auto execution at every system start up.
  • HKEY_CURRENT_USER\Software\Security Tool
We can use tools like malware bytes and Super anti-Spyware to remove this infection. Sometimes it will not enable us to download the Anti-malware tools, then we need to go for manual removal.

0 comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog

Followers

Categories

Twitter Delicious Facebook Digg Stumbleupon Favorites More