Remove "Security Tool" "Anti-Malware" Popups

Black Friday: A Day Wasted on "Security Tool" removal.

BLACK FRIDAY, AM

Black Friday, what an appropriate name. Having woken up this morning and for some reason having rebooted my laptop, I find the reboot proces is utterly slow...



"SECURITY TOOL" GREETING

Finally the laptop comes to life, I log on, and a software named "Security Tool" starts popping up, letting me know I have several worms, trojans, and other malware and that I need to download "Security Tool" of sorts ... One Blue and one Red icon appear in the system tray. With popups.

SOMEBODY WANTS ME TO BUY

It really looked more like a hard sale/marketing approach wanting me to go and visit an anti-malware site. Not buying into the suggestions, it gives me the only option to "continue unprotected" just to bug me again in a few minutes. I suddenly felt a strong urge to remove the "Security Tool".

I WANT TO REMOVE "SECURITY TOOL"

A quick search for "remove security tool" yields a site offering a purchase of anti-virus program. Here is the page: 2-viruses.com. The best part was a comment posted there by Philly Keith:


Philly Keith
October 9th, 2009 at 21:04







forget all that… try this move, it worked for me
after going nuts over this for a whole day.

Reboot in safe mode browse to
C:\Documents and settings\all users\ application data

There will be a folder in there that has
eight numbers as a name (ex 91908431)

Delete this bad boy, empty recycle bin
Reboot normally, delete all left over shortcuts,
empty recycle bin again and you are home free.
















FOLLOWING DIRECTIONS

Except that these directions look like they're from Win XP, so I found the offending directory in C:\Users\All Users\00854623 and the other place is C:\Program Data\00854623\00854623.exe . I noticed the 00854623.exe was running in the Task Manager. That was suspicious indeed.

ANOTHER BUGGER

So I followed directions but, I also noticed another bugger in the Task Manager/Processes: _ex-08.exe. Searching for this string led me to virusremovalguru.com/?p=3623 where I found advertising for Stopzilla.com. You are beginning to notice how these "helpful" sites always have something in store for you that will cost ya?!

STOPZILLA TO THE RESCUE?

[UPDATE: Please do NOT follow these directions to download StopZilla. If you do, you will have to go to the very next post and learn how to completely remove Stop Zilla and its toolbars. It ain't easy! You've been pre-warned! However, if you have downloaded Stop Zilla already, that post will save you a ton of time]

Long story short, I download StopZilla in hopes it will remove the _ex-08.exe bugger. FYI an independent search using Windows Explorer found two files: C:\Windows\_ex-08.exe-311C6F9.pf and C:\Windows\Temp\_ex-08.exe . I wanted these removed.

FOLLOW THIS LINK TO GET TO THE NEXT STEP IN REMOVING "SECURITY TOOL"

If you installed StopZilla: More on removing "Security Tool" in the next post: Adventures in the StopZilla land.

If you did install StopZilla like me: You need one extra step of removing Stop Zilla here, and then proceed from there.

ARE YOU HAVING FUN YET?

Has the adventure helped you in any way so far? Let me know, leave me a comment!

5 comments:

Anonymous said...

dear whoever suggested deleting it under safe mode- THANK YOU. this s.o.b "SecurityTool" has been bugging my poor computer for days until it was pretty much rendered useless. now problem solved. thank you

Matt | click here for other Security Tool post said...

Anonymous, Thank you for sharing your story. You can bookmark this page (using a button above) to be able to come back to it. There is another, newer post on this blog which will show you how to remove residual traces of "Security Tool" and not get in trouble at the same time. Thanks again for commenting.

Anonymous said...

This nasty bug Secutity tool has zapped my computer cannot run in safe mode cannot give commands in the run box either, any other suggestions?

Monalisa said...
This comment has been removed by a blog administrator.
Annoyances Resolved said...

Monalisa, I had to temporarily remove your comment. Your link points to 50 or so anti-spam programs. I doubt you were able to test them all out. Even more so, I fear some of them might be malware. So when you have a specific product that you can truly vouch for, you're welcome to post again. Thanks for trying.

Post a Comment