Security Tool is a so-called rogue antivirus software that is distributed by various means including malicious software like trojans. It is also distributed through popups on the Internet which display a fake “the computer is infected” message to the user prompting users to download and run the tool to resolve those issues.
Security Tool performs a series of tasks once it is running on a computer system. This includes blocking legit software from being executed, and displaying false security warnings to promote a “full” version of the program that the PC user should buy to protect the computer system and remove anything that it claims it has found.
The files that it displays as malicious or infected are not in fact which can be proven by testing them with a legit antivirus software, or using the online virus scanner Virustotal.
Security Tool will add itself to the list of autostart programs in Windows. It will automatically perform a scan upon startup that will display the fake infections in the end. The “make money” part comes into play when the user tries to remove the infections with the rogue program.
The rogue AV will notify the user that a license needs to be purchased before the infections can be removed.
Security Tool
Some of the fake security warnings that Security Tool will display to the user include the following:
Security Tool Warning
Spyware.IEMonster activity detected. This is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs.
Click here to remove it immediately with SecurityTool.
Security Tool Warning
Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss.
Click here to block unauthorised modification by removing threats (Recommended)
To make matters worse, Security Tool will also manipulate installed web browsers and block them from accessing websites.
These methods are utilized by rogue software to make it harder for computer users to download legit security software to remove them, or simply research the tool that claims something is wrong with the system.
Manual Removal of Security Tool:
Security Tool uses random numbers to make the identification and removal instructions complicated.
- Step 1: Remove the Security Tool startup entry which is listed as number.exe where number is a random number.
- Step 2: Identify and stop the Security Tool process by pressing [Windows Alt Del] to bring up the Windows Task Manager. The process is listed as number.exe where number is a random number
- Step 3: Remove Security Tool related files. These are stored in two locations
C:Documents and SettingsAll UsersApplication Datanumber
C:Documents and SettingsAll UsersApplication Datanumbernumber.exe
where number is again a random number. - Step 4: Remove Security Tool Registry entries. Those again are stored in two different Registry keys.
HKEY_CURRENT_USERSoftwareSecurity Tool
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallSecurity Tool
Automatic Removal:
Most legit antivirus software, like Malwarebytes’ Anti-Malware is able to detect and remove Security Tool automatically. This process is usually faster and the better choice especially for inexperienced computer users.