How to Remove Security Tool – SecurityTool Removal

Security Tool Description

Security Tool is a fake anti-spyware program that through the use of deceiving tactics, is able to extort money from unsuspecting computer users. Security Tool uses fake system alerts and falsified system scans to persuade purchase of the Security Tool application.

Security Tool is not a viable solution to any security related issue on a PC. Security Tool was created by cybercrooks with the main intention of money extortion through vigorous methods. These methods are generally deceptive actions taken by the Security Tool program itself which ends up being more of a nuisance than any assistance to detect and remove malware. Security Tool also utilizes the name similarity of legitimate security programs which can also be very deceptive among novice computer users.

Security Tool comes from the same group of hackers that develop and spread the rogue anti-spyware programs Total Security 2009 and System Security. Security Tool is not an effective tool for the detection and removal of computer parasites.

How Can You Detect Security Tool?

Anvi Smart Defender

Security Tool Technical Report
As new Security Tool details are reported by our customers and findings from our Threat Research Center, we will update this section.
Fake message for Security Tool:
The following fake error message(s) appears for Security Tool:

Security Tool Warning
Spyware.IEMonster activity detected. This is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs. Click here to remove it immediately with Security Tool

Security Tool Warning
Security Tool has detected harmful software in your system. We strongly recommend you to register Security Tool to remove these threats immediately.
The following Security Tool files with its MD5s were created in the system:

    Name       Size              MD5
6045089978.bat 266 9845eec98712d4820b62bef08431bbfa
6045089978.cfg 1543 763ae58acf67c1792d2677cdff2d9dba
6045089978.exe 1045541 b571d6167079dc72c12c768a660305de
13451714.exe 1097760 57f22353fe3de85828e68f488f5852af
16501874.exe 1079840 131a8c65d12ec824e5027c8dea7b8c7a
11002964.exe 1081892 371ea0a206c36e29c623d8021053885a
13485624.exe 1097248 1e0eeac20c22bc5f2096095a3c2ae536
18175464.exe 1082404 65f620661679539fd9e13cc7cbbd191e
16394064.exe 1096736 6899a734c66cd18098c80a6ed48625c2
14764534.exe 1096224 ffa8165f8808e1880b455c7a0bb9f554
16568754.exe 1096224 f1e2a6e963c0f414d1051ac7fcfacd0c
install[1].exe 1046056 0aa3370a64bf157c75a3b82779a9c126
736D7029.exe 116767 1a597e82bff7f538f351fc545f3443bb
15446254.exe 1095712 c6ba2149697b55710942564df502d905
12631254.exe 1082916 d6b7f47dcdffc20fc6feb546f3019a71
12014064.exe 1097760 9b19eaa377a1d177bbd860c15255badf
11878124.exe 1082404 794561e491f964a5b97a0b083ecb15fb
1884922352.exe 1047076 d535db294d3b141c8c0b5a51ec4c7a41
14653754.exe 1096736 ec596c79ee01c82e1c409fb3fd0df9a8
11144534.exe 1082403 7e2d8d2b7dd287149250c173fb4d5fce

......

12143594.exe 1064996 10e3167c568a5c1142f513682b39d0e3
10609214.exe 836132 6e27c84a0f12f64e25fba852449f75d7
11411564.exe 1057312 dccfd995cde3053d59f9724ced767c81
10513284.exe 1057312 57200f8ad84fe960769be87ce7b6a1aa
10861094.exe 1057312 f80365ff51442bd40254ba4dd1ecbcef
12112034.exe 1057312 b86360cad7681d00d6004b5975415cc0
11775314.exe 1063972 2ea3fcc0fb20ee3a5445de49ac90e91f
11003594.exe 1057312 254b554107f7c17cb93abf2222c05487
14454214.exe 975396 26c2cf21314a8e57c972480bd5a8cad6
10637964.exe 975396 10b3f09f9e3b8f2c784bfc77d09702a2
11468904.exe 1057312 c0c44486e78b06e31856c93f96dbb20e
10654374.exe 1057312 bd7950e9a1463f026c4d422ab36c507a
11345314.exe 1057312 09375bd3778310eca0cfd161ec0c7b92
11383284.exe 1057312 5bf37ae25d42b406145cb5d883cddf5f
09862530.exe 1044992 7a8a6fa3a2491906ce27a76689af4a83
83084023.exe 1044992 56285669088bee093f552a65e94d7195
88033325.exe 1047040 b377b95683149e82112eacdea0dd7b5c
54251825.exe 1011712 5ab5248d868408a5e9326d8743dbb8a3
72706022.exe 1011712 7680a2a93eaf30214a8114d0f9706699
25421822.exe 1113600 39498d944fd3658694e33c5f5ca1ea8b

Security Tool Removal Details

Security Tool has typically the following processes in memory:

%UserProfile%\Application Data\4946550101\4946550101.bat
%UserProfile%\Application Data\4946550101\4946550101.exe
Security Tool creates the following files in the system:
%UserProfile%\Application Data\4946550101
%UserProfile%\Start Menu\Programs\Security Tool.lnk
%UserProfile%\Desktop\Security Tool.lnk
%UserProfile%\Application Data\4946550101\4946550101.bat
%Program Files%\SecurityTool
%UserProfile%\Application Data\4946550101\4946550101.cfg

Security Tool creates the following registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecurityTool
a791a998-ae9a-42cb-b833-45279b64dd30
77DC0B63-ff35-4ba9-8BE8-aa9EB676FA02
HKEY_CURRENT_USER\Software\Vista Antivirus 2010
AF4DA69B-E1D6-469A-855B-6445294857D4
7897A556-0E82-49F4-8C80-D0983CBF0352
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “SecurityTool”
HKEY_LOCAL_MACHINE\SOFTWARE\SecurityTool
7F23592B-8F2C-4C08-83A8-BBE01BF9CC64

Comments are closed.