How to Remove Security Tool

UPDATE 10-13-2010:  While the below guide does still work it is a YEAR old.  We have updated it several times since but the NEWEST guide that includes 3 additional videos can be found at http://www.removevirus.org/remove-security-tool-latest-rouge-client-400  .  Just want everyone to know about the new guide as well as this one.

If you have not already done so we do recommend you watch our security tool removal video. It has been watched over 100K times and does a good job showing you the steps needed to remove this threat. This video is below so read on.

How to Remove Security Tool

How to Remove Security Tool

Onto the Manual Removal of this threat.

I am also including the video we created from www.removevirus.org. This video is a must watch for everyone looking to manually remove Security Tool. To start I would like to say that you most likely got infected because you did not have a good security client installed on your computer.

Here is the Video you can follow along with this and the manual guide below

Security Tool Removal Video

The first thing you will need to do is to terminate the currently running process of this threat. This can be done in several ways. For those who can still use the Task Manager I recommend you simply hold down Ctrl+Alt+del. Vista and Windows Seven users will need to then select the Task Manager. If you are able to open it then you are looking for an 8 or 10 digit number follow by a .exe that is running.

Example of Security Tool Process running

3467542487.exe

This is the file you need to terminate. If you can not bring up the Task Manger then you have several other ways at getting to this threat still.

We are going to now look for the location of the 10 digit file.

First thing to try is simply going to the run command. Hit the Windows Start button and in the "Start Search" or run command area type in "msconfig" with out the quotes. Now select the start-up tab. Browse though the start-up menu and look for a 10 digit number, 8 digit number or a file that says Total Security, TS.exe or TSC.exe.

Once you find the trace you need to un-check the box and then hit OK. You will then be asked to re-boot. Before you re-boot make sure you book mark this page so you can find it again after you boot up your computer. If the above methods have not worked for you we still have several option left. If you were able to stop Security Tool from running then move on to

Stage 2. If nothing has worked so far for you then we recommend bookmarking this page and booting into safe mode with networking. Then just move on to stage 2. To boot into safe mode you need to re-start your computer then start pressing the F8 key every other second. When you see a DOS like screen with several options, use the up and down arrows on the keyboard to highlight the "Safe Mode with Networking" option and then hit enter to select. Then log into safe mode under your normal user account or the admin account. Then bring up this website again. remember only safe mode with networking will allow you to go online. If you are in just Safe Mode you will not have Internet access.

At this time the Security Tool program should not be running. If it is then you need to again follow the above instructions till you have terminated the Security Tool program.

We are now going to search and locate the folder that is hiding this program. Before we can do this you will need to un-hide system files and folders. This is because Security tool is a hidden program and the folder is hidden as well XP Users: Open up "My Computer" Also known as Windows Explorer ( THIS IS NOT INTERNET EXPLORER ) Then select Folder Options then View Tab, under view check the box that says "Show hidden files and folders" now we need to also Uncheck the box next to "Hide Protected Operating System File".

When we are all done you should set these setting back to default.

Vista and Windows 7 Users:

Go to Windows Start button > Control Panel >Folder Options > Select the View tab and then check the box next to "Show hidden files and folders" then uncheck the box next to "Hide Protected Operating System files" remember to re-set these settings once we are done.

Now you need to browse down to the correct directory and delete the folder and files of Security Tool.

XP users: The location of this program is going to be C:\Documents and Settings\All Users\Application Data\Tendigitfolder. You will now see a folder that it 8 – 10 digits in length. You need to delete this folder and the files in it. Normally it is the first folder under Application data. If you are getting errors trying to delete this then bookmark the page and re-boot into safe mode as an Administrator as described above.

Vista and Windows 7 users: the location of this program is going to be C:\ProgramData. You will now see a folder that it 8 – 10 digits in length. You need to delete this folder and the files in it. Normally it is the first folder under Application data. If you are getting errors trying to delete this then bookmark the page and re-boot into safe mode as an Administrator as described above.

Keep in mind that the C:\ location is the default Windows folder location. Now you should attempt to download SpyHunter if you could not do it before. Register the product, update the scanner and run a full scan. This is the best way to remove the rest of the Security Tool virus and all the remaining traces. If your a cheap A$$ or can't get the client to install then read on for the next steps.

The good news here is we are about half way done. The bad news is you still have a bit of work ahead of you.

Now we need to re-set the Windows host's file and Internet Explorer. This is to ensure your computers browser settings are not highjacked. You may need to re-install pluggins and the like for Internet Explorer when this is done.

As stated before you should really just rgister the product to remove the rest of this virus and the others still on your computer.

Security Tool Registry Settings

We are now going to be editing the Windows Registry. Please note the editing the registry is very dangerous and one wrong slip and your computer can become unstable. No we do not recommend doing it unless you are a computer expert. We have already told you the correct solution to use. However this is a complete guide so we are going to show you how to edit the registry to remove the rest of Total Security. Click the Windows start button and type "regedit" in the run box or search box. With out the quotes. The registry editor will now open for you. You need to locate and delete the following strings.

HKEY_CURRENT_USER\Software\Security Tool HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Your10digitnumber" That is it.

You have just removed Security tool from your computer manually. You will now need to run a full scan using your favorite antivirus program. You already know the program I use. This is a must that can not be skipped. In most cases those infected with Security tool have several other viruses installed on the system. You need to protect your computer and remove all those viruses so this threat does not get re-installed again.

Outside Resources:

http://www.howtogeek.com/howto/9505/how-to-remove-security-tool-and-other-roguefake-antivirus-malware/

http://www.wikihow.com/Remove-the-Rogue-Security-Tool-Program

Comments

  1. I managed to get rid of Security Tool on my laptop by your methods (thanks!!), but now i’m having a problem with the internet. It says its connected to the internet but I can’t load and web pages, MSN can’t connect and any other internet related program acts as if its not connected. Actually one exception is a p2p program I’ve got called ‘ares’ which doesn’t seem to connect to the internet, but if i search for files on it, it finds them, but can’t download them.
    My laptop runs on vista.

    any ideas of what I can do??

    thanks.

  2. It works like a charm. I didn’t have to change the registry though. There was nothing there to change. Maybe I caught it early. Anyway, I am doing a complete virus check. Thanks and God Bless you.
    The cheap guy.

  3. technical admin says

    I love it. “The Cheap Guy”

  4. technical admin says

    I would try to re-set your browser. We have a tool for that in the side bar. If that does not work then download a Winsoc fix tool for vista.

  5. Very nice job with the written instructions. I appreciate it! Thank You.

  6. I followed the steps but there is no ten digit folder appearing. Where else could it be hiding?

    Thanks

  7. technical admin says

    My guess is it’s still there or the trace you have just mutated. Is there an 8 digit folder in the correct location. Please note that the location will vary depending on if you have an XP or Vista/Windows 7 computer. The guide above shows the different paths.

    As shown in the video you can right click on the Security Tool Icon and select properties. From there you will be able to see the exact folder location.

  8. Your info was easy to follow. I have Vista and it really helped. I am not a computer expert but like to DIY things due to not able to afford other help. Your instructions were on the money. Thank you again. Will pass on the word to friends and family if infected to check out you site. Thanks again!!

  9. technical admin says

    You are most welcome

  10. Anonymous says

    This site was very very helpful! I was surprised how easy is was to follow along… Thank you so much I appreciate the help!

  11. Anonymous says

    AWESOME!, AWESOME! THANKS SO MUCH FOR YOUR HELP!!!

  12. Anonymous says

    I couldn’t believe that this was on my computer. I had my firewall and anti virus off for 20 minutes to set up something else and the next day this thing was on my computer. Thank you for putting this solution up because I surley would not have figured this crazy thing out. Thank you again.

  13. Anonymous says

    thank you so much – this is the first time i had to remove a virus & you made it so helpful. i was freakn out with things poppin every 2 seconds.

    my only concern is that i did delete the 8 digit file from the C drive when i went into safe mode, but when i went into the windows registry i didn’t find anything under both file names you gave. i didn’t touch anything but i want to make sure i got it all.

    thank you.

  14. technical admin says

    Best thing to do is run a full virus scan to ensure it’s all gone. “I think I got it” does not cut it. Last thing you want is your computer being part of a botnet or a backdoor open to hackers. run the full virus scan and call it a day.

  15. technical admin says

    This is talked about in the guide. We recommend you re-name the file then re-boot. You should be able to delete the trace then.

  16. Anonymous says

    I am running on Vista. I followed the instructions and was able to delete one of the Security Tool folders, but there is more than the one folder that needs to be deleted.
    The second of the two Security Tool Folders can’t be deleted because the folder or a file in it is open in another program. I tried to stop it, but I can no longer start the task manager due to the virus and I’m already in safe mode. How do I delete the second folder?

  17. Anonymous says

    thanks for all the help you are a lifesaver.

  18. Anonymous says

    I found that if it has placed an icon on your desktop, you can right click and hit properties. Under shortcut target it tells you the name of the file (the 10 digit number). Thanks so much.

  19. Anonymous says

    The computer is running XP SP2. I go to the C:\Documents & Settings\All Users\Application Data, and there is not an 8 digit or 10 digit folder. I have tried under normal start up and in safe mode. The XP Security Tool wants me to go to URL REMOVED to purchase the fix. I am 99% its the problem that is in the video above, as the annoying popup windows and system tray messages are the same. I am somewhat computer savvy, but didn’t notice anything nefarious (or 8 or 10 digit) in the start up tab under msconfig either. Any other ideas or thoughts? Any help would be greatly appreciated.

  20. technical admin says

    This is not the same threat. Your infection is 100% different strain. However I am going to venture an educated guess and say it’s related to Desktop Defender 2010. If that is the case then you can see if there is a folder similar to c:\Program Files\Windows Defender 2010\ on your PC. Then rename the .exe file in there and reboot your computer. Then manually delete the trace file then run a full security scan.

    Because this threat is new and we have not been able to find the virus to test yet you may contact us using the contact button below with your e-mail address and provide us more info like were you got infected are the install file and we can write you a guide for your threat.

  21. Anonymous says

    THANK YOU SO MUCH OMG
    i also deleted the 8 digit numberin the C drive and when i went into the registar there wasn’t either of the 2 files you said to delete…but either way i believe its dead! thank you:)

  22. Anonymous says

    I’m an idiot when it comes to computers, but I also can’t afford to spend $… I had the Security Tool virus, but I managed to do a system restore and it hasn’t popped up in a while. I followed the video and can’t find the 10 digit file. My computer has been running really slow since and I have also been getting unwanted pop-ups via internet. The writing under my icons are also black and occassionally I will lose my screen saver and my screen will be all black. I’m not sure if this is related to the Security Tool virus or if it’s a totally different virus? I’m really anxious to get rid of whatever computer viruses I might have without having to spend any money, not to mention I want to learn how to get rid of these! I sincerely appreciate all your help!

  23. technical admin says

    As I have said a thousand times before. YOU NEED A REAL SECURITY CLIENT. Having a computer online means you need to have proper security in place. I do not recommend any free clients because they will not give you the support and protection you need.

  24. Anonymous says

    i swear to god i love you guys. i am totally stupid when it comes to computers and i managed to save mine 🙂 i’m so happyyyyyy!

  25. technical admin says

    We feel the love.

    Thanks for stopping by and posting a comment.

  26. technical admin says

    That is why we do NOT recommend using System Restore or doing things like last known Good configuration. I think a NTFS disk check is needed and perhaps a repair of a few windows files.

    This issue is no longer about being infected with a virus. It’s about a corrupt Operating System.

    You can learn online online how to do an NTFS check so we will not go into any further detail.

  27. I tried to go into safe mode, and chose Last Good Configuration per wikipedia, now it just recycles to a blue screen and keeps rebooting.

  28. jeffrey lowe says

    hi im having trouble removing this security tool me and my dad each have our own users and the security tool virus is only on my user my screen isnt blue i can still do some things but it does restart every 20 minutes to a half hour it says something but i cant fully remember what it says(ill find out and send it to you if needed) ive tried watching the videos and reading how to remove it but i cant seem to find the file. please help ive been tryin to do this for hours.

  29. Angel Elf says

    I just got this damn infection and your video and web page helped me to get rid of it. I did have a problem deleting or renaming the .exe file though. I kept getting the “Access Denied” message. My workaround was start the Task Manager just as the computer started to boot but before Security Tool could start and prevent it from running. Then I selected “Applications” from the menu and kill Security Tool with a click. Then I was able to flush this pest out of my computer system. I would like to know the address where this thing is lurking so that I can lock out the site.

    Isn’t this kind of thing unlawful? If it isn’t it should be.

  30. technical admin says

    We use that work around all the time. Does not work for everyone but it’s nice when it does work.

    yes it is unlawful. Yes individuals are working on shuting these bank accounts and sites down but not much can be done to fully stop it.

  31. technical admin says

    What locations have you already looked in? What is your operating system?

    Is the program currently running on your computer?

    You may also want to check out this guide

    http://removevirus.org/remove-security-tool-latest-rouge-client-400

    We also have another website that has even more information about this threat

    http://www.securitytoolremoval.net/

  32. Darquenite says

    So IDK if this is a new version of security tool or not
    I found (On the removal video) that there is no file under the ‘all documents’ file
    I dowloaded many anti viral programs that were said to clean it in one go (Ex. Malware bytes ext ) The only reason I’m even using my computer is by calling up Task manager b4 the computer is fully logged on and ending the program

    Any ideas

  33. technical admin says

    Yes the file paths have changed. I though a users posted the new location. What OS are you using? XP | Vista / Win 7?

    Vista and Win 7 should be C:\Users\YOUR USER NAME\AppData\Local

    XP It should be C:\Doctumentsandsettings\USERNAME\Aplicationdata\Local or LocalSettings

    Note that the file may not be in a folder. Look for a random number that is 6 -10 characters long. In the latest sample our threat was 6586290.exe

  34. I am trying to get rid of ST for my Windows XP home edition …my problem is when I get to the part where there is supposed to be an 8 digit coed there is nothing but files with names in the Application data file …there is one number file but it has a {3276be96 I don’t want to get rid of something I need . please help!

  35. technical admin says

    You are correct in not wanting to just start deleting stuff.

    Have you looked under all the user account? Example
    C:>Documents and Settings>YOUR USER NAME>Local Settings>Application Data\Random Number Proccess .exe

    C:>Documents and Settings>Users>Local Settings>Application Data\Random Number Proccess .exe

    It may be located under a different account.

    Some tips.
    1. Boot into safe mode with networking and install Spyware Doctor. Just run the quick scan to see if it identifies the correct file and location for you. If not run the full scan. You may also want to try Malwarebytes.

    2. You could boot normal. The second you log in to the computer bring up the task manager before ST starts to run. ctrl+alt+del. You should have a 2 second time frame. Then look at the running process and write down the name of the 8-10 digit file name. You should be able to right click on it and open the folder location.

    3. Download the process killer tool under Antivirus Software Reviews section. Be sure to grab the one that is already renamed explorer.exe . This program should be able to run on your system. It is just like the task manager and you should be able to drill down and find the file name. If the file is blocked try re-naming it to firefox.exe or iexplorer.exe

  36. I have a real big problem, I’ve been searching the file alday long but just couldn’t find it, I tried the thing with showing the hidden files and nothing appeared, so i thought well meaby it’s in an other folder so I checked the location by right-clicking on the security tool icon, but now i can not access this folder, it’s probably hidden so I made sure that i had a check on the “show the hidden…” thing but still the folder wouldn’t appear, I am graduating this year and really really need wour help, thank you very much.

  37. technical admin says

    If you already deleted it your good to go as long as you have no other virus infections.

  38. technical admin says

    Boot into safe mode with networking and download the SDA client that we recommend. Run the update and then do a scan. It will show you the folder that needs to be removed

  39. i deleted the thing but i wasnt in safe mode does that do any thing please help me

  40. I followed every step recommended and have not found the file / folder. I was able to activate ctrl-alt-del before Security Tool loaded and shut it down very quickly. The name of the ST program I shut down was 73937. I havent located any files with that name or havent found it in msconfig. I feel that this is a mutated virus or a new version hidden very well. Please help me find that FN folder. I think your the most down to earth amazing tech online, so Im confident that with your help it will get fixed.

  41. I also didnt find it in regedit or msconfig

  42. technical admin says

    What is you OS? We tested this threat out just the other day and the guide is accurate. Look for the blue icon next to the 73937.exe file. It will be in the folder paths shown in the guide.

    Report back the file paths you looked into that are in the guide for verification you looked in the right place.

  43. Just wanted to say thank you for all the guidance you all gave on getting rid of this virus. Granted, you have to read and following the instructions carefully because this virus is nasty and deep in your system. But you instructions were clear enough to remove the virus. So thank you and please keep up the good work.

  44. technical admin says

    Thanks for the kind words. We should actually change this page to point to the newer guide we wrote on removing this virus. The new guide I think is a little clearer.

  45. technical admin says

    It does not matter if you have the icon or not. Read the rest of the guide for instructions.

    If you have a specific question relating to a step you can not do just ask.

  46. JOHN FOERSTER says

    I am unable to get this thing off my laptop. I can only get t the users part and when I click desktop nothing else follows from there. It does not show the security tool icon in the desktop folder. HELP!!!

  47. My laptop was infected with Security Tool. As soon as it hit, I realized I had somehow shut off my antiviral program. I attempted to run a virus scan, which did pick up the virus. However, my Stop Sign would run and then my computer would shut off before it could delete the virus. The Security Tool was controlling my Stop Sign program. In order to remove the virus I took the following simple steps:

    Started my computer in Safe Mode with Networking.
    Ran a virus scan

    These were the steps:

    1. Shut off the computer
    2. Turn it back on and click F8 over and over until the computer comes on
    3. The computer will come back on and give prompts on how to start it up again
    4. Select Safe Mode for Networking
    5. Turn on Anti Virus program and let it scan system
    6. Once the virus detected follow instructions by antiviral program for removing the virus
    7. Restart according to your antiviral programs instructions
    8. Security Tool removed, system back to normal

    This worked for me. I use STOP SIGN antiviral. If I had turned it on, and left it on, then I wouldn’t have been in this mess in the first place.

    If you don’t have an antiviral program, then start up in Safe Mode with Networking
    and download a REPUTABLE antiviral program.

    Before I figured out how to remove the virus, I did manage to slow it down a bit by doing the following.

    1. First, deny the program access to your system. This won’t remove it, but it will slow it down so you can work on your computer.
    2. Do this by right clicking on the Security Tool icon and choose “properties”
    3. Choose the Security Tab
    4. Then “Edit” by checking the boxes to “deny” access to your system

    Good luck. It really wasn’t a big deal, once I went into Safe Mode for Networking and ran my antiviral program.

  48. My computer is clear of the virus now thanks to you but I can’t get online. I’ve tried to download the two files you suggested but it will not let me…windows installer is not installed..any ideas?

  49. Anonymous says

    the virus i have is called xp total security alert, is this the same virus ur talking about here? if so , i followed ur video and instructions, and dont see the 8 or 10 digit file at start of application data? i am currently running the microsoft security essentials program full virus scan,so maybe if that finds something it can delete it also? which is best the microsoft se or pc doctor?i installed both ,will that be ok also? is it free?and can it remove items also?im on windows xp service pk 3 on acer and asus laptops ,if i cant find the file u mentioned ,what can i do myself?the computer wont even let me go on internet to download removal programs?im on another laptop now writing this ,hope u can help, thanks

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.