I have a super nifty virus

[Iznat]

That is an absolute pain in the arse to get rid of.

It's something called Security Tool, a vicious Rogue Security Software package.
I've been trying for a day or two now to get rid of it, but it's a persistent cow. I figure it's from my sister using the other user (she'll be losing the use of my laptop from now on fo' sho') and I'm sort of at a loss for what to do.

I have AVG and SpyBot, and upon recommendation of Tom's Hardware and HowToGeek I used Super Anti Spyware, which found it, but wasn't able to remove it. It's bothering me an awful lot, because with constant pop ups telling me that there's a worm trying to send my credit card details to a shady site, that Explorer has stopped working and that I can't use CTRL-ALT-DEL to do ANYTHING because of a Trojan hidden in my processes tab, waiting to be let out.

Currently I'm using Safe Mode with Networking, and Explorer crashes every few minutes and the resolution is about 800x600, and I can't play anything ;_;

So, Escapist, I have two questions for you.

1) Have you ever had to get rid of Security Tool or another false security software? How did you do so? D:
and
2) What ridiculously awful experiences have you had with virus'?

 

[tomtom94]

Run Spybot in safe mode.

Usually gets rid of anything.

 

[Wes1180]

Try trend micro housecall, it hasn't steered me wrong.
Just download and execute.
http://housecall.trendmicro.com/uk/

 

[Bon_Clay]

http://www.malwarebytes.org/
download this and run it

Had a similar problem with rogue anti-spyware this fixed it right up.

This plus Avast or AVG. And that is all you need. Its what I've used from some crippling monsters that stopped me from being able to even boot in safe mode. Roll back, spybot, the incredibly shitty McAfee were all completely useless against the army of trogans and rootkits.

 

[Edorf]

Malwarebytes indeed.

 

[THEfog101]

Download A trial of Esets Nod32, i have yet to come across an infection it cannot remove and you will never regret using it either. Dont download Spy bot though, that shit rapes your host file and cause problems with its tea-timer function, use Malwarebytes instead.

http://www.eset.com.au/download/trial_versions.html

I found Nod32 and malwarebytes after i received a call from my parents with them complaining about random shit happening on their PC, it twas lots of Spyware, Malware in General (Trojans, Rootkits etc) all living in tandem inside about three of their computers but the stubborn old farts wouldn't let me do a reinstall so i had to cure it, took the better part of a day to get it cleaned up lol but those two tools really did what they said.

 

[Funkysandwich]

Back up and re install windows. It's probably terminal.

 

[Kyogissun]

Get everything important to you onto an external memory source, be it flash drive or external HDD.

Factory restore your computer.

Get your internets back up and running. Purchase a full version AVG.

Problem solved. That's what I did when I got tired of being afflicted by various problems like that.

AVG Premium's kept me clean since then. Mind you, I started off using the 30 day trial and THEN bought the full version, but you get the idea.

It works, seriously, just go for it. It's 'genuinely' worth it and this is from someone who usually never bought into the whole 'you need antivirus on your computer' bullshit.

And I think I know exactly which virus you're talking about, I've either experienced the 'exact' same thing or a variant of it. It locks you out of using specific programs, right? Says like, 'Oh, you can't use this program because I've deemed it a security threat' or something similar.

 

[Iznat]

Well, I booted it into Safe Mode with Command Prompt, and got Explorer running. Found it in a folder and manually deleted it. So, it seems to be gone, scanned it through, nothing found.

But, as usual, something else is amiss. Explorer keeps crashing and restarting, almost constantly. I'm running an SFC scan, but if it finds nothing, I'll be doing a system restore. I'll definitely be getting MalwareBytes tho

I seem to have gotten hit pretty hard, and while it completely sounds like I'm blaming certain people, I know it wasn't me xD
Now all I gotta do it come up with a reasonable way to tell my sister to stay the hell away from my stuff - any suggestions?

Thanks guys ^_^

 

[MagicMouse]

It's been said but...Malwarebytes.

Sometimes the virus won't let you download this though. In that case there are online guides to disable Security Tool for a few days by changing the name of some of its files, which will let you download what you need to purge it for good.

 

[Iznat]

SFC scan found edited boot details and registry entries, so it fixed those. Did a system restore, currently scanning with MalwareBytes - don't worry, I don't pay for anything xD
Seems to be fixed, not found anything thus far - getting the "This copy of Windows is not genuine" message on the bottom right, but it isn't, so no big deal.

I seem to have removed Security Tool from my computer, there's no trace of it anywhere, and the registry entries weren't to allow it to come back, plus they're fixed now anyway.

With regards for my sister, she's 13, so she can save up for her own damn laptop.
There was a family user profile, which has been completely removed, and my user profile always has a password. Guess she'll have to go to the library to check Facebook.

 

[Nerdygamer89]

Sounds like you have some nice ransomware. First step to getting rid of it: go into safe mode with networking and google the name of the program, odds are you'll find a site listing its registry entries and where it typically installs itself on your HD (usually system32). Go to start, run, and type "regedit" without the quotes and use the website's registry entry list to hunt down and delete all the entries. Make sure you only delete things related to the ransomware. After that's done, you should be able to delete the .exe from your hard drive.

Seems like you've fixed it (a fact I noticed after typing all that =P) but I'll post this anyway in case anybody else needs the info, as it's a surefire way to get rid of ransomware in my experience.

 

[The Procrastinated End]

It can't be any worse then Generic!Artemis
But Malwarebytes can get rid of most things so go with that.

 

[Deathkingo]

If the virus is really super nifty, how do we know it simply hasn't taken possession of your avatar and isn't runnin amok across the formus to spread awareness of its amazing powers?

Anyway, OT
I have a mac. I don't get viruses. The world compensated by not giving us good computer games. I'm looking at YOU Civ 5....