Security Tool

[Tricky_Dicky]

Hi all,

Just had a teacher come to me with her laptop and say it's got 33 infections on it and can I sort it before the day is out?
This is the school laptop which is taken home and so has Sophos on it as do all of our machines and it's very rare for Sophos to actually alert the user to anything strange, it just gets on with it's job so I asked her what she had been doing with it/ had she used some other anti-virus. I got the reply of "yes, I've used a 3rd party bit of software". great...
Turned the laptop on and up pops "Security Tool" which then proceeds to do what looks like the fastest full system scan in history and tells me that the computer is full of infections even though sophos reckons it's fine. It even recreates the little red warning shield in the taskbar to say there is a problem.
Now before I delete this software and let Sophos carry on, is there any chance it's legit or has anyone used it before?

Regards
Rich

[Mcshammer_dj]

not legit at all this is malware!!!!!!!!!!!!!!!!!!!!!!!

[dwhyte85]

Get into safe mode with networking and get MalwareBytes, update and kill them all (traces of malware, not teachers).

[Tricky_Dicky]

It's dam good! I can't open Sophos, Add/Remove programs or even task manager.
Just going into Safe mode now.

[computer_expert]

good guide here (site is down at the moment which is why i've linked to google's cache) for removal

Remove Security Tool and SecurityTool (Uninstall Guide)

[sdc]

Definitely malware. Had this several times here and can be tricky to remove. If it's any use, this is how we did it.

1. Copy TaskMgr.exe and call the new copy iexplore.exe (some versions of "Security Tool" will close applications such as Task Manager by identifying the exe's name - thus renaming it gets you round this).
2. Kill off the Security Tool process - each time I've seen this it's been named a random number in the list.
3. Download and run Malbytes Antimalware. Run a full scan and remove all that it finds.

[FN-GM]

Thanks for the tips, a friends laptop has this litttle blight on

[LeMarchand]

Have you sneaked into the school I'm in at the moment and decided to take *** ****** and their problems of my hands?

Had a similar problem recently where a teacher downloaded/installed something similar and then their "computer whiz" other half decided to install Norton to cure the problem. Got it sorted, but 1 month (and a spanking new W7 laptop later) and they've got the same problem .

[Tricky_Dicky]

LeMarchand, I hate it when there "friend who is a computer expert (obviously much better than you but is out of a job atm because of x,y,z) said....".
I think in this case it was probably caused by her kids using it. Also had the cheek to blame me for it and the best bit, she has cancelled all of her credit cards/banking because it came up with a message saying they were being transmitted by MSN!

[LeMarchand]

I think in this case it was probably caused by her kids using it.

Yeah, I get that too! Particularly annoying when they say "but I told little Johnny/Jenny not to use my laptop..." (why not just not give then your password) or "I never let little Johnny/Jenny use my machine" and you find loads of kid's sites in their browsing history or MSN launches with Windows into their kid's account or they have installed Barbie/GTA/other games. (Yes, I know, but if SMT won't agree to the machines being locked down...)

[AyatollahPies]

If you're Sophos subscribers, you can ask Sophos for the link to a bootable disc.

As soon as anything like this crops up, I just boot the machine this and run the scan from there.
(Had the exact same issue last week)

Avira also do one for free. We just download the latest version each work and burn it to a CD/RW.

Great addition to the arsenal.

[SYSMAN_MK]

What I would like to know is why Sophos never seems to stop these from infecting machines. In the past month I have notices an increase on the number of staff laptops getting infected with this type of Malware. All have Sophos installed and up-to-date.

Am I missing something glaringly obvious?

[dwhyte85]

What I would like to know is why Sophos never seems to stop these from infecting machines. In the past month I have notices an increase on the number of staff laptops getting infected with this type of Malware. All have Sophos installed and up-to-date.

Am I missing something glaringly obvious?

We are having this same issue and I've been told by Sophos... upgrade to endpoint [costs £]... really not good enough.

Don't get me started on Conficker & Sophos, it is just not enterprise grade security.

[TechSupp]

Had to clean that one of a heads home PC before and it was a right pain to do, can't remember now how I did it but think it had installed it somewhere in a non descript named folder hidden away, begger to find but did it in the end.

[elsiegee40]

If these are standard issue school laptops, a re-image would be far quicker and probably more effective