Windows Thread, Security Tool in Technical; Hi all,
Just had a teacher come to me with her laptop and say it's got 33 infections on it ...
1st March 2010, 10:40 AM #1
Just had a teacher come to me with her laptop and say it's got 33 infections on it and can I sort it before the day is out?
This is the school laptop which is taken home and so has Sophos on it as do all of our machines and it's very rare for Sophos to actually alert the user to anything strange, it just gets on with it's job so I asked her what she had been doing with it/ had she used some other anti-virus. I got the reply of "yes, I've used a 3rd party bit of software". great...
Turned the laptop on and up pops "Security Tool" which then proceeds to do what looks like the fastest full system scan in history and tells me that the computer is full of infections even though sophos reckons it's fine. It even recreates the little red warning shield in the taskbar to say there is a problem.
Now before I delete this software and let Sophos carry on, is there any chance it's legit or has anyone used it before?
1st March 2010, 10:43 AM #2
not legit at all this is malware!!!!!!!!!!!!!!!!!!!!!!!
1st March 2010, 10:44 AM #3
Get into safe mode with networking and get MalwareBytes, update and kill them all (traces of malware, not teachers).
4 Thanks to dwhyte85:
CPLTD (22nd April 2010), danrhodes (1st March 2010), mac_shinobi (23rd April 2010), Tricky_Dicky (1st March 2010)
1st March 2010, 10:45 AM #4
It's dam good! I can't open Sophos, Add/Remove programs or even task manager.
Just going into Safe mode now.
1st March 2010, 10:45 AM #5
good guide here (site is down at the moment which is why i've linked to google's cache) for removal
Remove Security Tool and SecurityTool (Uninstall Guide)
1st March 2010, 10:47 AM #6
Definitely malware. Had this several times here and can be tricky to remove. If it's any use, this is how we did it.
- Copy TaskMgr.exe and call the new copy iexplore.exe (some versions of "Security Tool" will close applications such as Task Manager by identifying the exe's name - thus renaming it gets you round this).
- Kill off the Security Tool process - each time I've seen this it's been named a random number in the list.
- Download and run Malbytes Antimalware. Run a full scan and remove all that it finds.
Thanks to sdc from:
Tricky_Dicky (1st March 2010)
1st March 2010, 10:54 AM #7
Thanks for the tips, a friends laptop has this litttle blight on
1st March 2010, 10:54 AM #8
Have you sneaked into the school I'm in at the moment and decided to take *** ****** and their problems of my hands?
Had a similar problem recently where a teacher downloaded/installed something similar and then their "computer whiz" other half decided to install Norton to cure the problem. Got it sorted, but 1 month (and a spanking new W7 laptop later) and they've got the same problem .
1st March 2010, 10:57 AM #9
LeMarchand, I hate it when there "friend who is a computer expert (obviously much better than you but is out of a job atm because of x,y,z) said....".
I think in this case it was probably caused by her kids using it. Also had the cheek to blame me for it and the best bit, she has cancelled all of her credit cards/banking because it came up with a message saying they were being transmitted by MSN!
1st March 2010, 11:06 AM #10
Yeah, I get that too! Particularly annoying when they say "but I told little Johnny/Jenny not to use my laptop..." (why not just not give then your password) or "I never let little Johnny/Jenny use my machine" and you find loads of kid's sites in their browsing history or MSN launches with Windows into their kid's account or they have installed Barbie/GTA/other games. (Yes, I know, but if SMT won't agree to the machines being locked down...)
Originally Posted by Tricky_Dicky
1st March 2010, 11:23 AM #11
If you're Sophos subscribers, you can ask Sophos for the link to a bootable disc.
As soon as anything like this crops up, I just boot the machine this and run the scan from there.
(Had the exact same issue last week)
Avira also do one for free. We just download the latest version each work and burn it to a CD/RW.
Great addition to the arsenal.
1st March 2010, 11:31 AM #12
What I would like to know is why Sophos never seems to stop these from infecting machines. In the past month I have notices an increase on the number of staff laptops getting infected with this type of Malware. All have Sophos installed and up-to-date.
Am I missing something glaringly obvious?
1st March 2010, 11:33 AM #13
We are having this same issue and I've been told by Sophos... upgrade to endpoint [costs £]... really not good enough.
Originally Posted by SYSMAN_MK
Don't get me started on Conficker & Sophos, it is just not enterprise grade security.
Last edited by dwhyte85; 1st March 2010 at 12:00 PM.
1st March 2010, 12:10 PM #14
Had to clean that one of a heads home PC before and it was a right pain to do, can't remember now how I did it but think it had installed it somewhere in a non descript named folder hidden away, begger to find but did it in the end.
1st March 2010, 12:12 PM #15
If these are standard issue school laptops, a re-image would be far quicker and probably more effective
By stu1892 in forum O/S Deployment
Last Post: 8th December 2009, 04:40 PM
By Ric_ in forum Wireless Networks
Last Post: 21st October 2009, 01:41 AM
By garethedmondson in forum Windows
Last Post: 6th October 2009, 12:28 PM
By Newton in forum Windows
Last Post: 1st February 2008, 10:53 AM
By johnj1710 in forum General Chat
Last Post: 5th March 2007, 04:48 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)