Automatic and Manual Removal Guide of Security Tools Virus

Automatic and Manual Removal Guide of Security Tools Virus
Page content

What is Security Tools?

Security Tool is a rogue anti-malware scanner and it is often installed from malicious advertisements, malware or Trojan downloaders. When Security Tool is installed by a Trojan, the scareware program will either automatically launch itself or the user is prompted to execute another installation after a system reboot.

If the computer is rebooted, the Security Tool program will change the desktop background, covering the desktop icons. It will also block any applications that the user wants to use such as the browser, notepad, and legitimate anti-virus, anti-spyware or anti-malware program. The important utilities in Windows such as Task Manager, Registry Editor and the Startup Manager console in Windows are blocked by Security Tool. The rogue program will display fake warning message, information of non-existing threats in Windows and a fake Windows Security Center alert icon.

You can remove Security Tool by using free malware removal or by manually deleting added files, folders and registry values or registry keys.

Removing Security Tool if the PC Has Not Restarted

When you first see the Security Tool rogue program in Windows, the desktop background is not modified. If you have not restarted the computer, you can easily remove Security Tool using the Microsoft Windows Malicious Software Removal Tool that is already installed in your computer. It is not blocked by Security Tool because you have not yet restarted the computer, which will allow the rogue program to block it. Simply click Start, type mrt.exe in the Run Box and then hit the Enter Key on the keyboard. The Malicious Software Removal Tool will open.

Malicious Software Removal Tool removes Security Tool

You only need to manually delete the now non-functioning Security Tool desktop shortcut after the Malicious Software Removal Tool automatically removes the scareware program.

You can also use your browser to download EmsiSoft Anti-Malware, Malwarebytes Anti-Malware, Windows Defender, SUPERAntiSpyware or Spybot - Search & Destroy. Not only that, you can also still update those programs and have the latest definitions and the best chance for removing Security Tool. This is true only if you have not restarted the computer, if the desktop background is not changed and if the legitimate anti-malware program requires no PC restart after installation.

Removing Security Tool if the PC has restarted already

If you have any running anti-spyware, anti-malware or anti-virus program that is configured to automatically start in Windows, it will remove Security Tool as well, even if you’ve restarted the computer and Security Tool has modified the desktop background. One such program is Windows Defender if it is configured to auto-start in Windows:

Windows Defender Removes Security Tool

Another example of an anti-malware program that can remove Security Tool, even if the PC has restarted and if the desktop background has been modified is SUPERAntiSpyware:

SUPERAntiSpyware Removes Security Tool virus

The above removal tools will remove Security Tool as long as the tools are configured to run automatically during Windows startup.

Removing the Security Tools Virus if Anti-spyware or Anti-malware is Blocked

Security Tools is known to block anti-malware and other programs. This usually happens if the computer is restarted, in which case the rogue program will also prevent you from seeing your desktop icons by modifying the wallpaper in Windows. What can you do to remove the Security Tools virus, if rkill fails to bypass or shutdown Security Tool processes?

Rkill blocked by Security Tools Virus

Note that rkill might fail to shutdown the malicious process because the Security Tool program is using random file names and process names or because Security Tools is now configured to target rkill as well by preventing it from loading.

To remove the Security Tools virus if anti-spyware, anti-virus or anti-malware is blocked, reboot the computer to Safe Mode with Networking:

Safe Mode with Networking

Login to a Windows user account that has Administrator permission:

Administrator or User Account with Admin Permission

Next, type mrt.exe in the run command to start removing Security Tool rogue program:

MRT in Safe Mode

Reboot the computer when done and simply delete the non-working desktop shortcut key for Security Tool and then change back your desktop wallpaper to your preferred settings.

You can also use your browser to download other removal tools while in Safe Mode with Networking. Below are some of the malware removal tools that can remove Security Tool while in Safe Mode.

Ad-Aware removes Security Tool in Safe Mode

Spybot - S&D Removes Security Tool in Safe Mode

Ad-Aware and Spybot - Search & Destroy can remove Security Tools while in Safe Mode.

Malwarebytes Removes Security Tool in Safe Mode

SUPERAntiSpyware Removes Security Tool in Safe Mode

SUPERAntiSpyware and Malwarebytes will also remove the scareware program in Safe Mode.

Security Tools Virus Manual Removal Method

If you would rather remove Security Tools using the manual method, you only need to identify the file name with random numbers and then other files added by Security Tools in the following location, while using Safe Mode:

C:\Documents and Settings\All Users\Application Data\09236525\09236525.bat

C:\Documents and Settings\All Users\Application Data\09236525\09236525.exe

C:\Documents and Settings\(YOURUSERNAME)\Desktop\Security Tool.lnk

C:\Documents and Settings\(YOURUSERNAME)\Start Menu\Programs\Security Tool.lnk

Use the Registry Editor in Windows to delete the following keys or values:

HKEY_LOCAL_MACHINE\SOFTWARE\09236525

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “09236525”

Please note that the file or folder name varies depending on what was installed on your computer. The above example is 09236525.exe

Reboot the computer then modify your wallpaper to your preferred settings. Proceed to scan the computer using anti-virus with the latest detection signatures.