What is Security Tools?
Security Tool is a rogue anti-malware scanner and it is often installed from malicious advertisements, malware or Trojan downloaders. When Security Tool is installed by a Trojan, the scareware program will either automatically launch itself or the user is prompted to execute another installation after a system reboot.
If the computer is rebooted, the Security Tool program will change the desktop background, covering the desktop icons. It will also block any applications that the user wants to use such as the browser, notepad, and legitimate anti-virus, anti-spyware or anti-malware program. The important utilities in Windows such as Task Manager, Registry Editor and the Startup Manager console in Windows are blocked by Security Tool. The rogue program will display fake warning message, information of non-existing threats in Windows and a fake Windows Security Center alert icon.
You can remove Security Tool by using free malware removal or by manually deleting added files, folders and registry values or registry keys.
Removing Security Tool if the PC Has Not Restarted
When you first see the Security Tool rogue program in Windows, the desktop background is not modified. If you have not restarted the computer, you can easily remove Security Tool using the Microsoft Windows Malicious Software Removal Tool that is already installed in your computer. It is not blocked by Security Tool because you have not yet restarted the computer, which will allow the rogue program to block it. Simply click Start, type mrt.exe in the Run Box and then hit the Enter Key on the keyboard. The Malicious Software Removal Tool will open.
You only need to manually delete the now non-functioning Security Tool desktop shortcut after the Malicious Software Removal Tool automatically removes the scareware program.
You can also use your browser to download EmsiSoft Anti-Malware, Malwarebytes Anti-Malware, Windows Defender, SUPERAntiSpyware or Spybot - Search & Destroy. Not only that, you can also still update those programs and have the latest definitions and the best chance for removing Security Tool. This is true only if you have not restarted the computer, if the desktop background is not changed and if the legitimate anti-malware program requires no PC restart after installation.
Removing Security Tool if the PC has restarted already
If you have any running anti-spyware, anti-malware or anti-virus program that is configured to automatically start in Windows, it will remove Security Tool as well, even if you’ve restarted the computer and Security Tool has modified the desktop background. One such program is Windows Defender if it is configured to auto-start in Windows:
Another example of an anti-malware program that can remove Security Tool, even if the PC has restarted and if the desktop background has been modified is SUPERAntiSpyware:
The above removal tools will remove Security Tool as long as the tools are configured to run automatically during Windows startup.
Removing the Security Tools Virus if Anti-spyware or Anti-malware is Blocked
Security Tools is known to block anti-malware and other programs. This usually happens if the computer is restarted, in which case the rogue program will also prevent you from seeing your desktop icons by modifying the wallpaper in Windows. What can you do to remove the Security Tools virus, if rkill fails to bypass or shutdown Security Tool processes?
Note that rkill might fail to shutdown the malicious process because the Security Tool program is using random file names and process names or because Security Tools is now configured to target rkill as well by preventing it from loading.
To remove the Security Tools virus if anti-spyware, anti-virus or anti-malware is blocked, reboot the computer to Safe Mode with Networking:
Login to a Windows user account that has Administrator permission:
Next, type mrt.exe in the run command to start removing Security Tool rogue program:
Reboot the computer when done and simply delete the non-working desktop shortcut key for Security Tool and then change back your desktop wallpaper to your preferred settings.
You can also use your browser to download other removal tools while in Safe Mode with Networking. Below are some of the malware removal tools that can remove Security Tool while in Safe Mode.
Ad-Aware and Spybot - Search & Destroy can remove Security Tools while in Safe Mode.
SUPERAntiSpyware and Malwarebytes will also remove the scareware program in Safe Mode.
Security Tools Virus Manual Removal Method
If you would rather remove Security Tools using the manual method, you only need to identify the file name with random numbers and then other files added by Security Tools in the following location, while using Safe Mode:
C:\Documents and Settings\All Users\Application Data\09236525\09236525.bat
C:\Documents and Settings\All Users\Application Data\09236525\09236525.exe
C:\Documents and Settings\(YOURUSERNAME)\Desktop\Security Tool.lnk
C:\Documents and Settings\(YOURUSERNAME)\Start Menu\Programs\Security Tool.lnk
Use the Registry Editor in Windows to delete the following keys or values:
Please note that the file or folder name varies depending on what was installed on your computer. The above example is 09236525.exe
Reboot the computer then modify your wallpaper to your preferred settings. Proceed to scan the computer using anti-virus with the latest detection signatures.