Welkom in het brein van Martijn!

So, your PC has a new piece of software that CLAIMS every other damned file is infected? And it encourages you to buy said program so all these viruses can be removed? Meanwhile, it prevents you from running any new software (supposedly because of a virus) and it’s killed your virusscanner?

Congrats, you’re being blackmailed! Security Tools is fake software. You need to get rid of it. Might as well use my experience, although I’m still working on the complete picture. By the way, my PC was never infected. I was called on to help someone else.
“You’re a nerd, aren’t you?” they said, as if that was a compliment. “Can you fix this?”
“Well, since you’re an idiot, I guess I’ll have to, won’t I?” said I. And since there wasn’t much information online, I wrote this article. It’s a work in progress.

Anyway, this is what the bastard looks like:

Looks familiar? What is does is this: it pretends your PC is riddled with viruses. It claims to be able to remove them. It sabotages any attempt you make at installing other software. It will not go away.

See also this link, for a list of aliases the software uses:

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Rogue%3aWin32%2fFakeSpypro&threatid=136370

Here’s my five step plan to get rid of Security Tool:

Step 1: Acknowledge you are an idiot who should learn not to click things like you’re Ham, the space-chimp or something.

Step 2: Get a Mac. No seriously, get one. But you can’t sell your PC with this virus on it, can you?

Step 3: Download this file, rundll32.exe (Right mouse button, save as) and save in in C:\ – so not on your desktop or anything, just C. Why? It will save typing later on. Trust me.

If you don’t trust me , see this page and download the file Security_Tools_Fix.rar (which contains a file called rundll32.exe) there:
http://www.net-studio.org/eng/patch/patch/100-patch-pour-supprimer-le-virus-security-tool.html

Problem 1: Downloadlink is hard to find on that page (scroll all the way down, don’t click an ad. The button looks like this:

Problem 2: The file is a .rar file. Betcha don’t know what that is, right? Well, it’s like zip only different. Your PC can’t open it without special software. Now, that software (WinRar) is free. Which is nice. But… Good luck installing Winrar, as ‘Security Tool’ will simply cancel the installation of ANY software you try to run. So it’s best to download the file from my webpage, as that’s already unpacked. But hey, it’s your call. Really, why trust me? You’re such a web savvy, discerning computer literate person, aren’t you? After all, that’s why you’re here!

Step 4: Okay, you’ve downloaded the fix to C:\ (and somehow managed to extract it, maybe you had Winrar on your PC or something, who knows. Or you trusted me, which is smart.) Now, reboot to SAFE MODE with COMMAND PROMPT. To do this, reboot your PC, press F8 at some point.

Step 5: You’re confronted with a black screen that says C:\Windows\system32> and you feel like crying, don’t you? Yeah, I thought I could smell your pussy… Now man up and type cd \ and press enter.

Now it says: C:\>

And you type Rundll32.exe (enter)

Aaaaand…. Security Tool is gone. Well, that was fast!

Whoa…. Where the fuck are you going, Einstein? We ain’t done. You have to run a full virus scan and hope to God your virusscanner takes care of the REST of the virus.

Oh yes… there’s MORE…

This is why I support the death-penalty, folks. Because we need to shoot the guys who wrote this in the head. (After we cut off their balls and stuff them in their mouths, that is. They won’t get off THAT easy when I’m in charge.)

You’ll know your PC still has a problem when you get a message in mangled English soon after starting Internet Explorer, claiming there’s still a virus on your PC. The text reads:

Warning!
On your computer detected the malicious code.
Should immediately make sure that your system is safe! Killing Hazzard
(R) for Microsoft Windows Seven immediately started to work

You’ll notice a tiny browser opened up somewhere. That browser is creating this message, as a javascript pop-up. That makes it look genuine. Fortunately, the bad English gives it away.

As soon as you click either button the browser opens up and goes to:
http://77.78.249.3/index.php?q=VPIPFDH2XS77HZAV19SVS6614 etc.
or possibly another infected site.

There, we see a nice animation trying to make you think your computer is infected. Next up: a box with the text:

Windows Security Alert
To help protect your computer, Windows Defender has detected spyware and is ready to remove them.

You’re also offered a download to fix the infection, probably called inst.exe

My bet is, as soon as you download and RUN that file, you’ve got Security Tool back.

Also, you’re screwed because nothing short of killing your browser via taskmanager will make it stop.

This is PROBABLY the way to get rid of the rest:

Try this free software: http://www.malwarebytes.org/
I think their software does the trick, but haven’t tested it myself. First reports have been positive. Let me know!

But why didn’t we start here to begin with?

Because, you idiot, you can’t install ANY SOFTWARE on your PC as long as Security Tool is active. It sabotages that!

What I haven’t figured out yet:

1. Why McAfee, which allowed this virus to be installed and disable all virus scanners, seems to have an issue with the fix I’m promoting here, Security_Tools_Fix.rar.

2. Why your hosts-file is locked, who did it and why

3. How you can be sure you’ve gotten rid of it

4. Why the good people of Microsoft haven’t been hung, drawn and quartered for spending enormous amounts of time on ANIMATED TRANSPARENT WINDOWS while ignoring huge security holes like this one.

Any comments? Post below. Crackpots are screened out.

Aangezien Birgit en ik niet van die ‘broeders’ zijn (maar hé, ieder zijn ding) hebben wij maar graag een kat in huis. Je moet toch wat te aaien hebben en het breekt zo lekker de nachtrust, als zo’n beestje om 03:00 AM haarballen gaat ophoesten.

Na zeven negen jaar trouwe dienst heeft onze Worf echter zijn Roadrunner-imitatie ten beste gegeven en we zijn hem nu al twee maanden kwijt. Aangezien hij maar 14 vakantiedagen open had staan, vermoeden we dat het toch om desertie gaat.

Omdat wij thuis nu eenmaal de deal hebben dat ik de kattenbak leeg en Birgit daarom mijn overhemden strijkt (allemaal: aaaaaaach, wat romaaaaantisch…) was Worfs vertrek onder meer een logistiek probleem: mijn overhemden waren op! We hebben nog een uitzendkat over de vloer gehad, Julia, maar mijn broer wilde haar toch weer terug. En omdat leasen financieel niet zo aantrekkelijk is, zijn we dan toch maar naar het dierenasiel van de Haarlemmermeer gegaan, want op hun website stond vermeld dat een zwart-witte jongeman van vier een nieuwe betrekking zocht. Hij had ook een naam, maar dat is dezelfde naam die Brad en Angelina voor hun spruit hebben uitgekozen en dat doe je zelfs een dier nog niet aan, dus die negeren we.

Meneer gaat vooralsnog dus zonder naam door het leven, want hoe noem je een dier dat tot nu toe uitsluitend onder je servieskast heeft gezeten? We denken dat het ijs wel zal breken want de zeer ter zake kundige arbeidsconsulenten van het asiel hebben verteld dat hij best wel op schoot wil als de eerste verlegenheid voorbij is. En aangezien ze het ook vertellen als de kat in kwestie kleuters openkrabt, nierproblemen heeft of gezocht wordt door het Joegoslavië-tribunaal, geloven wij ze. Hij is dan ook al een kopje komen geven: wij waren verrukt. Nu nog uitvogelen hoe hij heet…

Ik overweeg overigens:

I’m quite fond of a free program called Synergy, which allows you to share a keyboard and mouse between several computers. In case you’re wondering why someone would be operating more than one computer at a time: because it’s cool. Really, if you need to ask you’re so uncool it’s scary. You should probably go and iron something.

Synergy is cool because you can even run different operating systems and still have just 1 mouse and keyboard to control them. Plus, it makes your office look like the bridge of the freakin’ Enterprise and if that doesn’t get you laid I will eat my laptop. Really, chicks dig multiple monitor setups. Just trust me on this.

It’s free software and you can get it here:

http://synergy2.sourceforge.net/

Unfortunately, it was written and maintained by the sort of geeks who think nothing of starting and configuring software via the command line, which is about as userfriendly as a good swift kick in the meat-and-two-veg department. The Windows package is ok, but for OSX (That’s Mac to you and me) configuration is a bit of a nightmare. What you need is a GUI: a Graphical User Interface. This basically adds a menu to the software, making it easier to work with.

There are 3 GUI’s available. 2 of them didn’t work for me.

1. OSX Synergy GUI canbe found at:
http://sourceforge.net/projects/osxsynergygui/

It does work, but you have to restart it manually each time you want to use it. Which more or less defeats the purpose of using Synergy, since you’ll still need a second mouse and keyboard to do that. Plus, it’s alpha-software.

2. Synergy OSX, didn’t work at all for me although it looked very pretty.
http://sourceforge.net/projects/osxsynergygui/

3. SynergyKM: This is the best by far. It contains Synergy itself so you won’t have to install that first. It’s also to be found on SourceForge:
http://sourceforge.net/projects/synergykm

So… get number 3. But not 2. Or 1. Or 1 AND 2. That would just be silly. Just get 3. The bottom one. Yeah. That one rocks.

This has been a public service announcement for fellow ner… cool people.