by John Weckerle
Yesterday, your editor spent a couple of hours removing a particularly nasty piece of malware from somebody else’s computer. The program, Security Tool, represents itself as a malware checker, but is in fact a vicious attack that attempts to coerce the user into purchasing the program using a credit card. Once installed, it essentially seizes control of the computer, stopping the use of any program other than itself on the basis of programs being “infected” with malware, and won’t turn the computer loose until you log on and pay for the program. Obviously, DO NOT input your credit card information.
Here’s how I cleaned the machine:There are a number of fixes published out on the web. The one using McAfee’s Stinger produced no results. This fix, provided by bleepingcomputer.com, did the trick. There is one catch to all this, however; the program stops the user from booting into safe mode, and once it starts up, it blocks use of everything, including Task Manager. I got around this by simply starting to hit <CTRL+ALT+DEL> as soon as the initial view of the desktop appeared, which got Task Manager started before the malware got hold of the machine. Then I was able to stop the Security Tool process. This can be done either from the Applications tab of Task Manager or the Processes tab (if you don’t see tabs when you open Task Manager, double click on the empty space near the top, and they should show).
The user of this particular computer got stung by opening an e-mail attachment that he thought was a legitimate message from one of his business contacts. The people who generate these things have become extremely crafty, so be sure to be extra careful opening e-mail attachments.