One of my wife's co-workers was infected by the 'Security Tools' malware. You know the drill: Security Tools tells her that her PC has mass infections and for X dollars they'll remove it. It's bogus, because the only infection is from Security Tools.

My wife is bringing her friend's PC home tonight for me to have a go at. I got hit with one of these a few months ago, but I take an image backup once a week, so I simply restored and was back in the game in about 15 minutes. I asked her co-worker to try to dig up any Recovery CD/DVD that might have been provided with the PC, but she wasn't sure if she had one.

So two questions:
1) Has anyone had success removing this specific extortionware: Security Tools ? If so, how did you do it ?
2) The PC in question is a Compaq Presario. In the absence of a Recovery CD, is there a Recovery Partition on Presarios ? If so, how do you get into it ? Which function key ? Any hints on procedure ?

It's a 4YO machine and the owner just uses it to surf the net and exchange emails. Since there's nothing on the machine she absolutely needs, a full restore/recovery is my preferred method (I reinstall the OS on my primary PC at least once a year whether it needs it or not).

Many of you guys are pretty sharp with this stuff. Any comments on your experience would be appreciated.

I completely re-formatted everything as all other attempts failed. I had the same virus...the Tools thing. Best friend is an IT guy and he said the best remedy is a total re-format, although I am sure alternatives exist. It's a pain as you have to reload your entire desktop and the icons, which I hope you save to a thumb drive....good luck.

Yep. On the phone, I told her how to right-click on My Computer to find out which OS she was running, but all her desktop icons were gone. From some searches, I discovered that this is a particularly insidious piece of malware. One post pointed out at least 9 different hooks into the OS and Registry. So a reformat/reinstall is definitely the preferred method, if possible.

BTW, the PC in question is a Compaq Presario laptop. I had one about 10 years ago, but this is a @2006 vintage machine.

When you continue to use Internet Explorer, you will always be vulnerable.

Firefox Browser (http://firefox.com/)

Even with a recovery partition, at best you're gonna get essentially a system set back to square one so might as well wipe it out. Try to transfer any important files to an external drive (and make sure they are not infected before putting them back). You can mount the thing with a Linux "live cd" just for copying files in a context where they can't do any damage. Then reinstall, set up better security, and restore what you can...

When you continue to use Internet Explorer, you will always be vulnerable.

Firefox Browser (http://firefox.com/)

I plan to install Firefox on her system, make it the default browser, and try to import her IE bookmarks. It wouldn't surprise me if she's running IE6.

She said there are no files she really needs, but she'd probably appreciate it if I could save her bookmarks and address book. I have a couple of distros on Live CD for that very purpose.

I'd thought I'd try to remove the infection first. I'll give it an hour -- TOPS.

http://www.softsailor.com/how-to/8723-how-to-remove-security-tool-virus-malware-removal-guide.html

http://www.bleepingcomputer.com/virus-removal/remove-security-tool

Not sure if this will be helpful but you can try it.

Just thought, why not try a shredder program on her emails. That is probably how she got it.

Maybe I'm wrong but doesn't those kind of programs have to stay together to work?

Like I said, just a thought

Yep. On the phone, I told her how to right-click on My Computer to find out which OS she was running, but all her desktop icons were gone. From some searches, I discovered that this is a particularly insidious piece of malware. One post pointed out at least 9 different hooks into the OS and Registry. So a reformat/reinstall is definitely the preferred method, if possible.

BTW, the PC in question is a Compaq Presario laptop. I had one about 10 years ago, but this is a @2006 vintage machine. I have Compaq tower from 2006. On it, the recovery is under Start >All programs > PC Help and Tools > Compaq System Recovery. Good luck.

Decided to do a destructive recovery. On this particular model, F11 gets there. I don't know how long it would have taken me to remove the malware and no guarantee I would have been completely successful. Managed to save her pics, music and bookmarks to a flash drive.

Will install Firefox, make it the default, and set the options to what I use.

FWIW, the infected PC was running Windows XP SP2 with IE6, an invitation to disaster if there ever was one.

Owner said she doesn't normally use Facebook, but Security Tools first appeared just after she visited the site to view a business page.

The web searches I did revealed that most of the victims of this malware (at least those who complained or sought assistance) were Facebook users. I had heard the site was a big source of infections, but the NY Times has gotten infected too.

It's amazing how many pure, unadulterated scumbags are out there.

LINUX, anyone ?

And yet still some websites require you to use IE.......that is totally irresponsible.