I got this xp security 2011 & it wouldn't let me do anything, so i downloaded malwarebytes onto a USB stick started the infected one up in safe mode, installed & ran malwarebytes. Hey presto no more xp security 2011. BUT I had ro download & run a file association fix in order for Winxp to return to normal. the file association fix can be found here
http://www.dougknox,com go to the WINXP fixes section & look for the File Association Fix entry
It worked for me after trying to get spybot & spyware doctor to remove it & failing miserably
I would give malwarebytes full marks for a great product plus you don't even need to buy the full version in order to get it to work
Since several hours I had the same problem in one of my computers, I tried to follow the suggetions given since I could not anymore work with my browsers because of the infectionand the taking over of what ever it is ( virus worm etc) so I did the same with the USB stick connected it to the computer in safe mode but could not install the malwarebytes on the infected computer, it seems to be infected strongly....
what else can I do in order to save my computer ???
If the virus is not letting you install malwarebytes you need to srop the process of the virus first by removing the following files, start computer in safe mode with networking.
Go to windows explorer ans click on tools, folder options, then click on the view tab, go down to the hidden files and folders seccion and check SHOW HIDDEN FILES AND FOLDERS and uncheck HIDE PROTECTED SYSTEM FILES, then click APPLY and OK.
Now remove the files listed bellow by going to the main hard drive.
Click on the + sign next to my computer my computer, then click on the + sign next to local C drive, then locate the files on documents and settings and delete them, do not restart computer (This action would restore the files from the registry).
The files to be deleted are listed below:
Once these files are removed install MALWAREBYTES, do an update first and then run the program, this link explains what files are removed from your computer. Link removed by Moderator. Stick to known sites such as BleepingComputer when posting links with advise on how to remove malware.
Once computer is free of the virus go back and change the SHOW HIDDEN FILES AND FOLDERS and HIDE PROTECTED SYSTEM FILES
Best of luck to you!
Message was edited by: xavfig on 4/5/11 7:23:49 PM CDT
Message was edited by: xavfig on 4/5/11 7:25:14 PM CDT
on 06/04/11 11:52:36 IST
Follow the instructions in this removal guide in link below, you may need to run rkill first before Malwarebytes will run. rkill will try to kill the malware process that are stopping Malwarebytes from running. Read the whole page first and DO NOT click on the first thing you see.
Thank you for the answers
I acted acording to the process both had suggeted and all the pop up screens etc did not apear except from time to time Mcafee report that the computer is in danger and sugest to operate the online scanning but when it is done it hold only for 1-2 sec and then return to the allert.
beside of that i could not activate any exe files that mean that for example regedit etc does not work and i am asked with what programto activate the exe file. secondly all the icons of the exe programs on the dektop and elsware changed from there original statuss to the icon of the unidentified type of file and as explained before nothing works
i deleated all the files as sugeted in the instructions and ran the super antiapyware program which is a com file and that eventually had detected 2 registery keys that can be a problem
I really do not know what to do...the situation seem to be ditiriorating since all kind of programs and procidures I had on the computer and or downloaded from the net in order to help eliminate the problem does not work ....
how can I solve this circle of proble,s totally
Thank you for your inputs
wow. first of all facebook is not a trusted site. its in the top ten most virus infected sites on the internet. second. ************. i only joined to warn all of you i had the paid version mooching from my friends liscense for the 3rd pc and when the subscription was up he had to wait for a couple weeks for his next paycheck. in the meantime i downloaded AVG free and it found 8 viruses that mcaffee said i didnt have. woohoo mcafee. it is currently the worst antivirus. even worse than norton. try bitdefender, eset, or kaspersky.
Message was edited by: negativzeroe on 4/11/11 9:08:35 AM CDT
also get firefox with adblocker and its popup addon and noscript. because that is how they commonly get on your computer is a script upon entering a page or an ad or a popup.
also i just noticed that they censor my "mcafee. sux". lol
on 4/11/11 9:09:24 AM CDT
I am going to close and lock this thread now. If you are visiting this site and have a new infection of 'Security Tool 2011' please start by using our FakeAlert Stinger. If that doesn't resolve the issue please start a new thread in our Top Threats space and we'll do all we can to help.
Absolutely the worst trojan I have ever experienced. This thing is nasty!
Malwarebytes did find it last night, and I had thought it had removed it. but it’s here again. I also use the sysinternals.com process explorer, which was helpful to find the executable as it was running on the system. However, I can’t actually see the file in explorer or the cmd shell to delete it!
Hopefully the registry keys mentioned in this article will disable it long enough for malware bytes to finish the cleaning.
I lost two days of coding production (so far) to this damned thing!
It appears that Sam forgot to lock this rather old thread. Any new infections please start a new one. If the McAfee solutions don't help there is a removal guide here: http://www.bleepingcomputer.com/virus-removal/remove-security-tool (scroll down as the first links are ads) and they have a special section for reading Hijackthis logs where they can help here.
Message was edited by: Ex_Brit on 27/09/11 6:48:54 EDT AM