I also had this problem but twice in 2 days on my daughters laptop. First time the program was called System Protection, second time it was Windows 7 Anti-virus. Second one was worse. Malwarebytes cleared the first one when I downloaded and ran it in Safe Mode. The second one hit and it also ran in Safe Mode. I could not use System Restore, acces sthe internet or almost anything, could not run Malwarebytes. On one occasion I did manage to access the internet and went to the Malwarebytes website and immediately got a warning message from the rogue program about the site was dangerous and it shut IE8 down. Yes of course it was dangerous, to the rogue program! I could see the thing in Task Manager, 4 files marked xbm.exe, but every time I ended the process it switched back on immediately I tried to run malwarebytes. I kept getting a McAfee popup saying McAfee was turned off. I clicked on the Turn On button and it instantly turned off again. I eventually got rid of the thing, by luck not skill, with a combination of the CMD line and Safe Mode. Three scans with Malwarebytes since then have reported a clean computer though I am very reluctant to go back online with it. In fact, I have not connected to the internet since and I will get a professional IT guy to check the laptop out before I do. Might even restore the laptop to factory default with a full reinstall to be safe.
Considering this has been reported as a problem since December 2010 on this forum alone, I think it is disgraceful that McAfee has not addressed this and sorted out an answer. Does not make me want to renew my subscription.
Just to add, when I first downloaded and ran Malwarebytes, it was the free version that only cleans things after they have hit. I think it is a great program and I have now paid for the full version so that it actively scans my computer and protects me before the malware strikes. I wanted to clear that up in case anyone thought that Malwarebytes had failed in its job. It hadn't.
I got this xp security 2011 & it wouldn't let me do anything, so i downloaded malwarebytes onto a USB stick started the infected one up in safe mode, installed & ran malwarebytes. Hey presto no more xp security 2011. BUT I had ro download & run a file association fix in order for Winxp to return to normal. the file association fix can be found here
http://www.dougknox,com go to the WINXP fixes section & look for the File Association Fix entry
It worked for me after trying to get spybot & spyware doctor to remove it & failing miserably
I would give malwarebytes full marks for a great product plus you don't even need to buy the full version in order to get it to work
Since several hours I had the same problem in one of my computers, I tried to follow the suggetions given since I could not anymore work with my browsers because of the infectionand the taking over of what ever it is ( virus worm etc) so I did the same with the USB stick connected it to the computer in safe mode but could not install the malwarebytes on the infected computer, it seems to be infected strongly....
what else can I do in order to save my computer ???
If the virus is not letting you install malwarebytes you need to srop the process of the virus first by removing the following files, start computer in safe mode with networking.
Go to windows explorer ans click on tools, folder options, then click on the view tab, go down to the hidden files and folders seccion and check SHOW HIDDEN FILES AND FOLDERS and uncheck HIDE PROTECTED SYSTEM FILES, then click APPLY and OK.
Now remove the files listed bellow by going to the main hard drive.
Click on the + sign next to my computer my computer, then click on the + sign next to local C drive, then locate the files on documents and settings and delete them, do not restart computer (This action would restore the files from the registry).
The files to be deleted are listed below:
- %Documents and Settings%\[User Name]\Local Settings\Application Data\[random].exe
- %Documents and Settings%\[All Users]\[random]
- %Documents and Settings%\[All Users]\Application Data\[random]
- %Documents and Settings%\[User Name]\Templates\[random]
Once these files are removed install MALWAREBYTES, do an update first and then run the program, this link explains what files are removed from your computer. Link removed by Moderator. Stick to known sites such as BleepingComputer when posting links with advise on how to remove malware.
Once computer is free of the virus go back and change the SHOW HIDDEN FILES AND FOLDERS and HIDE PROTECTED SYSTEM FILES
Best of luck to you!
Message was edited by: xavfig on 4/5/11 7:23:49 PM CDT
Message was edited by: xavfig on 4/5/11 7:25:14 PM CDT
Follow the instructions in this removal guide in link below, you may need to run rkill first before Malwarebytes will run. rkill will try to kill the malware process that are stopping Malwarebytes from running. Read the whole page first and DO NOT click on the first thing you see.
Thank you for the answers
I acted acording to the process both had suggeted and all the pop up screens etc did not apear except from time to time Mcafee report that the computer is in danger and sugest to operate the online scanning but when it is done it hold only for 1-2 sec and then return to the allert.
beside of that i could not activate any exe files that mean that for example regedit etc does not work and i am asked with what programto activate the exe file. secondly all the icons of the exe programs on the dektop and elsware changed from there original statuss to the icon of the unidentified type of file and as explained before nothing works
i deleated all the files as sugeted in the instructions and ran the super antiapyware program which is a com file and that eventually had detected 2 registery keys that can be a problem
I really do not know what to do...the situation seem to be ditiriorating since all kind of programs and procidures I had on the computer and or downloaded from the net in order to help eliminate the problem does not work ....
how can I solve this circle of proble,s totally
Thank you for your inputs
wow. first of all facebook is not a trusted site. its in the top ten most virus infected sites on the internet. second. ************. i only joined to warn all of you i had the paid version mooching from my friends liscense for the 3rd pc and when the subscription was up he had to wait for a couple weeks for his next paycheck. in the meantime i downloaded AVG free and it found 8 viruses that mcaffee said i didnt have. woohoo mcafee. it is currently the worst antivirus. even worse than norton. try bitdefender, eset, or kaspersky.
I am going to close and lock this thread now. If you are visiting this site and have a new infection of 'Security Tool 2011' please start by using our FakeAlert Stinger. If that doesn't resolve the issue please start a new thread in our Top Threats space and we'll do all we can to help.
Absolutely the worst trojan I have ever experienced. This thing is nasty!
Malwarebytes did find it last night, and I had thought it had removed it. but it’s here again. I also use the sysinternals.com process explorer, which was helpful to find the executable as it was running on the system. However, I can’t actually see the file in explorer or the cmd shell to delete it!
Hopefully the registry keys mentioned in this article will disable it long enough for malware bytes to finish the cleaning.
I lost two days of coding production (so far) to this damned thing!