Fake "Security Tool" wanting $79.95 to clear viruses but itself IS the problem!

[franktee77]

I subscribe to the free Avast antivirus software but I only get through about 62% of the full scan when a Windows blue screen appears saying it's shutting down my computer to avoid damage, due to a problem with SPCMDCOM.sys

The reason for trying a scan is that I have persistent messages from "Security Tool" (which have not seen before today) warning of infections and transferring me to a page inviting credit card details to pay $79.95 to clear them. I think it itself is the problem.  It appears as full screen so can't see originating website name. Have now found it on computer as type of file: application(.exe) in appdata\local.

It's preventing me downloading anything including malware removal.

Have opened Windows7 in safemode and it's not there, but as it's not there I can't remove it in safe mode either! 

When I try to delete the Application ( which shows as 967kb)it won't let me because it says its program is still running.
Can anyone advise how to get rid of it please?       Many thanks

[DavidR]

Check out the information on its removal in this link, http://www.bleepingcomputer.com/virus-removal/remove-security-tool.

[Jtaylor83]

If you have another non-infected computer, please download ISOBurner. This will be needed to burn OTLPE onto a blank CD. Just install the program, it is fairly automatic. Instructions

Next

* Download OTLPE by Oldtimer and burn it using ISO Burner. NOTE: This file is 292 MB in size, so it will take some time to download.
* When downloaded double click and this will then open ISOBurner to burn the file to CD.
* Reboot your system using the boot CD you just created.
Note: If you don't know how to set your computer to boot from CD. follow these steps here.

* Your system now should display a REATOGO-X-PE desktop.
* Double click on the OTLPE icon.
* When asked "Do you wish to load the remote registry?", select Yes.
* When asked "Do you wish to load remote user profile for scanning?", select Yes.
* Ensure the box "Automatically Load All Remaining Users" is checked and press OK.
* OTL should now start. Change the following settings
* Change Drivers to Non-Microsoft
* Press Run Scan to start the scan.
* When finished, the file will be saved in drive C:/OTL.txt
* Copy file to your USB drive if you do not have internet connection on this system.
* Please attach the contents of the C:/OTL.txt file in your next reply.

[Atani]

Step 13: Once the file has been downloaded, open the C:\program files\Malwarebytes' Anti-Malware\ folder and double-click on the file you downloaded in step 14. MBAM will now start and you will be at the main program screen as shown below.

I think the bolded text should be "in step 12"

[franktee77]

I tried the website www.bleepingcomputers.com/virus-removal/remove-security-tool as suggested by the first reply. Following its advice,going into "safe mode with networking" meant that I could now download (which had been prevented in normal mode by the scam "security tool"). And the downloaded malwarebytes' antimalware worked. If it hadn't,I'd have tried your solution,Jtaylor83 - I can see the sense of having a rescue on CD.

Thanks again.

[DavidR]

You're welcome.

I have noticed that the link itself is now pointing to another source, being redirected from bleepingcomputers.com to computertrainingcenterr.info, weird.

I wonder why that is as I get a strange feeling especially when I see the spelling of the domain name (two rr in centerr.info), when there is also a computertrainingcenter.info domain that is unrelated.

Edit:  further update, the bleepingcomputers.com link is working again, weird.

[speckledbird]

http://www.techjaws.com/how-to-remove-security-tool-virus/

About 3 months ago, my mothers computer was infected with Security Tool(fake antivirus). 

I found my answers at this site.  What worked for me.  I would start mom's computer and while it was starting I would hold down, ctrl, alt and delete.  It took 3 tries but I was able to stop the security tool from loading, when the taskmanager appeared, I clicked to stop security tool.
While it was stopped, I did a system restore and was able to go back to earlier date before infection. It worked.
Then I updated my free Malwarebytes and ran it and removed a trojan.  Then updated my SuperAntiSpyware and ran it and removed other spyware.
Updated my Avast(it was updated) ran it and came back clear.
Ran Malwarebytes and SAS again, all was fine.  So then I turned off system restore to clear it and then turned it back on and made a new restore point.

Read the info at the link above and I hope you are able to remove this terrible Security Tool.
Wishing you much success.  Becky