Advanced Security Tool 2010 is a new rogue antispyware program that distributed by fake online malware scanners. These scanners will report that your computer is infected with a lot of infections and that you must install a software to clean your computer. This software is a trojan, which once started will download and install the rogue onto your computer without your permission and knownledge.
During installation, Advanced Security Tool 2010 configures itself to run automatically when Windows loads. Once started, it will imitate a scan of your PC and detect numerous infections (trojans, backdoors and malware) that will not be fixed unless you first purchase the program. Important to know, all of these reported infections are fake, so you can safely ignore the scan results.
Last but not least, while the rogue is running, it will display various fake security warnings. These warnings states:
Trojan detected!
A piece of malicious of code was found in your system which
can replicate itself if no action is tacken.
FIREWALL WARNING
Hidden file transfer to remote host was detected
Advanced Security Tool 2010 has detected that somebody is
trying to transfer your private data via Internet. We strongly
recommend you to block the attack immediately.
Warning
WARNING! Advanced Security Tool has found 24
useless and UNWANTED files on your computer!
Of course, these warnings are all fake and like false scan results should be ignored!
As you can see, Advanced Security Tool 2010 is a scam and should be removed from your computer upon detection. Do not be fooled into buying the program! Instead of doing so, follow the removal guidelines below in order to remove Advanced Security Tool 2010 and any associated malware from your computer for free.
More screen shoots of Advanced Security Tool 2010
Symptoms in a HijackThis Log
F2 – REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\ntload.exe
O2 – BHO: BrcWiz Class – {80c10400-59cb-4c79-97ce-cc693103afca} – %UserProfile%\Application Data\scan.dll
O4 – HKLM\..\Run: [rundll32] C:\WINDOWS\system32\ntload.exe
O4 – HKCU\..\Run: [rundll32] C:\Documents and Settings\comp\rundll32.exe
O4 – HKCU\..\Run: [AdvSecTool] “%UserProfile%\Application Data\asectool.exe”
Use the following instructions to remove Advanced Security Tool 2010 (Uninstall instructions)
Download HijackThis from here. Once Save dialog opens, please rename HijackThis.exe to iexplore.exe as shown below.
Save Dialog – HijackThis.exe
Save Dialog – iexplore.exe
Click Save button to save it.
Run HijackThis. Click “Do a system scan only” button. Now select the following entries by placing a tick in the left hand check box, if present:
F2 – REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\ntload.exe
O2 – BHO: BrcWiz Class – {80c10400-59cb-4c79-97ce-cc693103afca} – %UserProfile%\Application Data\scan.dll
O4 – HKLM\..\Run: [rundll32] C:\WINDOWS\system32\ntload.exe
O4 – HKCU\..\Run: [rundll32] C:\Documents and Settings\comp\rundll32.exe
O4 – HKCU\..\Run: [AdvSecTool] “%UserProfile%\Application Data\asectool.exe”
Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Advanced Security Tool 2010 infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Advanced Security Tool 2010 removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Advanced Security Tool 2010 removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Advanced Security Tool 2010 creates the following files and folders
%UserProfile%\Application Data\asectool.exe
%UserProfile%\Application Data\scan.dll
%UserProfile%\Application Data\secmof.tmp
%UserProfile%\Desktop\Advanced Security Tool 2010.LNK
%UserProfile%\Start Menu\Advanced Security Tool 2010.LNK
%WinDir%\system32\ntload.exe
%UserProfile%\rundll32.exe
Advanced Security Tool 2010 creates the following registry keys and values
HKEY_CURRENT_USER\Software\Advanced Security
HKEY_CLASSES_ROOT\BrcWizApp.BrcWiz
HKEY_CLASSES_ROOT\BrcWizApp.BrcWiz.1
HKEY_CLASSES_ROOT\CLSID\{80c10400-59cb-4c79-97ce-cc693103afca}
HKEY_CLASSES_ROOT\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}
HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKEY_CLASSES_ROOT\TypeLib\{58B4E0F5-F122-4C02-B038-C482D998486A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80c10400-59cb-4c79-97ce-cc693103afca}
HKEY_CURRENT_USER\Software\Microsoft | adver_id = “29”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations | LowRiskFileTypes = “.exe;”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AdvSecTool
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | rundll32
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell = “%UserProfile%\Application Data\asectool.exe” /sn”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system | EnableLUA = “0”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | rundll32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell = “explorer.exe C:\WINDOWS\system32\ntload.exe”
