System Tool Virus

Discussion in 'malware problems & news' started by dan323, Mar 11, 2011.

Thread Status:
Not open for further replies.
  1. dan323

    dan323 Registered Member

    Jun 16, 2010
    Hey there.
    I just wanted to put this out there for others to use if needed. My son got a virus on his laptop. He was using Microsoft Security Essentials as his protection. The virus was System tools 2011. I could not open MSE. I downloaded Malwarebytes but I could not open it.I also downloaded SAS and Avast . I ran Avast bootscan and full scan and it found no threats.

    I then ran SAS...Bingo. It found the threat and neutralized it but did not remove it. I then ran MBAM and again Bingo...Mbam found it and REMOVED the threat. In all this took about 3 hours to clean up. A very nasty virus. I also looked to youtube for advice on removing system tool. But I was able to clean it before I needed that help.

    I must admit I was disappointed with MSE for not spotting this as Malware and the Avast for not finding anything at all. ^5 to SAS and Mbam for their good work. I then installed Comodo Internet Security on his laptop and left Mbam and SAS. With the CIS Defense+ and their firewall and the AV I am hoping this will not get through again. I hope this might help someone out there if this happens to them.
  2. philby

    philby Registered Member

    Jan 10, 2008
    Just so you and others know, if it's the version of System Tool 2011 that does this to your desktop and prevents you running any executables, tray-ballooning you that the even the TM executable is infected:


    and with a GUI like this:


    you can kill it with a simple System Restore from safe mode. The first time I saw this, I too spent ages trying to stop it respawning with Prevx + MBAM.

    Since that first time, System Restore has done the trick on 4 machines.

    That's the way to go, assuming the user hasn't turned off SR.

  3. TheKid7

    TheKid7 Registered Member

    Jul 22, 2006
    I would have scanned and cleaned with an Antivirus Rescue CD (such as the AVIRA Rescue System) first in order to "soften things up". Next I would scan and clean with SAS Portable. Then I would install MBAM and do a scan and clean.
  4. m00nbl00d

    m00nbl00d Registered Member

    Jan 4, 2009
    You could also try to follow this guide -
  5. J_L

    J_L Registered Member

    Nov 6, 2009
    Me too.
  6. Meriadoc

    Meriadoc Registered Member

    Mar 28, 2006
    Not really needed for System tool, currently just stopping the autorun will halt the symptoms - that's all it is. If you don't have a tool that will stop System tool on the desktop a renamed mbam or system restore in safemode will do the work.
    Last edited: Mar 12, 2011
  7. egomoo

    egomoo Registered Member

    Aug 28, 2007
    If you have little knowledge about Windows system startup items,

    it is very simple to remove those fake AVs.

    You do not need to spend 3 hours scanning with normal antivirus product.

    Just use Hijackthis or safe returner to kill it in 3 minutes
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.