System Tool Virus

Hey there.
I just wanted to put this out there for others to use if needed. My son got a virus on his laptop. He was using Microsoft Security Essentials as his protection. The virus was System tools 2011. I could not open MSE. I downloaded Malwarebytes but I could not open it.I also downloaded SAS and Avast . I ran Avast bootscan and full scan and it found no threats.

I then ran SAS...Bingo. It found the threat and neutralized it but did not remove it. I then ran MBAM and again Bingo...Mbam found it and REMOVED the threat. In all this took about 3 hours to clean up. A very nasty virus. I also looked to youtube for advice on removing system tool. But I was able to clean it before I needed that help.

I must admit I was disappointed with MSE for not spotting this as Malware and the Avast for not finding anything at all. ^5 to SAS and Mbam for their good work. I then installed Comodo Internet Security on his laptop and left Mbam and SAS. With the CIS Defense+ and their firewall and the AV I am hoping this will not get through again. I hope this might help someone out there if this happens to them.

 

Just so you and others know, if it's the version of System Tool 2011 that does this to your desktop and prevents you running any executables, tray-ballooning you that the even the TM executable is infected:



and with a GUI like this:



you can kill it with a simple System Restore from safe mode. The first time I saw this, I too spent ages trying to stop it respawning with Prevx + MBAM.

Since that first time, System Restore has done the trick on 4 machines.

That's the way to go, assuming the user hasn't turned off SR.

HTH

 

I would have scanned and cleaned with an Antivirus Rescue CD (such as the AVIRA Rescue System) first in order to "soften things up". Next I would scan and clean with SAS Portable. Then I would install MBAM and do a scan and clean.

 

You could also try to follow this guide -http://www.bleepingcomputer.com/virus-removal/remove-system-tool

 

Me too.

 

Not really needed for System tool, currently just stopping the autorun will halt the symptoms - that's all it is. If you don't have a tool that will stop System tool on the desktop a renamed mbam or system restore in safemode will do the work.

 

If you have little knowledge about Windows system startup items,

it is very simple to remove those fake AVs.

You do not need to spend 3 hours scanning with normal antivirus product.

Just use Hijackthis or safe returner to kill it in 3 minutes