System Tool Virus

Discussion in 'malware problems & news' started by dan323, Mar 11, 2011.

Thread Status:
Not open for further replies.
  1. dan323

    dan323 Registered Member

    Joined:
    Jun 16, 2010
    Posts:
    55
    Hey there.
    I just wanted to put this out there for others to use if needed. My son got a virus on his laptop. He was using Microsoft Security Essentials as his protection. The virus was System tools 2011. I could not open MSE. I downloaded Malwarebytes but I could not open it.I also downloaded SAS and Avast . I ran Avast bootscan and full scan and it found no threats.

    I then ran SAS...Bingo. It found the threat and neutralized it but did not remove it. I then ran MBAM and again Bingo...Mbam found it and REMOVED the threat. In all this took about 3 hours to clean up. A very nasty virus. I also looked to youtube for advice on removing system tool. But I was able to clean it before I needed that help.

    I must admit I was disappointed with MSE for not spotting this as Malware and the Avast for not finding anything at all. ^5 to SAS and Mbam for their good work. I then installed Comodo Internet Security on his laptop and left Mbam and SAS. With the CIS Defense+ and their firewall and the AV I am hoping this will not get through again. I hope this might help someone out there if this happens to them.
     
  2. philby

    philby Registered Member

    Joined:
    Jan 10, 2008
    Posts:
    940
    Just so you and others know, if it's the version of System Tool 2011 that does this to your desktop and prevents you running any executables, tray-ballooning you that the even the TM executable is infected:

    images.jpg

    and with a GUI like this:

    System%20Tool%202011.jpg

    you can kill it with a simple System Restore from safe mode. The first time I saw this, I too spent ages trying to stop it respawning with Prevx + MBAM.

    Since that first time, System Restore has done the trick on 4 machines.

    That's the way to go, assuming the user hasn't turned off SR.

    HTH
     
  3. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I would have scanned and cleaned with an Antivirus Rescue CD (such as the AVIRA Rescue System) first in order to "soften things up". Next I would scan and clean with SAS Portable. Then I would install MBAM and do a scan and clean.
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    You could also try to follow this guide -http://www.bleepingcomputer.com/virus-removal/remove-system-tool
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Me too.
     
  6. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Not really needed for System tool, currently just stopping the autorun will halt the symptoms - that's all it is. If you don't have a tool that will stop System tool on the desktop a renamed mbam or system restore in safemode will do the work.
     
    Last edited: Mar 12, 2011
  7. egomoo

    egomoo Registered Member

    Joined:
    Aug 28, 2007
    Posts:
    115
    If you have little knowledge about Windows system startup items,

    it is very simple to remove those fake AVs.

    You do not need to spend 3 hours scanning with normal antivirus product.

    Just use Hijackthis or safe returner to kill it in 3 minutes
     
Loading...
Thread Status:
Not open for further replies.