We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

System Tool Virus-Please review Hijack This LOG

sumeet
sumeet Posts: 298 Forumite
edited 2 March 2011 at 12:01AM in Techie Stuff
Hi, can anyone help me with my virus problem. Some messages came on my screen yesterday and I tried to close them down but was unable and then the virus took hold of the desktop with a message saying it had become affected and various scary messages on the background behind my icons on a background of 0,1s across the screen.

On 2nd boot up it had messages offering solutions for amounts in $s to get rid of the virus. Tried clicking on Malware Bytes(MWB) in normal mode but it said it could not find the .exe file. Had to forceclose the PC as shut down also not working.

Then I tried working in safe mode and then ran both MWB & MacAfee on full scans but both these came back after doing full scans saying nothing infected found. However problem is still there in normal mode and I lose control fairly quickly on booting up with various ‘System Tools’ messages flashing. Tried MWB again this morning but nothing found. Do not have any other virus scanners installed and I cannot use the internet in Safemode to download any. Emailing this message from my phone.

Can anyone help me please on what I can try when I get home later.
«134

Comments

  • aerostar
    aerostar Posts: 1,737 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    edited 1 March 2011 at 10:36AM
    If you look at this forums list of topics, there are multiple threads on this malware with information how to remove it.

    Here is some information

    http://www.bleepingcomputer.com/virus-removal/remove-system-tool
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Is malwarebytes upto date and did you run a full scan?
    :idea:
  • sumeet
    sumeet Posts: 298 Forumite
    aliEnRIK wrote: »
    Is malwarebytes upto date and did you run a full scan?


    Probably no to 'up to date' but yes did run full scan on all drives in safe mode.

    Have seen other threads but if I am downloading on my phone, which other tool is best to download and can it be run from phone via USB link in Safe mode because Normal mode is not operational.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Then your 1st port of call should be to UPDATE and then run another FULL scan
    :idea:
  • sumeet
    sumeet Posts: 298 Forumite
    aliEnRIK wrote: »
    Then your 1st port of call should be to UPDATE and then run another FULL scan


    Will it let me update MWB in safe mode? Or to access internet, do I need to access via 'safe mode with networking' and change the proxy like in the bleeding article link above?
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Safe mode with networking

    If that fails then try http://download.bleepingcomputer.com/reg/antivirus-vista-2010/FixExe.reg (Nothing will visually happen)
    And try again

    If still no good then 'rkill' should help from the post above
    :idea:
  • patman99
    patman99 Posts: 8,532 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker Photogenic
    The latest variant seems to be immune to Malwarebytes as a friend of mine found-out on Sunday when trying to remove the 'System Tools' rogue-ware from a computer. I suggested combofix, but that also failed to find it. In the end and out of shear desperation, he tried IOBit's Advanced System Care and 'System Tools' was no more.

    I will say however, that this nasty piece of rogue-ware will leave your PC running slowly as it trashes certain registry keys and file links. It is also intelligent-enough to block access at BIOS level to the system restore and diagnostics hidden partitions that some manufacturers install on their computers in place of shipping the proper discs.
    Never Knowingly Understood.

    Member #1 of £1,000 challenge - £13.74/ £1000 (that's 1.374%)

    3-6 month EF £0/£3600 (that's 0 days worth)

  • sumeet
    sumeet Posts: 298 Forumite
    patman99 wrote: »
    The latest variant seems to be immune to Malwarebytes as a friend of mine found-out on Sunday when trying to remove the 'System Tools' rogue-ware from a computer. I suggested combofix, but that also failed to find it. In the end and out of shear desperation, he tried IOBit's Advanced System Care and 'System Tools' was no more.

    I will say however, that this nasty piece of rogue-ware will leave your PC running slowly as it trashes certain registry keys and file links. It is also intelligent-enough to block access at BIOS level to the system restore and diagnostics hidden partitions that some manufacturers install on their computers in place of shipping the proper discs.

    Wary of trying anything advanced like combofix and Advanced System Care as don't want to accidently delete anything. Therefore before calling an expert in I will try the MWB update tonight via safe networking mode and then the fixrege and RKill options. Is there anything to be wary of these on these particular programs or anything else that as a novice I can try/
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    edited 1 March 2011 at 2:33PM
    sumeet wrote: »
    Wary of trying anything advanced like combofix and Advanced System Care as don't want to accidently delete anything. Therefore before calling an expert in I will try the MWB update tonight via safe networking mode and then the fixrege and RKill options. Is there anything to be wary of these on these particular programs or anything else that as a novice I can try/

    combofix shouldnt be taken lightly, but it very rarely removes anything it shouldnt

    Calling an 'expert' (which we clearly must not be) could mean that they decide to wipe your drive and all data anyways

    Fixreg simply changes a registry which is nothing. Rkill attempts to free the computer to allow malwarebytes etc to run. Again, nothing really
    :idea:
  • patman99
    patman99 Posts: 8,532 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker Photogenic
    OP, have faith in the advice being given. The only thing you will find after the nasty has gone is your PC may run very slowly and trying to run certain programs by clicking on their icons or selecting them from the start menu causes the PC to crash or reset. This is very easy to fix. Just use the in-built 'System Restore' function to roll-back to the last restore point and away you go again. BTW, I'd ditch Macaffee AV if I were you, it is one of the few that failed to recognise this piece of rogue ware and deal with it.

    Just out of interest (and to see if there really is a common link) were you visiting Ebay, Amazon, Match.com or Facebook when the nasty downloaded and installed itself?.
    Never Knowingly Understood.

    Member #1 of £1,000 challenge - £13.74/ £1000 (that's 1.374%)

    3-6 month EF £0/£3600 (that's 0 days worth)

This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 347K Banking & Borrowing
  • 251.5K Reduce Debt & Boost Income
  • 451.7K Spending & Discounts
  • 239.3K Work, Benefits & Business
  • 615.1K Mortgages, Homes & Bills
  • 175K Life & Family
  • 252.6K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.