"System Tools" Malware - Avoid this one!

[Julie Marie]

I have ESET on my computer.  It's supposed to be the best anti-everything protection against vicious programs.  But this one got by the goalie.

It's called "System Tools" and it claims to be a computer protection program.  You don't have to do much for it to load on your computer.  Simply click on the wrong page.  I never accept any downloads unless I know what it is so this one got through another way.

Once it got onto my computer it prevented me from running any anti-malware programs, disabled Task Manager, disabled my CD drive from running any programs, disabled my email, removed all my desktop icons and any ability to change the blue screen it defaulted to and didn't show up anywhere in the programs list.

Then it started running its own scan and making up all these bogus viruses.  It then told you you have the viruses and you can remove them by clicking on a "clean" button.  What it does from there (and I read this, but did not fall for it) is remove a lot of good files.  Then it prompts you to buy their software to fix your computer.  And it reminds you every ten seconds or so, along with a warning sound.

I could not access sysedit or msconfig.  Nor could I stop the process with Task Manager.  None of the Microsoft protection programs would run.  ESET did not even see it. 

Happily there was a solution, System Restore.  That worked but what I don't know is if the malware is still on my hard drive.  All the detection programs I have couldn't find it.  So it's now a wait and see.

Just wanted everyone to know.  Be very careful.  This is one very diabolical threat.

Julie

[Flan]

free
http://www.microsoft.com/security_essentials/default.aspx

[Washu Chan]

I have run into this one before and it is a doozie to remove.

The fastest and simplest solution I can think of is to reformat the hard drive an start again and restore your important work off backup discs. (I always keep backups, I hate having to rewrite assignments I spent hours working on)

[Dana Lane]

The Anti-Virus companies have a hard time keeping up with detecting malware. The evil doers simply pack the evil file in a way that will make it undetectable by AV. Since the AV company hasn't received a copy of this particular piece of malware it won't detect it for the most part.

Your particular piece of malware sounds like one of those fake antivirus programs but I don't remember them ever going to extremes in disabling everything like that. Most of them simply want you to think it is a good program and to go purchase it. I see this all the time since I do computer security for a living.

You might try to use an online virus scanner. There is a good one at http://housecall.trendmicro.com/
Post Merge: October 25, 2009, 03:55:52 AM

I have run into this one before and it is a doozie to remove.

The fastest and simplest solution I can think of is to reformat the hard drive an start again and restore your important work off backup discs. (I always keep backups, I hate having to rewrite assignments I spent hours working on)

This is the only way you can bring system integrity back to your system.

[gennee]

I've seen it before but didn't download it. I'm suspicious of downloads that I've never heard of. Also too many anti-virus downloads can mess up your hard drive.

Gennee

[Steph]

Buy a Mac 

-={LR}=-

iMac 24"
MacBook Pro 15"

[Matthew J. F]

Get rid of Micro$oft and get yourself Ubuntu linux you get no viruses and no malwares. it's so much stable and it's free.

Micro$oft took ideas off of other operating systems to make windows 7.


Ubuntu 9.10 + a few Compiz effect, Screenlet And Cairo Dock

[lizbeth]

I run windows without any antivirus and I rarely even run a malware scan these days. just use a hosts file and wipe hands on pants.

http://www.mvps.org/winhelp2002/hosts.htm

this is also a nice way of blocking banner ads and completely removed 3rd party cookies. unless of course, you like banner ads (there are people that actually like them, really!)

[Flan]

this is also a nice way of blocking banner ads ...

http://adblockplus.org/en/

[lizbeth]

yea, but you have to use firefox. eeeewwwww...   :-p

[Tammy Hope]

That's worse than my current plague.

The one I have first redirects me from one or two sites (including the forum I visit most often) and when I tried to remedy it it...

redirects me away from sites with programs that might fix it...

the one program I did manage to download it wont let run....

the programs I already have on here get stuck and never finish a scan...

it won't let me into safe mode in the usual fashion and when I do get into safe mode the blocked program still won't run...

and the thing is, of course, undetectable in terms of finding it and deleting it.

I really don't want to reformat the drive because i don't have hardly anything backed up (I know, I know...) and I don't have the spare $$$ right now to get my usual tech guy to clean it up....and most maddening, I tried to use system restore only to find it has been disabled since the last time it was reformatted.

GRRR!!!

I'll be looking into some of the linked sites in this thread tomorrow, maybe I'll get lucky.

[lizbeth]

have you tried hijack this or malware bytes?

[Julie Marie]

Laura, that sounds a lot like what happened with the malware I had.  All I had to do was use system restore and the problem was solved.

[Tammy Hope]

Except that since restore was disabled, there's no "clean" save to go back to.

have you tried hijack this or malware bytes?

hijackthis just creates a log which is greek to me.

malwarebytes is the program that wouldn't run.

[lizbeth]

laura, if you want to post your logs I can help you and tell you what to uncheck. PM if you prefer.

[Tammy Hope]

Apparently it won't let HJT run either....

[qRachelp]

Okay, I'm just gonna say it once: "Next time, buy a Mac.  It will last you 4 times as long, and you won't need anti-virus software because Macs don't accept .exe files."

[lizbeth]

unless, of course, you run boot camp, parallels or any other VM software and then your mac is just as much a liability. ;-)

Laura, HJK wouldn't run, even in safe mode?

[qRachelp]

unless, of course, you run boot camp, parallels or any other VM software and then your mac is just as much a liability. ;-)

I don't even know what "boot camp" is.  What I do know is that I've had my Mac laptop (Mac OS X Version 10.5.eight) for 3 years and it's still going strong with LOTS of room left on it.  I've never been scared to go to ANY site or open ANY email, and it's just been lovely.

[lizbeth]

know what? me either. I haven't had a virus or single piece of malware in well over 15 years, and I visit warez sites a few times a week. As funny as it might sound, the last virus I had was playing around with linux and trying to get virtual box to open a compromised program. hilarity obviously ensued.

Bootcamp is the software that allows you install and run windows programs on your mac. apparently '4 times as long' came up much quicker than you expected because your non intel based mac is at the end of it's lifetime and it's time for a hardware upgrade. neener neener :-p

if the amount of storage is the determining factor, I have 3+ terrabytes spread out over my PC and my Mac only has 500gb, so there LOL