Quote from: Julie Marie on October 09, 2009, 05:40:43 PM
I have ESET on my computer. It's supposed to be the best anti-everything protection against vicious programs. But this one got by the goalie.
It's called "System Tools" and it claims to be a computer protection program. You don't have to do much for it to load on your computer. Simply click on the wrong page. I never accept any downloads unless I know what it is so this one got through another way.
Once it got onto my computer it prevented me from running any anti-malware programs, disabled Task Manager, disabled my CD drive from running any programs, disabled my email, removed all my desktop icons and any ability to change the blue screen it defaulted to and didn't show up anywhere in the programs list.
Then it started running its own scan and making up all these bogus viruses. It then told you you have the viruses and you can remove them by clicking on a "clean" button. What it does from there (and I read this, but did not fall for it) is remove a lot of good files. Then it prompts you to buy their software to fix your computer. And it reminds you every ten seconds or so, along with a warning sound.
I could not access sysedit or msconfig. Nor could I stop the process with Task Manager. None of the Microsoft protection programs would run. ESET did not even see it.
Happily there was a solution, System Restore. That worked but what I don't know is if the malware is still on my hard drive. All the detection programs I have couldn't find it. So it's now a wait and see.
Just wanted everyone to know. Be very careful. This is one very diabolical threat.
Julie
Yeah, this one is a fun one (being sarcastic).
System Restore is generally the easiest method for disabling it. However, it will still reside on your hard drive, waiting to be activated again, usually by some rogue site.
To get rid of it for good, go here
http://www.softsailor.com/downloads/8726-malwarebytes-anti-malware.html and download MalwareBytes Anti Malware. It will locate all the malware, including the little nasty you mentioned, show them to you, and ask you what you want to do next (I recommend the "delete" option). It will then be off your hard drive as well.
An option to System Restore is logging onto Windows in "Safe" mode, which disables everything except that which is needed to run your machine, in order to get around the malware's built in protections, and then run the tool I mentioned. System Restore, if you have the time (I suggest making the time) does have one advantage over Safe Mode, in that it removes the malware's registry entries prior to running the tool, simplifying things considerably.
Hope this helps.