"System Tools" Malware - Avoid this one!

[spacial]

I get a lot of really good advice from Computer Interested Types http://computertypes.proboards.com/index.cgi?

It was previously on MSN then moved to proboards in 2008.

I've been a member there for over 10 years now. They have a number of really smart, knowledgeable people so every bit of advice is cross checked by one of them.

Personally, I wouldn't run any invasive software without checking with them first.

[Syne]

M$ actually has a nice set of tools and Kaspersky also has its rescue disk which is pretty good as well.

For rootkits:
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

McAfee has a decent anti-rootkit tool (Rootkit Detective) as well.

Also from the Sysinternals toolkit is autoruns which will list what executables are being launched @ start:
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Kaspersky Rescue Disk:
http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/kav_rescue_2008.iso

This will download an ISO that you will then use a program to create a bootable CD. Reboot the machine and be sure to boot from the CD. Have your Internet connection up and running because the program will update itself.

[Tammy Hope]

The third link didn't work.

I downloaded and ran the first two....and I have no idea what the results mean.

[Syne]

Hmmm, third link works fine for me even though I am on a different computer and on a different browser version and network. Try typing it in because if you can make a bootable CD with that image it can really help out.

But, as for the first two... there are .CHM files included in the zip, those are help files and the info can help you in determining what you are looking at.

For the rootkit revealer, how many entries were returned? Did you save the scan as a text file and, if so, can you post that on here please?

For autoruns, you can Google the names of what is set to start up automatically and see if any come back as known viruses, trojans, etc.

Also there is a Windows SysInternals forum that can be somewhat helpful.

http://forum.sysinternals.com/

[Tammy Hope]

I'll run it again tomorrow and show you the log
Post Merge: January 03, 2010, 04:31:44 PM
I had trouble saving the report in a format i could transfer here (it said it was saving as a txt file but then i couldn't find it...I'm such a dunce on the tech stuff)

So here's a screenshot of the report:




Maybe that will tell you something

[Syne]

Did you run this as a local administrator?

Saving as a text file: File->Save
and then save it to a folder that you can find easily.

Could you do a file search for:
TDSS*.*

and post the results?

[Tammy Hope]

The search found nothing

[EveMarie]

Okay, I'm just gonna say it once: "Next time, buy a Mac.  It will last you 4 times as long, and you won't need anti-virus software because Macs don't accept .exe files."

I wondered when someone was gonna jump in there

iMac here, love it, especially since I hooked the LaCie 1 terabyte external to it via firewire and run "Time machine" daily

just sayin' is all

[NDelible Gurl]

and if you can't afford to buy a mac try one or two flavors of Linux. Those are free and don't accept .exe files also.


Post Merge: January 14, 2010, 11:07:14 AM

and if you can't afford to buy a mac try one or two flavors of Linux. There are over two hundred flavors of Linux so far. Linux doesn't use .exe files and is free to download.

Here are two popular links of Linux you can download and burn to a CD.

Linux Mint

and Ubuntu

Mint has pre-installed audio/video codecs is pretty much the difference. Ubuntu however has a great community and is becoming very easy to use with each release. They also both use very little resources so they are both pretty good with old machines. I recommend burning the ISO image to disk and doing what is called a LiveCD run. That is putting the disc in the computer you are going to test it on and booting it from the CD. It will start and ask if you are testing. This will then run the Operating System from your RAM and CD without any changes to your Hard Drive. I dual-boot so I can choose whatever Microsoft I need or a flavor of Linux on startup. If you ever decide to go this route and need a little help you can ask me

I'll help you out the best I can.

[Chrissty]

Just to say there is another one doing the rounds...."Anti-Virus Live"

This interesting little bug is very similar to "System Tools", but takes things a step further, buy using randomised filenames and re-infection subroutines. Nothing will work, with all ".exe" files being blocked then reported as a virus, and explorer being re-routed to some "interesting" porn sites. Safe mode also ran infected, with malware clearing tools/restore etc. failing as re-infection happened as quickly as cleaning occurred.

OK there is some good news.....well not very good...we did manage to recover the infected laptop by removing the HDD and running it on a Linux machine to retrieve the static data...but a full wipe and re-install of windows and all apps was required to clear the bugs.

[tekla]

Been running an Ibook for 7 years now, on constantly, one freeze, no viruses. 

[sd]

Macs are not impervious and not viruses are an .exe file.

Many, many Windows, Mac and Linux systems are compromised and the owners have no idea. Not all are obvious and if you never check, you never know. Mac owners especially tend to take a head in the sand approach.

Besides, buying a Mac isn't exactly a cheap fix for a virus.

[gothique11]

I fixed that one on someone's computer. Didn't have to reformat or anything. I just killed the process (with a special program) and then used malware bytes. You can also, if you're quick, press cnt-alt-del before the process starts (you have to be fast) and then use malware bytes.

You're lucky you had the system restore work, the one person's computer I was working on (roomie's moms) wouldn't even let a system restore happen.

As for my own computer, I use a mac.

[Nemo]

I hate Macs And Linux is great, except when your PC is a gaming machine or you want to use programs that just won't run on Linux.

My favourite protection is AVG Internet Security. All-in-one anti-virus, anti-rootkit, anti-spyware, firewall, and more importantly, a link scanner, that tells you if a site's dangerous before you click the link. Also has other very helpful goodies

[Hikari]

One doesn't have to have an expensive computer to run Mac OS. Recently I just switched my netbook from Mac OS Snow Leopard. Operating systems like anything else that is software are a bit of a subjective choice.

Mac OS works fine on my MSI Wind u100 but, I never really liked the interface as much as my normal linux setup (openbox, tint2, wbar,xcompmgr). Being able to run things that have official ports was nice though.

Truth be told, I have never had a problem running any major operating system that wasn't Windows with regards to viruses. Ecomstation was nice, and ran 16-it windows programs. Solaris was good, just not great hardware compatibility, BSD seems to work as well as linux, but there does seem to be less hardware that works with it as well.

In any case Linux Mint, (ubuntu based distro with nonfree codecs installed by default) MEPIS, (debian based, no beta software) or Mandriva are really peoples best bet for a cheap operating system that is user friendly and resistant to all of those viruses and spyware that seem to plague the Windows world.

[michelle]

I have had this problem and I ran restore from dos by pushing f8 or f1 or  something while your computer is booting up.  This was with windows Vista.   Look in your manual.   I think I also solved it by running the choice of the last working operating system.   I don't remember exactly.   I just read and push buttons until it works.   Sooner or later it does.   Check on the manual for the windows version you have.   You can find different versions from Windows for dummies to more complicated manuals.