Vinoo, thanks for taking a look at this. My other post was:
Hi, My laptop was also attacked by System Tool 2011. I have ran McAfee in Safemode and it was stopped half way through scan. I cannot seem to access the mcafee website. I read through the other posts and they are over my head... Please help it is finals week for my school!
Oh and now I cannot open McAfee at all!
Here is my results from Getsusp. Thanks
and Vinoo reply was:
Your machines do not appear to be actively infected based on the GetSusp logs posted.
What are the symptoms you are experiencing that makes you believe your machine is infected? Please start a new thread under home user assistance section and we'll be happy to help.
My symptoms when it first got on my computer was as a fake anti-virus scan. It took over the desktop backdrop, put an icon on my desktop "System Tool 2011" and lots of popups. It also blocked my internet assess to mcafee and norton. I got Mcafee running in safe mode but it stopped working about half way through the scan. Spybot ran and quarentined some stuff (not sure what).
My desktop backdrop is back to normal,the popups have stopped, but the icon is still there, ctrl+alt+delete will not work, and my internet access to some sites is blocked.
I am not sure what to do. Thanks for your help!
Yes I had the same file (malware in my laptop.
The remedy is to sign on as first one user which gets the file System Tool 2011 going,
then switch users (but don't log-off).
When you logon as a second user QUICKLY use the taskmanager CTRL ALT DEL to stop the following process
switch back to the first user and open file manager to view ALL HIDDEN FOLDERS AND FILES
Look in Cprogramdata (folder) and delete the above FILE and any other files in the folder !!
Then delete the entire folder and restart your antivirus software
You can find the System Tool's main exe details by going to another users login because it affects only one particular account or by going in safe mode. Find the location of the 1Hgfsef48.exe (something like that) from task manager (show all users processes) and the name will be a random list of letters. Kill the .exe and then the folder (usually of the same name) under C:\Documents and Settings\All Users\Application Data\1Hgfsef48. This should stop System Tool scanner. Then scan your computer with MalwareBytes antimalware or Hitman Pro to remove the remains of additionally installed malware. Both programs are free.