Hi. I have read through similar threads on this new "FakeAlert" malware called SYSTEM TOOL. I believe it came from Facebook, though I was not the one that was using it at the time - so I cant be certain. It basically does the usual annoying things - installs itself, puts an icon on my desktop, then pops up that you have a "virus" it disabled McAfee and will not allow me to run any application at all, not even my snipping tool because I tried to capture a picture of the pop up. It just says that the file is infected and I need to of course run the software and purchase the antivirus software. I was able to switch users to another user that is not affected. However, AV and Malwarebytes does not detect anything wrong with my system, even though its obvious there is. I was tempted to just do a system restore from last week - but figured these buggers probably put a copy there as well - so I would rather find it and get rid of it.
i could see that you had posted elsewhere requesting for assistance. It would be great if you stick to one post to ensure that you get maximum attention in provided to all the users posting.
Posting more threads will only delay any help coming your way as the helper would get bogged down trying to answer all open posts ( not to mention the confusion this is going to cause).
Hope this helps
Upon reading the other posts, you had asked the person to create a new thread - so I wasnt sure what to do. Shall I continue with this thread or the other one? Malwarebytes did detect the program System Tools 2011, said it removed it - and yet I rebooted and just logged on to the other user (the infected files) and its worse than ever - now my entire wallpaper is the "your're (spelled wrong) computer is infected"
you may post in this same thread.
I am not surprised by the lack of detection there... eventhough I love that application it seems to be detecting files / location it already known and is not based on othjer advanced detection techniques.
here is what you could do...
Read this document and perform the indicated steps.
ideally we could start off by Running the latest version of stinger and update the logs of the same in next reply
That Required reading document is a waste. When you go to the section on how to send a virus file to macafee - the link is dead.
I just finished cleansing this from my computer.
McAfee - useless - third time this year. I'm done with it after more than 15 years, they just dont measure up anymore.
Malwarebytes found the link in the startup file that was bad, but not the actual file. Once I found the file Malwarebytes at least recogonized it as a virus - McAfee blithley declares it clean.
The file was located in a hidden folder (hidden directory C:\programdata\pDaLd06309 - which i have to believe is random)
The trick seems to be that the desktop.ini file in the startup -and several other folders off the start menu- had been modified to kick off the file. There wasn't anything in the registry on it. But that might have been because the user was a limited account.
(Attached file has virus)
Message was edited by: dpal on 12/14/10 11:09:36 PM CSTMessage was edited by: dpal on 12/14/10 11:11:11 PM CST
Make sure you note my attachment is the virus file. I just changed the .exe to .exe-badMessage was edited by: dpal on 12/14/10 11:09:04 PM CST