I've got this too, despite having McAfee Total Protection - 'Total' Protection what a load of tosh!!!!! McAfee should be sued and have compensate people who have paid a lot of money for 'Total' protection.
I'm presuming most people have sorted this by now but for future reference this is how I got rid of of 'System Tool':-
Start up in 'Safe Mode' and create another user account
Restart normally under this new account
Search online for Malwarebytes by Anti-malware and download this (I did this through Major Geeks - its free download), I was asked for a password as my account infected was the administrator/main account - enter your usual password if it asks, it won't access the account and doesn't start the 'System Tool'
Once downloaded run (run the files whenever the download box asks if you want run or save) the Malware - it finds the Trojans and quarantines them - you're then asked to restart.
Once restarted, log in under your normal account and open the Malware (desktop icon) - you will see the 2 Trojans under the quarantined section, 'delete all' and you should be sorted.
I tried the other methods of finding jLpNk06300 or gGpJcBk06300 as it was in my case and deleted this, but I couldn't find the other file. Also couldn't find the 'System Tool' folder when I searched through the infected user account.
Thanks for the help! I found a somewhat easier solution to the virus.
1. Set up the additional account as described above.
2. In the new account, run windows defender--it caught the virus on the first pass.
3. It seems to be working so far ....
Mcafee catches it as well since dat 6271 or later
Stinger does as well there is a FAQ if you cannot update hereMessage was edited by: Peacekeeper on 9/03/11 12:44:38 PM
To all the McAfee muppets saying it's not a virus.. it is. The virus downloads itself, reproduces in alternate locations, steals passwords via phishing, redirects you to all their websites, works as a back door to pull in similar virus programs, causes havock, and can nuke your pc if you remove it the wrong way. It is basically a super virus. Why doesn't your software detect it? Because your software looks for the less common threats. I really can't remember when the last time I saw a worm in my company or a SoBig virus. I work for a large company with thousands of employees. The only viruses we see are these Fake Antivirus viruses. Our outside sales people get them weekly. Call it malware, but it acts like a definite virus. We used to be partnered with McAfee until we switched two years ago to Symantec. Both of the companies enterprise editions are equally useless. They hog memory and miss the most common viruses out there. Malwarebytes is made to look for what actions these viruses are carrying out. McAfee and Symantec just look for what might be in their virus database. It can't find them because they change their names. Any of these free softwares that run constantly can take the place of your expensive software. Stinger and SERT are just about as useless as MRT.
I started a company just removing fake antivirus viruses because they are so common. The big name companies are the only protection the general public knows about so they pour all their money into worthless software. They are all the same and easy to get rid of it you know what you are doing and know the basics. You can take these out without antivirus software. All you need to know is every process you have on your taskmanager and how to look for bogus temp files and other run once download directories.
News flash to those who do system restore and say it's done. It's not. Different variants of these viruses will hide in your System Restore and act like a time bomb. This goes the same for the people thinking, "it decided to disappear one day". It'll be back I guarantee you. Your prevention? Start recognizing a pattern with the sites you go to each day. These can come from a clicked popup, and infected flash web banner, or a direct download. The only thing good I can say about Symantec's more public software, Norton is it will tell you where files are downloaded from. This can help you isolate the problem.
It is just a matter of racing the virus to startup. You can fire off task manager quick by hitting ctrl+alt+esc right after logging in, locating the threat, and killing it. This disables the software so you can get to work doing your removal. Next, check your startup for the process you disabled in task manager. If it doesn't show up in start up then check the registry under a Run Once location. Prefetch will hide your startup items. If you don't know how to do what I said after task manager, I recommend these pieces of free antivirus/spyware/malware removal:
Malwarebytes (starting to make a name for itself because of its reliability).
Super Antispyware (for fans of malwarebytes that want continuous protection rather than the casual scan).
Hitman Pro (finds infected drivers to stop re-directs and poisoned dns entries better than any of the above).
Great all arounds:
Made to remove specific threats:
System Tool is fake antimalware that, if clicked on and activated, can plant trojans.
It's been on McAfee's books for several days and can be cleaned by VirusScan assuming it's up to date, or for those without VirusScan by the latest version of Stinger.
You can use malware bytes to remove this awful virus (Install in safe mode)
Install malware bytes
Run Malware bytes
Click Full Scan
Wait for Scan to complete
Check all the infected files registry keys etc.
Click remove selected and reboot
Start Windows Normally and its gone
I'm really sorry, as I don't mean this to be a dig or to be playing devil's advocate, but all this talk saying "it's ok, Mcaffee detects it now, and there's no need to worry about anything." bugs me.
for the last 2 months, we've been told that "it's impossible for Mcaffee to detect everything, as new viruses are coming out all the time, and we can't be expected to get all of them"
and more recently, "Viruses are changing and mutating all the time, so for Mcaffee to detect them it'd need it's heuristics turned up to such a degree that you'd get far too many false positives."
And all of a sudden, IT DETECTS IT and there's no need to worry anymore.
I call changing goalposts, or whatever the eloquent term is 🙂
I reserve judgement on whether it does actually detect and remove it or not, as I cleared a new infection around 4 days ago in the UK...
I suspect that it showed on their radar when the mass detectioons happened in past week or 2. We here the mods have been trying to get a detection for ages so I agree why not earlier. At least we could direct users to the way to remove it so were some assistance.Message was edited by: Peacekeeper on 15/03/11 6:35:35 AM