cancel
Showing results for 
Search instead for 
Did you mean: 
phst
Level 7
Report Inappropriate Content
Message 21 of 115

"System Tool" virus got installed despite McAfee running

clh,

Yours seemed  to be the best advice, but when I tried to follow your instructions, I couldn't.  I'm running XP and couldn't find the folder path you outlined.  I did a simple "system restore" to a point prior to when I was infected, and it worked like a charm.

For others - I believe that clh's advice would be excellent.  But also suggest, unless someone can tell me why it was not an adequate fix, to do a simple system restore.  (Start - all programs - accessories - system tools - system restore.  The simply follow the prompts.)  

clh
Level 7
Report Inappropriate Content
Message 22 of 115

"System Tool" virus got installed despite McAfee running

phst,

My system is Vista. I checked my XP machine and found that the directory hierarchy is different. Sorry about that; I was focusing on getting the word out and wasn't trying to be comprehensive. I could guess where System Tool would be on an XP machine but rosead's method of finding it (post #68, Mar 2, 2011 7:34 AM), sorting on the modification date, is a good one. Because System Tool came up when I logged on, I looked for the Start Menu folder and found it there; I may also have searched for System Tool; I don't remember how I found it and the one under c:\Program Data, probably just looked around.

kimura24
Level 7
Report Inappropriate Content
Message 23 of 115

Re: "System Tool" virus got installed despite McAfee running

Hi I suffered the same problem after visiting 'the apprentice' website and trying to use ITV player yesterday.I have perused the internet but in the end contacted customer service and they gave me the following no 0207 949 0372.This is for the virus removal service- I lnow they ask for about £60 -but I was so desperate to be rid off it .It is money well spent especially since I am not an expert and was not confident that the whole' SYSTEM TOOL' spyware would be eradicated by the programmes out there.

The technician -Vinod-was really helpful and took me through it step by step .He used remote access to delete the infection and check .The virus removal service is valid for 5 days so if anything bothersome pops up in that time -you can use the service again to restore the computer.I thought that since many would have reported this spyware then they will be able to resolve the problem faster  than me.

Phew -I am relieved as it was getting on my nerves.Hope this helps someone- also I was told that they are trying to update mcafee so that it blocks this rogue software from infecting your computer.

Shallah

ConorD62
Level 12
Report Inappropriate Content
Message 24 of 115

Re: "System Tool" virus got installed despite McAfee running

Most, if not all Anti Viruses miss this, Malwarebytes is a good option to get rid of it.

Re: "System Tool" virus got installed despite McAfee running

try to restore first but restore didnt work for me cause the virus blocked it and almost everything else im running windows 7 by the way but its simple. go to computer, then to ur hard drive look in programdata, its a folder with a wierd name, mine was "bAiLf06300" click and drag to desktop, restart pc in safe mode then open the folder u moved delete the files should be 2, send to recycle, do the same with the shortcut, then empty recycling bin and restart pc normally and ziiiing done. u dnt have to buy maleware or anything. by the way it took me like 4 to 5 hrs to figure this out and it only takes 10 minutes. after i deleted the virus i did a restore to get it back on my pc so i could go back through it step by step writing it down so that i may help someone........ur welcome

"System Tool" virus got installed despite McAfee running

OK, this worked for me.

I think there is still something lurking somewhere as something sometimes tries to access a remote avi however when I blocked this with the McAfee AV software I had no more problems. Need to do some more digging but this is a good, quick solution.

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 27 of 115

"System Tool" virus got installed despite McAfee running

idahotrekker,

You could always run Hijackthis and post its log on one of the following specialist forums for analysis.  They will tell you if anything untoward is present.

DOWNLOAD HIJACKTHIS

Do not post Hijackthis logs here, we can't help with  those!

Post the logs at a specialist Forum:

AUMHA

BLEEPINGCOMPUTER

MAJOR GEEKS

MALWAREBYTES

MALWARE REMOVAL

SPYWAREHAMMER

SPYWARE INFO

WHATTHETECH

Be sure to read all the sticky announcements/instructions at the top of each malware forum!

lauraeva
Level 7
Report Inappropriate Content
Message 28 of 115

Re: "System Tool" virus got installed despite McAfee running

Hi, I'm Laura and I'm new to the forum, and have a "paid up" McAfee subscribtion as its what my new Vaio Laptop had pre-installed.

Was distinctly non-plused when "System Tool" hijacked my PC at midnight tonight, and did all the disabling of task manager and system restore as described, also ground web access to a near halt and the PC turned itself off every 10 minutes !

Using my Android phone I soon found a solution on the web ...

First you "register" System Tool using one of the following codes :

WNDS-S0DF5-GS5E0-FG14S-2DF8G

WNDS-JUYH3-24GHJ-HGKSH-FKLSD

WNDS-89OF7-7324R-5SAD4-TG68U

WNDS-HFVDR-9844O-U54DA-5TBSC

WNDS-G8FB6-1V87S-DRT1S-63SRG

WNDS-4BGY2-JY4KO-IT98Y-7HJ43

WNDS-5D1V2-XB0D5-JT1TY-97DS3

WNDS-F40SA-1ER5H-4FG5D-F8412

WNDS-SERFH-2642S-F04SD-64FG1

WNDS-S0DF5-GS5E0-FG14S-2DF8G

WNDS-452S3-ER00F-TSE35-S8FSD

WNDS-FGS5D-649RG-4S53D-412SF

WNDS-4TS8R-D6F5D-4JH8T-U4JK5

WNDS-2AE32-1VFC2-B6894-G67YU

WNDS-P9685-4H41A-DSW3A-2R64T

WNDS-5SRTS-AEHUF-YA54S-D6F35

WNDS-A1SDF-RY4E8-7U98D-F1GB2

(just try copying one to clipboard, it worked in Win 7)

This returns your desktop to normal and all the irritating pop-ups go away - you're left with a message like "System Tool has been sucessfully installed, please re-boot your computer" - DON'T RE-BOOT at this point.

Internet should now work and you can download Malwarebytes.  I did try to download R-kill too as recommended but this was always deleted by the virus before I could run it despite re-naming (and to cheek got a message via McAfee saying that it was Trojan !).

However running "Malwarebytes" (see first page of this thread or elswhere for links) seems to have found the little bugger ....

[Scan type: Quick scan Objects scanned: 178731 Time elapsed: 8 minute(s), 28 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: c:\programdata\ookebpb15302\ookebpb15302.exe (Trojan.FakeAlert) -> 4832 -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oOkEbPb15302 (Trojan.FakeAlert) -> Value: oOkEbPb15302 -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\programdata\ookebpb15302\ookebpb15302.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.]

Well this worked for me and I hope it helps someone else.

Laura

Message was edited by: lauraeva on 28/02/11 00:10:21 CST
stanrob
Level 7
Report Inappropriate Content
Message 29 of 115

"System Tool" virus got installed despite McAfee running

Hi. I'm new to the forum, having had a dreadful experience yesterday with System Tools 2001.  I spent 3 hours following different suggestions on the forum to remove this awful fake anti-virus program.  Fortunately, I have two computers, so was able to use the "good" one to search for answers to the problem.

I used the free version of malwarebytes.  It did find something awful and removed it, but that made no difference to the computer.  System Tools took over again and the computer was completely useless.

The virus also took charge when I booted in safe mode.

I then used Windows System Restore to revert to a restore point 24 hours before the virus struck.  The computer now seems to work normally!

I am concerned however that the virus must still be lurking somewhere.  Will it return to haunt me?

Like many other McAfee users, I am not impressed by their "paid assistance" only policy in this regard.  This seems to be such a common problem that failure to assist subscribers unless they pay a much more money to them must be losing them many customers.  Like me, when my subscription comes up for renewal!

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 30 of 115

Re: "System Tool" virus got installed despite McAfee running

lauraeva, thanks for the ideas.

stanrob, none of the antiviruses fair well with these because of the way they work.  Good luck finding one that does it all. There is, in fact, no such thing.

But that's already been stated here and in many other threads and websites devoted to fighting these fake anti-malware pests.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community