cancel
Showing results for 
Search instead for 
Did you mean: 
clh
Level 7
Report Inappropriate Content
Message 11 of 115

Re: "System Tool" virus got installed despite McAfee running

It happened to me too. A message about my system being infected with spyware became the wallpaper. An new icon called "System Tools 2011" was on the desktop. A pop-up came up from the icon tray and said that programs were infected and that I needed to download a program to remove the virus. I ran a McAfee "Full Scan" and it didn't find anything. I logged in as another user and that account didn't have the virus so I'm operating from that account until I can get the virus removed. McAfee technical support chat couldn't help; they wanted me to use a paid service. I may try malwarebytes.

Message was edited by: clh on 12/26/10 12:42:10 PM CST
clh
Level 7
Report Inappropriate Content
Message 12 of 115

Re: "System Tool" virus got installed despite McAfee running

This is an update to my previous post (#6 Dec 26, 2010 12:42 PM). I decided to try to fix it myself. This is for those who feel comfortable examining system files.

I logged in as another user. Using Windows Explorer, I went to the following folder:

c:\Users\[accountName]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

where [accountName] is the name on the user account, and deleted the folder called "System Tool"

Then I went to folder "c:\ProgramData" and deleted the folder called "jLpNk06300" which had nearly the same file creation date and time as the "System Tool" folder.

I logged in to the previously-infected account and it came up okay. Perhaps this will help someone.

klevon
Level 7
Report Inappropriate Content
Message 13 of 115

Re: "System Tool" virus got installed despite McAfee running

I was also disappointed that the System Tool rogue antivirus program was installed to my machine and totally disabled McAfee shortcuts. I was able to get rid of it (i.e. my machine is acting 'normal' again), but I would like to add that the folder under C:\ProgramData probably has a different name on different machines. Mine was eNnBl6305.

Re: "System Tool" virus got installed despite McAfee running

Thanks to all, I read all entries and enough was provided to help me work through xp.  I did try updating McAfee and nothing was detected.  I went to my C drive and search the day we lost control.  Deleted the Folder System Tool and the Start up Short cut.  Not sure how to prevent this going forward. 

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 15 of 115

Re: "System Tool" virus got installed despite McAfee running

None of the antivirus engines on the market will catch this sort of malware due to the method it uses to invade your machine.

Read here: http://www.bleepingcomputer.com/virus-removal/remove-system-tool

"System Tool" virus got installed despite McAfee running

Clh was right on about a simple solution to removing "System Tools"! The only thing that I  would add to the post is that, after typing clh's recommended chain into Internet Explorer, I found that I had to go one folder deeper. I found "System Tools" in \Accessories. So, this is the appropriate folder chain:

c:\Users\[infected user name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

Then, as clh recommends, delete the "System Tools" folder and, again, in Internet Explorer, type:

c:\ProgramData

Then delete the foldr that is a hodgepodge of letters and numbers.

When I returned to the infected user, everything ran perfectly. Great approach, clh!

clh
Level 7
Report Inappropriate Content
Message 17 of 115

"System Tool" virus got installed despite McAfee running

odysseygal, I'm glad that my post was helpful. However, I think the "System Tools" folder that you deleted under "Accessories" is one that is part of Windows. If you don't use those tools, it won't be a problem. That folder contains shortcuts, rather than the files themselves, so another user's account will still see those tools (click 'Start', 'All Programs', 'Accessories', 'System Tools'). If you don't already know, you can restore that folder, if you want, from the Recycle Bin, if you haven't emptied it.

Also, just FYI, I used 'Windows Explorer' (under 'Start', 'All Programs', 'Accessories'; click 'Organize', 'Folder and Search Options', 'View' tab, click ''Show hidden files and folders'), not Internet Explorer, to view the files and folders.

Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 18 of 115

"System Tool" virus got installed despite McAfee running

I second that as  that is a windows folder

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 19 of 115

Re: "System Tool" virus got installed despite McAfee running

Suzanne Daycock wrote:

Clh was right on about a simple solution to removing "System Tools"! The only thing that I  would add to the post is that, after typing clh's recommended chain into Internet Explorer, I found that I had to go one folder deeper. I found "System Tools" in \Accessories. So, this is the appropriate folder chain:

c:\Users\[infected user name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

Then, as clh recommends, delete the "System Tools" folder and, again, in Internet Explorer, type:

c:\ProgramData

Then delete the foldr that is a hodgepodge of letters and numbers.

When I returned to the infected user, everything ran perfectly. Great approach, clh!

Suzanne,

I agree with the others, you shouldn't confuse the System Tools folder with this infection with is 'System Tool' (minus the 's').

What operating system is it, with version etc?   Here's what it looks like in my Vista Ultimate for instance, but it exists with varying content in all OS's from ME upwards I think.

systemtools.JPG

You might be able to restore it without too much problem if you tell us the details of your system.

Message was edited by: Ex_Brit on 22/02/11 7:35:40 EST AM

"System Tool" virus got installed despite McAfee running

Thx clh.  The virus caught up with me this morning and your post helped me get back up and running.  Worked like a charm.  Cheers!  

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community