cancel
Showing results for 
Search instead for 
Did you mean: 
lauraeva
Level 7
Report Inappropriate Content
Message 41 of 115

"System Tool" virus got installed despite McAfee running

Thanks Peter,

I didn't try "system restore" in safe mode as at the time I didn't know when I'd been infected and the latentcy of the trojan.  Also from over a year back now I remember a very similar trojan which wiped my restore points and froze spybot mid scan (XP machine) !

Also F8 didn't seem to want to work ... which is why I went to find a stiff drink and an alternative solution.

Question is if people actually pay money via credit card to these scammers, doesn't this put them "bang to rights" as surely money transfer on a significant scale can be traced ???

Laura

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 42 of 115

"System Tool" virus got installed despite McAfee running

I have no idea, but anyone who does that should really know better and as far as legal recourse is concerned, good luck as most are in inaccessible parts of the globe where the long arm of the law can't reach..  In any case most credit cards have a charge dispute mechanism I would hope so the money should be retrievable..

stanrob
Level 7
Report Inappropriate Content
Message 43 of 115

Re: "System Tool" virus got installed despite McAfee running

I thought post 66 would be my last on this thread.  Wrong!  Almost unbelievably, this morning, while reading a reputable Scottish newspaper online, I was hit by another fake anti-virus program.  This time it was Security Analysis.  For the benefit of those interested, the web address is Address removed .  I was using my PC this time, not the laptop that was infected by System Tool and Vista Total Security 4 days ago.

As I said before, I have learned a lot from this nasty experience.  Maybe I could make money out of fixing computers now!  I recognised it was malware immediately, so a right click on the taskbar, then a click on task manager, then applications, enabled me to stop the installation process in its tracks.  Gone within a few seconds of its arrival on the screen!  I am very proud!

As Malwarebytes found the previous nasty pest in a Java folder, I decided to check that Java was up-to-date on my PC.  It wasn't!  Maybe that is why Security Analysis found its way in.  I have updated Java and checked if the version on my laptop is up-to-date, and it is.  So whether Java is up-to-date or not may not explain how these pests have found a way into both of my computers.

Does anyone think the Scottish newspaper is unwittingly distributing this malware, or was it just coincidence that it appeared at that time?

I am almost enjoying this now!  I would not have been had it been necessary for me to shell out money to get these things fixed.  That would have been two calls in 4 days on the expensive services of McAfee or someone else, if I was as computer non-savvy as most of the people (mostly elderly) I know with computers.

Hope this will encourage others to do their own thing, and maybe assist friends in similar difficulty at some time too.

Good luck and thanks once more for all your help.  Stan.

Message was edited by: Peacekeeper on 4/03/11 3:09:25 PM
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 44 of 115

Re: "System Tool" virus got installed despite McAfee running

stanrob wrote:

I thought post 66 would be my last on this thread.  Wrong!  Almost unbelievably, this morning, while reading a reputable Scottish newspaper online, I was hit by another fake anti-virus program.  This time it was Security Analysis.  For the benefit of those interested, the web address is www1.bestsecure-zoneog.in.  I was using my PC this time, not the laptop that was infected by System Tool and Vista Total Security 4 days ago.

As I said before, I have learned a lot from this nasty experience.  Maybe I could make money out of fixing computers now!  I recognised it was malware immediately, so a right click on the taskbar, then a click on task manager, then applications, enabled me to stop the installation process in its tracks.  Gone within a few seconds of its arrival on the screen!  I am very proud!

As Malwarebytes found the previous nasty pest in a Java folder, I decided to check that Java was up-to-date on my PC.  It wasn't!  Maybe that is why Security Analysis found its way in.  I have updated Java and checked if the version on my laptop is up-to-date, and it is.  So whether Java is up-to-date or not may not explain how these pests have found a way into both of my computers.

Does anyone think the Scottish newspaper is unwittingly distributing this malware, or was it just coincidence that it appeared at that time?

I am almost enjoying this now!  I would not have been had it been necessary for me to shell out money to get these things fixed.  That would have been two calls in 4 days on the expensive services of McAfee or someone else, if I was as computer non-savvy as most of the people (mostly elderly) I know with computers.

Hope this will encourage others to do their own thing, and maybe assist friends in similar difficulty at some time too.

Good luck and thanks once more for all your help.  Stan.

Are you sure first of all it was malware and secondly of that name?  The reason I ask is I can't find it and know that practically all of them start off by saying words to the effect that "a system security analysis has found a problem...."?

I would warn the newspaper to check their links.

stanrob
Level 7
Report Inappropriate Content
Message 45 of 115

"System Tool" virus got installed despite McAfee running

Thank you again Ex-Brit, for your response to my post 84.  I have several things to report.

I did a Malwarebytes scan yesterday after posting to you.  It found two registry data items infected.  Here is the log of that:

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

The full address, copied from my IE browsing history, for the site that caused the fake to appear on screen (not a pop-up to be clicked on, incidentally) is:

http://www1.bestsecure-zoneog.in/1ae45amr?wcy2=m9zeptWi2dbi1seb586Rt6GhlZ%2BN58zdb5WL1NbV16C%2BxapT5...

This site is described as Security Analysis in my IE browsing history, but it is possible that the fake on my screen called itself Security Threat Analysis or Analysis Security and not Security Analysis.  I don't remember now, but I think they are all the same virus anyhow.  I have Googled "security analysis virus" and found several interesting links to precisesecurity.com, which lead me to believe the same virus is appearing under slightly different names. One article is to be found at:

This article describes my latest pest very accurately. It states: Security Threat Analysis will pop-up as a windows explorer page with running virus scan. This virus was dropped by a Trojan who just infected a computer and capable of modifying system settings and Internet browser configuration.

The newspaper has not responded to my email. This pest definitely came from a link to a football page!

Thanks again for your interest.  Stan

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 46 of 115

"System Tool" virus got installed despite McAfee running

I'm afraid any MBAM logs or reports would have to go on the MBAM forums for analysis - I'm not qualified to tell you what's what there.  Are you OK now?  That's the main thing.

stanrob
Level 7
Report Inappropriate Content
Message 47 of 115

"System Tool" virus got installed despite McAfee running

Thanks again, Ex_Brit.  Everything is fine.  All computers go!  Till the next time maybe, but at least I am much more prepared to cope.  Stan.

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 48 of 115

"System Tool" virus got installed despite McAfee running

Ok, that's good 😉

"System Tool" virus got installed despite McAfee running

Chris,

I do agree to the fact that the fake AVs have become a major pain in all the worng places. However, I strongly disagree with the fact that McAfee completely fails against protecting us against AVs.

I would like to let you know that every AV has its share of detections against such fake programs however the fact is that some variants are missed by every AV, I repeat EVERY AV. We have variants of fake AVs being churned out every moment and please remember the fact that the AV companies are actually in a very tricky situation. Here is why :-

1} If an AV is too aggressive, it detects almost all the nasties but in addition also generates false alarms. That in turn leads to colossal damages like how a certain update cripples your computers. More over, no one appreciates the fact that an innocent file is being flagged as a virus by an AV.

2} If the AV is optimally aggressive, it misses variants because the variants are disguised as exploits which infect us through Java, windows media player or .pdf as well. Moreover these variants are specially engineered into fooling the good old old AV.

my opinion and a fact that I strongly believe in is :- Always make sure what you are clicking on and what site you are browsing. Just because we have a Security guard at our apartment, we dont really leave our doors open at night, do we ? Even though the guard out there is armed and is awake keeping a watch, we still make sure our alarm system is on and the doors are locked. That is what we DO NOT DO  when it comes to the System security. We just pay and install an AV and want it to protect us no matter what ( which is practically IMPOSSIBLE). The user has to know what he is doing and what he is getting into. Its as simple as that.  Common sense and a layered protection is what we need.

To give a finishing touch to my post, I would say, to make sure you have a better protection, it is important you up the ante against the bad guys. A browser protection, a host intrusion prevention, an updated and aggressively set real time scanner, a couple of damn good malware removers forms your arsenal. We need to go all out to be protected. Gone are the days wen just an AV+ ASPY combo was enough. We are in difficult times and its just the beginning !

Sameer

Re: "System Tool" virus got installed despite McAfee running

sameer172006 wrote:

I would like to let you know that every AV has its share of detections against such fake programs however the fact is that some variants are missed by every AV, I repeat EVERY AV. We have variants of fake AVs being churned out every moment and please remember the fact that the AV companies are actually in a very tricky situation

Up until a few months ago, I was also the one telling everyone that there's no one AV that's 100% safe, and that as long as they get one of the big 3 (as I put it) Norton, Mcaffee, or AVG they'd be safest.

But unfortunately, Unless Mcaffee has something like a 20x larger market share than Norton, then their detection rates against this particular virus are much, much worse. And believe me, I'm not one to glibly recommend Norton. Back in 2006, when they released that awful bloatware version, they let me down very badly. But the (unscientific) evidence speaks for itself. I haven't been to 1 call out for someone with Norton, and I've been out to well over 30 who have Mcaffee.

And With the greatest of respect to all Mcaffee engineers and support staff, If free malwarebytes can do a 100% successful job at clearing up the mess, then a £50, paid for Mcaffee, should do the same. Even if they have to write an additional plugin from scratch to do it. 

I simply do not accept that with Mcaffee's staggeringly HUGE resources compared to Malwarebytes, that they can't even match it. Unless Malwarebytes is run by a few world-class geniuses that Mcaffee simply can't match. But I doubt it. 🙂

On the other hand, I'm making good money out of this. So thanks! 🙂