As System Tool 2011 isn't an infection in itself that isn't surprising and I think you'lll find it isn't in the majority of antivirus databases.
That's why there are a number of specialized tools out there for these 'fake anti-malware' entities.
No anivirus is perfect believe me, that's why they all rely on customers submissions as well as research.
McAfee's is here: http://vil.nai.com/vil/submit-sample.aspx
Thanks Ex_Brit. Do I now understand that "System Tool 2011" is not actually a Malware or Virus, and I could be rest assure to use my User Name: CVG safely, instead of using User name: Guest like this Moment? Although in my User Name CVG my Screen is full of Messages to "do something" via System Tool, with msg everywhere about the dangers that could happen, if I did not act as they say.
Believe McAfee themselves should at least acknowledge existense of "Sytem Tool 2011", and either put an update or something ASAP, to resolve those nasty messages, that could relieve users like me from the Angst of getting my computer infected,and not knowing what to do.
That is why I bought Virus Protection from established company like McAfee. I expect to get my so called "Virus problem" resolved; and not the way that McAfee's site act as if they are not aware of this "System Tool 2011". Where are their Professionals that I paid good money for? Still on their hung over from their heavy Christmas partying? or what? Very disappointed with McAfee's Service in this matter. The least I expect them to say is something like: We are working on this problem, with ETA of 12/xx/2010 target date for resolving it.
I didn't say it wasn't malware, I said it isn't a virus per se. It certainly is high up there on the nuisance factor scale I agree.
There's a good description of it here: http://www.spywareremove.com/removeSystemTool2011.html
It would be nice if McAfee and other major antivirus applications could detect everything but that is not possible.
You have to exercise extreme caution and preferably keep an updated copy of something like Malwarebytes Free handy as a supplement.
Thx again Ex_Brit. For a computer geek, your reply and Manual Removal Instructions make a lot of sense. However for a Retiree/Geezer like me, I am scared to death to remove things I do not understand (Removing Process Files, deleting Registry Entries, and other Processes Files); I am afraid it could scew up all my systems. That is why I bought McAfee VirusScan, with the expectation that between their updates, and then running the Real Time Scan to Scan my PC, it would remove all such process files, Registry Entries, and other Processes Files for me. Or is it too much to ask from McAfee? System Tool 2011 certainly is very anuisance. It overwrote the McAfee icons, and replaced with its Icons. Why does McAfee allowed that, and not fight them ASAP.
However, I feel better that at least it is not stealing personal information, but only "forcing" unsuspected users to purchase a useless software. Called an 800# found in Google for McAfee support, ask about System Tool 2011. The guy with heavy accent (Indian? maybe?) said it is a very dangerous virus, and started to offer solutions at a cost. I hang up immediately. Since I already have McAfee (which I have used for at least 7 years, starting with Company supplied, then after I retired purchased on my own), I am refusing to buy another VirusScan software. I am still awaiting McAfee's FIX on this rogue System Tool 2011.
As I say these things are extremely troublesome but most antiviruses would not detect them, hence the specialist tools I mentioned earlier.
I agree it's complicated but always Google these things for more information and removal help, it's always out there somewhere. Don't forget also that should your desktop become unusable for whatever reason, you can always try "Safe Mode with Networking" reached by tapping F8 repeatedly while booting up and selecting it from the menu displayed...usually it's number two on the list. The 'with Networking' part means internet access and being in Safe Mode most malware can't run.
One can also initiate a scan in that mode by right-clicking a file, folder or hard drive (in My Computer (XP) or Computer (Vista/Windows 7) and selecting 'Scan'.
Also tools like Malwarebytes can be used in that mode. It's always handy to remember that.
Another tool that perhaps I should have mentioned earlier is System Restore, which sometimes can be used to go back to before the bad stuff started happening. If you use it successfully then all you have to do it to temporarily disable System Restore afterwards and the malware will be wiped off your hard drive.
Don't forget to immediately update your McAfee software to bring it current.
Thx Ex_Brit. Trying to become System Expert now, though with great Angst.
These are steps I have done:
1. Log in as Guest: Ran Update on McAfee, the Full scan: No issues found.
2. Log in as User Name: CVG (does not have Admin Privilege), then
A. Ran in just Safe Mode:
The Files: oHaKo000902.exe and 5648541024.exe .cfg .bat seemed all disappeared.
Also in Regedit did not find [random] and 5648541024..
Maybe System Tool 2011 is using different file names in my case?
The McAfee Antivirus has a msg: Your Computer is at Risk. Real Time Scanning is Off. I clicked TURN ON. It went green for a second, with regular View, but then it get back to the Red Screen with the same Msg: Your Computer is at Risk. Real Time Scanning is Off. Clicked TURN ON again, same thing: Green for 1 second then back to Red.
Use File Serach to find: Sytem Tool 2011. Found in 2 places. Deleted these 2 files, and Empty Recycle Bin.
B. Ran in Normal Mode: Task Manager could not run. The nasty messages are still there, but System Tool 2011 reference are gone.McAfee icon gone, could not run McAfee in Normal mode.
C.Now in Safe Mode with Networking. The McAfee Antivirus has a msg: Your Computer is at Risk. Real Time Scanning is Off. I clicked TURN ON. It went green for a second, with regular View, but then it get back to the Red Screen with the same Msg: Your Computer is at Risk. Real Time Scanning is Off. Clicked TURN ON again, same thing: Green for 1 second then back to Red.
Now running Full Scan again (will probably take 1 hour)
Questions: What are the triggers that:
i. Make McAfee say Real Time Scanning is Off in Safe Mode or in Safe Mode with Networking.
ii.In Normal Mode: Task Manager could not run,
and McAfee icon gone or replaced with their special icon (from the intruder: did not show Sytem Tool 2011 any more).
and Nuisance warning msgs in Full screen.
Thx for your guidance; will work as necessary to resolve this Nuisance.
So far (at 17%) in Safe Mode with Networking: McAfee Full Scan found 2 issues & fixed 2 Tracking cookies.
Could this be 2 of the problems?
McAfee Virus Scan now completed in Safe Mode with Networking..
Removed 2 cookies: Yieldmanager & Doubleclick.
However it still says in Red: Your Computer is at risk; Real Time Scanning Off.
Click Turn On: Green now for 2 seconds (2X longer than before) then back to
Red: Your Computer is at risk; Real Time Scanning Off.
So seems there are still some unresolved issues, however felt more secure
since no imminent danger.
Will try Normal Mode for User Name: CVG now to see what happens there..
In Normal Mode everything is still the same. That obnoxious full page System Tool 2011 msg still there.
Task Manager still won't run. McAfee Scan still says in Red: Your Computer is at risk: Real Time scanning is off.
Checking Malwarebytes Trial, but at the end it also only leads to Puchase another Software,
That defeats the purpose of me owning McAfee already.
I can't buy & maintain 2 or 3 different kind of VirusScan software.
I give up, but still expect McAfee to resolve such problems, via updates & Scanning; even if it may take time.
Very disappointing, although this geezer/retiree has spent so much time trying to resolve geek's problems.
Hope owning McAfee would still solve the problem; that's why users like me bought your Software.