6 Replies Latest reply on Mar 2, 2011 8:36 PM by sephstorm

    Notice to all

      I was infected yesterday with "system tool 2011" it is a virus that takes over and won't allow you to access McAfee or any other program you might want to use to get rid of it. It tells you you are infected with a virus throughout your system and will clean you system for $59.95. I got it when I opened a site "Events in London" McAfee didnt catch it in fact I was able to run a quick scan on McAfee before it completely froze me out and McAfee did't catch it. The scan showed no virus detected. I was only able to get rid of the virus by opening in safe mode and doing a system restore back to the day before yesterday and it was gone, for good I hope. I use windows 7.

        • 1. Notice to all
          Peter M

          None of the anti-virus applications have much success with these fake anti-malware entities because of the way they work.   There are specialist tools out there, however, which work, and can be applied in Safe Mode with Networking (for instance) where the malware can't function.

           

          By the same token those tools aren't good at fighting the millions of infections that you are already protected against by McAfee.

           

          I'm glad you defeated it.  You should temporarily disable System Restore to destroy the infected restore point.

           

          There are many links in this section about this and other similar nasties.  Here's one of them: https://community.mcafee.com/thread/32576?tstart=0

           

          Another quick way to defeat them, assuming you haven't yet clicked on any of their dangerous links or buttons is to click Ctrl-Alt-Delete to call up Task Manager and end any strange processes, even Explorer.exe if necessary.  That would close the desktop.

           

          You could then reboot to Safe Mode with Networking and initiate either a scan or System Restore etc.

          • 2. Notice to all

            Like many I am very troubled by the virus on my Dell Laptop and cannot start it in safe mode so unable to recitfy the problems.  Not technical but capable if instructions simple.   downloaded malewarebytes from another machine but infected machine does not allow me to execute.  

            • 3. Re: Notice to all
              Peacekeeper

              When you download it rename setup file to abc.exe

              Run file on infected PC and when it asks to install the program rename folder to abc. Rename mwb exe file as well and run program. Update it maybe running in safe mode with networking.

               

              Message was edited by: Peacekeeper on 27/02/11 7:04:17 PM
              • 4. Re: Notice to all

                I have also been infected with the System Tool virus.  Can you explain in more detail how to remove it.  It appears that I cannot run anything.  I try to run my Mcafee SW but it says that the executable is infected. 

                 

                Thanks in advance.

                • 5. Re: Notice to all
                  Peter M

                  If things wont function in regular mode try using 'Safe Mode with Networking' reached by tapping F8 repeatedly while booting up.  It's usually 2nd on the ensuing menu.  That mode prevents most malware from functioning yet gives you a limited access to your programmes and the internet.

                   

                  1st, try accessing System Restore to go back to before all this happened,  Start > All Programs >  Accessories > System Tools > System Restore.

                   

                  If that works, temporarily disable System Restore to clean the infected restore point off your hard drive and don't forget to update Windows, McAfee and any other time-sensitive applications.

                   

                  If not.....

                   

                  McAfee have a new tool to fight malware & fake anti-malware pests which usually get past most antivirus applications.  It's called GetSusp.

                   

                  You have to join the private GetSusp Group to get it and apparently they are now having a lot of success especially with all these new and prolific fake anti-malware.

                   

                  GetSusp

                   

                  Membership is required.  You can also find support for it in that group and provide feedback.

                  • 6. Notice to all

                    This particular infection disables the task manager. Personally I have gotten a lot of success with Malwarebytes Anti-Malware when it comes to rouge AV/AS. But no one product will be perfect. We need to start educating users on creating a layered defense composed of various products.

                     

                    I may create a post on this later.