I got infected yesterday with “system tool” virus when Avast was OFF (by mistake, my fault). I went into safe mode, did RKIll first, then MalwareBytes (as instucted on many sites to follow this procedure, and MWB said it found 3 infected files so I tried to remove them (as instructed) and then I had to let my PC restart to get rid of the files but it didn’t work upon restarting. The virus was still there popping up everywhere so I shut down and went back into safe mode and tried it all again and again with the same results. Then ran Avast (in safe mode) but got warnings that it couldn’t move the files, couldn’t do anything, and Avast was made useless by this virus.
After hours of trying everything (Hijackthis, CCleaner, etc.) and then uninstalling “System Tool” in add/remove programs, I shut down and restarted in safe mode but chose “system restore” and restored back to a day ago. It worked! I think. I was able to log on normally (out of safe mode) and had my desktop back after system restore, then ran Avast deep scan and it found a lot of things and four viruses that were all successfully moved to the chest.
Now that they’re IN the chest, am I really safe? So far, my PC seems normal but is there hidden files of “system tool” that will come back?
I’m not experienced enough to remove anything from registry or anywhere manually, so what else can I do?
Thanks for any help!
Malwarebytes is the best rogue remover out there…did you update it before you scanned ?
Yes, I updated it EACH time I scanned and it didn’t get rid of this virus. I uninstalled it several times, then reinstalled. It said they were removed, then I ran another scan (many times) and there was nothing infected in the report but when forced to restart (each time), the virus was still there taking over my desktop, all files, etc.
When Avast found a trojan, it could not move it or do anything at all.
The ONLY thing that’s worked was system restore in safe mode and then running Avast which found 4 trojans and put them in the chest. It also found other things but said “unable to scan” in the report log.
Everything seems fine but I wonder if the virus is still hiding somewhere? I want to back-up my files on an external drive but am afraid those files are still infected maybe?
CCleaner’s registry fix is beyond my ability to know which items to fix or delete. Can someone help if I post my registry report from CCleaner and tell me what to delete/fix?
Thanks again anyone!
Now that they're IN the chest, am I really safe? So far, my PC seems normal but is there hidden files of "system tool" that will come back?well Essexboy can have a look inside if you post the logs
Follow this guide form our expert malware remover Essexboy and post the log`s here
http://forum.avast.com/index.php?topic=53253.0
To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTL.Txt and Extras.Txt. )
is it this one you have been hit with?
http://www.bleepingcomputer.com/virus-removal/remove-security-tool
No, it’s this one. They seem very similar.
http://www.bleepingcomputer.com/virus-removal/remove-system-tool
Hi there all, I got similar hit with systemtool 2011, did the system restore thing and it worked, I believe. Looked in a/v vault and it looked like one of these was in there, so appears avast can detect it but not always. Does anyone know if this is true and when it will kill it everytime? Thanks ???
Does anyone know if this is true and when it will kill it everytime?sorry that will not happen as new version`s are released every day ( they may look the same )
Fake antivirus overwhelming scanners
http://news.techworld.com/security/3203072/fake-antivirus-overwhelming-scanners/
Rogue Gallery
http://forum.avast.com/index.php?topic=51490.0