System Tool Virus

system · February 2, 2011, 8:16pm

Hi,

I’m running Windows 7, and I was infected by the System Tool Virus. It’s a fake anti-virus program that asks for a credit card number to delete the “infected files” it finds. It also disables downloading and installing files from the net.

I ran a boot time scan that found some files and deleted them, but this did not help.

It took a few seconds for the virus to pop up and disable my computer after re-booting. I was able to download MBAM in that time, but I couldn’t install it. Then, all of a sudden, the virus just disappeared. I was able to run MBAM and ComboFix. I am relieved that my computer is running fine now, but I am suspicious that the virus seemed to have just disappeared on its own. Below are the logs from both programs.

Here is the MBAM log:

Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5657

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/1/2011 11:01:51 PM
mbam-log-2011-02-01 (23-01-51).txt

Scan type: Full scan (C:|D:|)
Objects scanned: 302787
Time elapsed: 34 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\fnegkhp05200\fnegkhp05200.exe (Rogue.SystemTool) → Quarantined and deleted successfully.

Left123 · February 2, 2011, 8:31pm

Hey there
Follow instructions here http://www.bleepingcomputer.com/virus-removal/remove-system-tool
Come back with news
Regards

system · February 2, 2011, 8:51pm

I performed the steps in that link and everything seems ok now, but then again everything has been ok since the virus just disappeared.

When I ran combo fix it deleted a folder I suspected the virus was running from, so maybe everything is all set now.

thanks

Left123 · February 2, 2011, 9:53pm

Any other problems?Please let us know

system · February 11, 2011, 7:17pm

I am having the same problem with that System Tool fake antivirus. It popped up this morning on my husband’s laptop. I printed out the directions from the above link and he is going through the process right now. Will come back to report that yes, it fixed the problem or no, it didn’t. I was disappointed that my paid version of AVAST! hadn’t caught it, but I guess these programs keep getting modified and renamed.

essexboy · February 11, 2011, 7:30pm

Unfortunately that is true - the malware makers know what makes the AV tick, but the AV analysts have to wait for a new variant before they can stop it. Although maybe behaviour shield will start to ameliorate that

system · February 11, 2011, 8:57pm

Well, good – following the directions in the link worked. There were 4 infections detected and removed, but I do not have the scan info, unless we can access the log. Thank you.

essexboy · February 11, 2011, 10:22pm

[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[]Copy&Paste the entire report in your next reply.

System Tool Virus

Announcements