Some of this information may be off because this happened a while ago… So my memory is slightly hazy.
Back in January 2011, while my family member was on the internet, a pop-up on the bottom right of the screen came up that said a file of Avast’s (I forgot it’s name, but I believe it had a “iu” in it??) was infected. Soon after the wallpaper of the computer changed to a blue wallpaper. The blue wallpaper had a text on it that said something around the computer needing to be scanned/being infected. Then it had pop-ups that tried to get us to scan the computer with or buy “SystemTool 2011” IIRC. The computer wouldn’t run properly and it wouldn’t let you do anything. I assumed it was rogueware?
My family member ended up supposedly getting “rid of” the malware by going into safe mode and getting rid of all malware he found with Avast! by doing a boot scan and then setting the computer back a few days before the malware hit (I don’t completely understand this, so forgive me). It seemed to work, but we did find one more malware called “cGoKb07003.exe”.
The PC has worked fine every since. But we periodically gets pop-ups that say “A unauthorized change has been made to your computer” and sometimes this pop-up prevents us from going to desktop after logging in. It’s also caused our computer to malfunction (The screen turned blue) to the point that I had to take out the battery.
The Important Things
I recently found that SystemTool 2011 was still installed on our PC in “Programs and Features”.
I didn’t do anything after that.
I have up-to-date Avast! and MBAM. As well as BitDefender Quick Scan (The Firefox add-on) and Windows Defender. None of these programs detect any malware on the computer.
How can I go about getting rid of this malware?
I’ve been meaning to transfer files from the family PC to my own (My PC is disconnected from the internet), but I’m afraid to because of this.
NOTE: It may take me a while to reply sometimes (Sorry) due to my RL. I’m sorry if my slow activity on the forums causes issues. Many apologies!
Sorry for the long post. Thanks for taking the time to read it.
Thanks in advance!
To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTS log ) save OTS log as ANSI
Essexboy will look at the logs when he arrive here later today…
I have up-to-date Avast! and MBAM. As well as BitDefender Quick Scan (The Firefox add-on) and Windows Defender. None of these programs detect any malware on the computer.
try using mbam update and do a full scan for the same if doesnt work go for OTS and SUPERAntispyware and update the same and do a full scan…post logs on next comment for me to assist u further…welcome to the forums!!!
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.
[*]Quit all running programs
[*]For Vista/Seven, right click → run as administrator, for XP simply run RogueKiller.exe
[*]When prompted, type 1 and validate
[]The RKreport.txt shall be generated next to the executable.
[]If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
THEN
To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.
[*]Close ALL OTHER PROGRAMS.
[*]Double-click on OTS.exe to start the program.
[*]Check the box that says Scan All Users
[*]Under Additional Scans check the following: Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
@com155 if you read the first post, and my reply #3 to Bobo1, you will see that he/she have already tried a fully updated Malwarebytes and it did not work
anyway when Essexboy have responded i doubt there is anything you can do that he could not