SystemTool 2011 is installed on PC (Long Post)

Hello.

Some of this information may be off because this happened a while ago… So my memory is slightly hazy.

Back in January 2011, while my family member was on the internet, a pop-up on the bottom right of the screen came up that said a file of Avast’s (I forgot it’s name, but I believe it had a “iu” in it??) was infected. Soon after the wallpaper of the computer changed to a blue wallpaper. The blue wallpaper had a text on it that said something around the computer needing to be scanned/being infected. Then it had pop-ups that tried to get us to scan the computer with or buy “SystemTool 2011” IIRC. The computer wouldn’t run properly and it wouldn’t let you do anything. I assumed it was rogueware?

My family member ended up supposedly getting “rid of” the malware by going into safe mode and getting rid of all malware he found with Avast! by doing a boot scan and then setting the computer back a few days before the malware hit (I don’t completely understand this, so forgive me). It seemed to work, but we did find one more malware called “cGoKb07003.exe”.

The PC has worked fine every since. But we periodically gets pop-ups that say “A unauthorized change has been made to your computer” and sometimes this pop-up prevents us from going to desktop after logging in. It’s also caused our computer to malfunction (The screen turned blue) to the point that I had to take out the battery.

The Important Things
I recently found that SystemTool 2011 was still installed on our PC in “Programs and Features”.
I didn’t do anything after that.

I have up-to-date Avast! and MBAM. As well as BitDefender Quick Scan (The Firefox add-on) and Windows Defender. None of these programs detect any malware on the computer.

How can I go about getting rid of this malware?
I’ve been meaning to transfer files from the family PC to my own (My PC is disconnected from the internet), but I’m afraid to because of this.

NOTE: It may take me a while to reply sometimes (Sorry) due to my RL. I’m sorry if my slow activity on the forums causes issues. Many apologies!

Sorry for the long post. Thanks for taking the time to read it.
Thanks in advance!

How can I go about getting rid of this malware?

Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
( post the logs here in this topic and not in the guide )

To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTS log ) save OTS log as ANSI

Essexboy will look at the logs when he arrive here later today…

Hi,
Had this on my computer some time ago. Use malwarebytes antispyware and clear whatever it finds and it will be gone for good.

I have up-to-date Avast! and MBAM. As well as BitDefender Quick Scan (The Firefox add-on) and Windows Defender. None of these programs detect any malware on the computer.

Unfortunately automated tools can not get all the file variants, you still need a human eye for this.

try using mbam update and do a full scan for the same if doesnt work go for OTS and SUPERAntispyware and update the same and do a full scan…post logs on next comment for me to assist u further…welcome to the forums!!!

regards,
com155.

download malwarebytes from here:
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

do a update and perform full scan and remove wht it finds.

try norton power eraser download link:
http://us.norton.com/support/DIY/index.jsp

also try this:

ownload AVPTool from [url=http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/][color=#FF0000]Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

http://i1224.photobucket.com/albums/ee362/Essexboy3/avpfront-1.jpg

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

now remove whatever it finds.

also try this:

DownloadRogueKiller to your desktop

[*]Quit all running programs
[*]For Vista/Seven, right click → run as administrator, for XP simply run RogueKiller.exe
[*]When prompted, type 1 and validate
[]The RKreport.txt shall be generated next to the executable.
[
]If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

THEN

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

[*]Close ALL OTHER PROGRAMS.
[*]Double-click on OTS.exe to start the program.
[*]Check the box that says Scan All Users
[*]Under Additional Scans check the following:
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

@com155 if you read the first post, and my reply #3 to Bobo1, you will see that he/she have already tried a fully updated Malwarebytes and it did not work

anyway when Essexboy have responded i doubt there is anything you can do that he could not