dean_stephens
asked on
how do you remove the "system tools hoax" software
This seems to be a new program pretending to be an antivirus program. It is a scam, but it hijacks the computer and there seems to be no way to see the virus or stop it from runnning. McAfee is totally ignorant of it and wants $90 to "try" to remove it. Is there any other way to get rid of this hoax?
If this is a 32 bit Windows 7 machine you can attempt to run
combofix
HOwever, I would recommend running a good clenup utility as well:
http://www.stevengould.org/index.php?option=com_content&task=view&id=15&Itemid=69
Will clean up a lot of that crap that is sitting around, do that before you run a scan. In the worst case scenario you can download sysinternals procexp and find the culprit file and "echo" it out and render it useless. I can offer further detail if you want.
combofix
HOwever, I would recommend running a good clenup utility as well:
http://www.stevengould.org/index.php?option=com_content&task=view&id=15&Itemid=69
Will clean up a lot of that crap that is sitting around, do that before you run a scan. In the worst case scenario you can download sysinternals procexp and find the culprit file and "echo" it out and render it useless. I can offer further detail if you want.
ASKER
I already own McAfee. Why will they not help me remove the virus? If it has been around since 2008 it cannot be that hard to get rid of.
Here is a link that says don't disable system restore until after you run the scans:
https://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/A_1934-Viruses-in-the-System-Volume-Information-System-Restore.html
Here is a link that says to run scans in normal mode NOT safe mode, if you can:
http://forums.malwarebytes.org/index.php?showtopic=17334&st=0&p
https://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/A_1934-Viruses-in-the-System-Volume-Information-System-Restore.html
Here is a link that says to run scans in normal mode NOT safe mode, if you can:
http://forums.malwarebytes.org/index.php?showtopic=17334&st=0&p
ASKER
@moonie42 - The software you linked to will not install since it requires you install in normal mode and the virus will allow nothing to run in normal mode. Only safe mode can be used.
@ bz43 - ditto
@RobertParton - All I get when I try to find Combofix is a link to Registry Mechanic. I assume I am doing something wrong but I cannot figure out how to find the program. Do you have a link perhaps.
I am really gettting frustrated with this.
McAfee has given me a link to a program called "stinger', which ran to completion and did not find the virus or remove it. I am still stuck with nothing but safe mode. Normal mode is infected with the "System Tools" hoax and nothing seems to work.
@ bz43 - ditto
@RobertParton - All I get when I try to find Combofix is a link to Registry Mechanic. I assume I am doing something wrong but I cannot figure out how to find the program. Do you have a link perhaps.
I am really gettting frustrated with this.
McAfee has given me a link to a program called "stinger', which ran to completion and did not find the virus or remove it. I am still stuck with nothing but safe mode. Normal mode is infected with the "System Tools" hoax and nothing seems to work.
ASKER
I am being told by both McAfee and Norton that this virus can only be removed manually at a cost of $99. Does anyone know any other option?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you so much.
You're welcome. Were you able to remove the virus?
ASKER
Yes.
ASKER
For clarification, the details on the second thread you posted
http://supportforums.sunbeltsoftware.com/messageview.aspx?catid=76&threadid=6712
allowed me to find the virus manually and delete enough of it to get the standard anti virus to remove the rest.
http://supportforums.sunbeltsoftware.com/messageview.aspx?catid=76&threadid=6712
allowed me to find the virus manually and delete enough of it to get the standard anti virus to remove the rest.
http://www.computersecurityarticles.info/malware/system-tool-2011/
General recommendations:
-Backup your data
-Disable System Restore
-Install/update Malwarebytes Antimalware
-Run full scan in Malwarebyte
-Reboot into Safe Mode
-Re-run Malwarebytes
-Reboot