Solved

how do you remove the "system tools hoax" software

Posted on 2011-02-14
11
804 Views
Last Modified: 2012-05-11
This seems to be a new program pretending to be an antivirus program. It is a scam, but it hijacks the computer and there seems to be no way to see the virus or stop it from runnning.  McAfee is totally ignorant of it and wants $90 to "try" to remove it.  Is there any other way to get rid of this hoax?
0
Comment
Question by:dean_stephens
11 Comments
 
LVL 8

Expert Comment

by:moonie42
Comment Utility
Refer to:
http://www.computersecurityarticles.info/malware/system-tool-2011/

General recommendations:
-Backup your data
-Disable System Restore
-Install/update Malwarebytes Antimalware
-Run full scan in Malwarebyte
-Reboot into Safe Mode
-Re-run Malwarebytes
-Reboot
0
 
LVL 4

Expert Comment

by:RobertParten
Comment Utility
If this is a 32 bit Windows 7 machine you can attempt to run

combofix

HOwever, I would recommend running a good clenup utility as well:

http://www.stevengould.org/index.php?option=com_content&task=view&id=15&Itemid=69

Will clean up a lot of that crap that is sitting around, do that before you run a scan. In the worst case scenario you can download sysinternals procexp and find the culprit file and "echo" it out and render it useless. I can offer further detail if you want.
0
 

Author Comment

by:dean_stephens
Comment Utility
I already own McAfee.  Why will they not help me remove the virus?  If it has been around since 2008 it cannot be that hard to get rid of.
0
 
LVL 9

Expert Comment

by:bz43
Comment Utility
Here is a link that says don't disable system restore until after you run the scans:
http://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/A_1934-Viruses-in-the-System-Volume-Information-System-Restore.html

Here is a link that says to run scans in normal mode NOT safe mode, if you can:
http://forums.malwarebytes.org/index.php?showtopic=17334&st=0&p
0
 

Author Comment

by:dean_stephens
Comment Utility
@moonie42 - The software you linked to will not install since it requires you install in normal mode and the virus will allow nothing to run in normal mode.  Only safe mode can be used.
@ bz43 - ditto
@RobertParton - All I get when I try to find Combofix is a link to Registry Mechanic.  I assume I am doing something wrong but I cannot figure out how to find the program. Do you have a link perhaps.  

I am really gettting frustrated with this.  

McAfee has given me a link to a program called "stinger', which ran to completion and did not find the virus or remove it.  I am still stuck with nothing but safe mode.  Normal mode is infected with the "System Tools" hoax and nothing seems to work.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:dean_stephens
Comment Utility
I am being told by both McAfee and Norton that this virus can only be removed manually at a cost of $99.  Does anyone know any other option?
0
 
LVL 9

Accepted Solution

by:
bz43 earned 500 total points
Comment Utility
I asked the moderators to add some antivirus zones to your question.  Right now the only zone it's in is "Windows 7".  More people should read it when the zones are updated.  Or see if you can add some zones to this question like: Anti-Virus, Anti-Spyware, Internet Security, Latest Threats.

There is a bootable disk called the VIPRE Rescue Program at http://live.sunbeltsoftware.com/
Maybe, from another non-infected computer, download that and run it on the infected PC.

This thread might be about your infection.  I'm not sure.  Please read it at:
http://supportforums.sunbeltsoftware.com/messageview.aspx?catid=76&threadid=6712

Only download Combofix from the following website:
http://www.bleepingcomputer.com/download/anti-virus/combofix

Tutorial on how to use combofix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 

Author Closing Comment

by:dean_stephens
Comment Utility
Thank you so much.
0
 
LVL 9

Expert Comment

by:bz43
Comment Utility
You're welcome.  Were you able to remove the virus?
0
 

Author Comment

by:dean_stephens
Comment Utility
Yes.
0
 

Author Comment

by:dean_stephens
Comment Utility
For clarification, the details on the second thread you posted

http://supportforums.sunbeltsoftware.com/messageview.aspx?catid=76&threadid=6712


allowed me to find the virus manually and delete enough of it to get the standard anti virus to remove the rest.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

So many times I have seen the words written in a question "if only I could show you" or " I know how hard it is for you since you can't see it" in any zone. That has inspired me to write about this tool in windows 7 called "Problem Steps Recorder…
Article by: Lee
Windows 7 Ultimate and Enterprise (and 2008 R2) introduced a new feature you may not be aware of - Boot from VHD.   Boot from VHD (or what Microsoft refers to asNative Boot allows you to install Windows to a VHD (Virtual Hard Disk) file that is t…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now