Solved

Warning Your're pc is infected

Posted on 2011-02-21
19
560 Views
Last Modified: 2013-11-22
Greetings,

I seem to have this tough virus that scans my computer for viruses and then asks me for a payment to get rid of it.  I searched the data base and saw several earlier questions so I tried the solutions but they didn't work.  I tried Malwareytes and SmitFraudFix.  It got riid of the back ground srceen that has the "Warning your're computer..." but it still boots up and blocks many if not all the startup applications like "mcagent.exe", etc  I can't launch any prorams like Explorer because it says it's infected.  It has a pop up that is named "System Tool" thst does the scaning of my computer and says I have viruses.  My compuiter is completely useless and this virus seems to ba a tough one to get rid of.  Any ideas ?
0
Comment
Question by:Bloxsom
  • 6
  • 5
  • 3
  • +4
19 Comments
 
LVL 3

Expert Comment

by:residents
ID: 34945473
I would try combofix available here :http://majorgeeks.com/Combofix_d6402.html

Also, if you can get into safe mode, go to start, run, and type MSCONFIG and see if there are any obviously strange things in there and uncheck them. Run combo fix from regular mode if possible.
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 34945475
This is a virus. Boot into safe mode, run a full scan with malwarebytes. If that doesn't work, you must use a boot cd to get a clean boot and then run malwarebytes. I suggest ultimatebootcd.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 34945476
you didn't mention what version of Windows...

Can you boot to Safe Mode and then use System Restore to go to a previous time when you had no problems?
0
 
LVL 5

Expert Comment

by:sweeps
ID: 34945520
 I would recommend downloading Kaspersky rescue disk on another computer and burn the iso to CD.  boot your infected computer from this disk and run the full scan.  If you use a network cable for connecting to internet, you can update the virus update files on the fly while being booted to this disk.
0
 
LVL 5

Expert Comment

by:sweeps
ID: 34945545
0
 

Author Comment

by:Bloxsom
ID: 34945548
My OS is Windows 7 and I can get it to run in Safe mode.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 34945561
So go into safe mode and then try to use System Restore.
0
 

Author Comment

by:Bloxsom
ID: 34945600
Where is system restore located ?
0
 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 34945640
You don't need to do a System Restore yet.

This variant of malware is one of the few that require a "Safe Mode" boot (with networking) to clean with Malwarebytes.

Please review the detailed instructions here:
http://www.bleepingcomputer.com/virus-removal/remove-system-tool
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 34945642
Start Orb -> All Programs -> Accessories -> System Tools
0
 
LVL 2

Expert Comment

by:Sup3rCharged
ID: 34945667
I suggest that you download ESET Nod32 online scanner from here. Install it, wait until it downloads current updates and when the program starts to scan your system, immediately unplug your network cable.
0
 
LVL 38

Expert Comment

by:younghv
ID: 34945802
My goodness!

For the life of me, I simply cannot understand where some of this advice is coming from.

"System Tool" is well-documented malware and the fix has been in place for several months.

"ComboFix" is a great tool, but not needed.
Downloading and installing another AV application is neither wise, nor needed.

When "System Tool" was released in the wild, I had several come through my shop and the repair process is fairly simple and direct.

If Experts haven't personally had experience with solving this problem, they probably shouldn't be posting random/generic advice.
0
 
LVL 38

Expert Comment

by:younghv
ID: 34946098
@Bloxsom,
You are the third EE Member in the past couple of days to post with this infection.
Here are the results of one of those requests:
http://www.experts-exchange.com/Q_26833850.html?cid=1131#a34934626

I think that you are probably running some version of McAfee and I would suggest that - after you effect the repairs - you consider switching to stronger protection.

Some of the 'suite' type protective software doesn't do any of the jobs very well and, although McAfee used to be one of my favories, I think they have stretched themselves too thin these days.
0
 

Author Comment

by:Bloxsom
ID: 34947256
Yes, I do have McAfee on the infected computer.  I have a professional version of AVS (30 day trial ) on another laptop.  It seems to work well.  I plan on paying for this when the trial runs out.  Any commets on AVS would be welcome.  Malwarebytes running from Safe mode with Networking enabled deleted the virus !  The reason it worked this time is that Malwarebytes was over 60 days old and needed an update via the Internet.  Thank you !
0
 
LVL 38

Expert Comment

by:younghv
ID: 34947313
You're welcome.
The instructions I gave you are what I've been using for a while now.

For some detailed comments recommendations on protecting your systems, please review my Article here:
http://www.experts-exchange.com/A_1958.html
0
 
LVL 38

Expert Comment

by:younghv
ID: 34947328
I haven't heard of AVS anti-virus, do you mean AVG?

In any event, I am hopeful that you do not have two or more Anti-virus programs installed concurrently.

That will always be a recipe for conflict between/among them.
0
 

Author Comment

by:Bloxsom
ID: 34947570
Yes, I mean AVG.
0
 
LVL 38

Expert Comment

by:younghv
ID: 34947631
I was a regular user of both AVG and AVAST, but AVG doesn't appear to play well with Malwarebytes (either with XP or 7), so I have been pulling licensed versions of AVG off customer's computers and installing MSE.

The AVAST is OK with it so far, so I am letting those licenses expire before pulling it.

The only other AV apps I have experience with are Symantec/Norton (never-ever again) and McAfee.

Save your money for the AVG license, replace it with MSE and buy Malwarebytes-Pro. It will actually be cheaper than your AVG license.
0
 

Author Comment

by:Bloxsom
ID: 34947995
Good advice, MSE and Malwarebytes-Pro it is !
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
Some of the most commonly posted questions in the "Virus & Malware" Zones are related to the family of rogue malware with the date "2012" somewhere in the title. Examples: XP Antispyware 2012 XP Antivirus 2012 XP Security 2012   XP Home Sec…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now