Solved

Warning Your're pc is infected

Posted on 2011-02-21
19
565 Views
Last Modified: 2013-11-22
Greetings,

I seem to have this tough virus that scans my computer for viruses and then asks me for a payment to get rid of it.  I searched the data base and saw several earlier questions so I tried the solutions but they didn't work.  I tried Malwareytes and SmitFraudFix.  It got riid of the back ground srceen that has the "Warning your're computer..." but it still boots up and blocks many if not all the startup applications like "mcagent.exe", etc  I can't launch any prorams like Explorer because it says it's infected.  It has a pop up that is named "System Tool" thst does the scaning of my computer and says I have viruses.  My compuiter is completely useless and this virus seems to ba a tough one to get rid of.  Any ideas ?
0
Comment
Question by:Bloxsom
  • 6
  • 5
  • 3
  • +4
19 Comments
 
LVL 3

Expert Comment

by:residents
ID: 34945473
I would try combofix available here :http://majorgeeks.com/Combofix_d6402.html

Also, if you can get into safe mode, go to start, run, and type MSCONFIG and see if there are any obviously strange things in there and uncheck them. Run combo fix from regular mode if possible.
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 34945475
This is a virus. Boot into safe mode, run a full scan with malwarebytes. If that doesn't work, you must use a boot cd to get a clean boot and then run malwarebytes. I suggest ultimatebootcd.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 34945476
you didn't mention what version of Windows...

Can you boot to Safe Mode and then use System Restore to go to a previous time when you had no problems?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Expert Comment

by:sweeps
ID: 34945520
 I would recommend downloading Kaspersky rescue disk on another computer and burn the iso to CD.  boot your infected computer from this disk and run the full scan.  If you use a network cable for connecting to internet, you can update the virus update files on the fly while being booted to this disk.
0
 
LVL 5

Expert Comment

by:sweeps
ID: 34945545
0
 

Author Comment

by:Bloxsom
ID: 34945548
My OS is Windows 7 and I can get it to run in Safe mode.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 34945561
So go into safe mode and then try to use System Restore.
0
 

Author Comment

by:Bloxsom
ID: 34945600
Where is system restore located ?
0
 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 34945640
You don't need to do a System Restore yet.

This variant of malware is one of the few that require a "Safe Mode" boot (with networking) to clean with Malwarebytes.

Please review the detailed instructions here:
http://www.bleepingcomputer.com/virus-removal/remove-system-tool 
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 34945642
Start Orb -> All Programs -> Accessories -> System Tools
0
 
LVL 2

Expert Comment

by:Plamen Penev
ID: 34945667
I suggest that you download ESET Nod32 online scanner from here. Install it, wait until it downloads current updates and when the program starts to scan your system, immediately unplug your network cable.
0
 
LVL 38

Expert Comment

by:younghv
ID: 34945802
My goodness!

For the life of me, I simply cannot understand where some of this advice is coming from.

"System Tool" is well-documented malware and the fix has been in place for several months.

"ComboFix" is a great tool, but not needed.
Downloading and installing another AV application is neither wise, nor needed.

When "System Tool" was released in the wild, I had several come through my shop and the repair process is fairly simple and direct.

If Experts haven't personally had experience with solving this problem, they probably shouldn't be posting random/generic advice.
0
 
LVL 38

Expert Comment

by:younghv
ID: 34946098
@Bloxsom,
You are the third EE Member in the past couple of days to post with this infection.
Here are the results of one of those requests:
http://www.experts-exchange.com/Q_26833850.html?cid=1131#a34934626

I think that you are probably running some version of McAfee and I would suggest that - after you effect the repairs - you consider switching to stronger protection.

Some of the 'suite' type protective software doesn't do any of the jobs very well and, although McAfee used to be one of my favories, I think they have stretched themselves too thin these days.
0
 

Author Comment

by:Bloxsom
ID: 34947256
Yes, I do have McAfee on the infected computer.  I have a professional version of AVS (30 day trial ) on another laptop.  It seems to work well.  I plan on paying for this when the trial runs out.  Any commets on AVS would be welcome.  Malwarebytes running from Safe mode with Networking enabled deleted the virus !  The reason it worked this time is that Malwarebytes was over 60 days old and needed an update via the Internet.  Thank you !
0
 
LVL 38

Expert Comment

by:younghv
ID: 34947313
You're welcome.
The instructions I gave you are what I've been using for a while now.

For some detailed comments recommendations on protecting your systems, please review my Article here:
http://www.experts-exchange.com/A_1958.html
0
 
LVL 38

Expert Comment

by:younghv
ID: 34947328
I haven't heard of AVS anti-virus, do you mean AVG?

In any event, I am hopeful that you do not have two or more Anti-virus programs installed concurrently.

That will always be a recipe for conflict between/among them.
0
 

Author Comment

by:Bloxsom
ID: 34947570
Yes, I mean AVG.
0
 
LVL 38

Expert Comment

by:younghv
ID: 34947631
I was a regular user of both AVG and AVAST, but AVG doesn't appear to play well with Malwarebytes (either with XP or 7), so I have been pulling licensed versions of AVG off customer's computers and installing MSE.

The AVAST is OK with it so far, so I am letting those licenses expire before pulling it.

The only other AV apps I have experience with are Symantec/Norton (never-ever again) and McAfee.

Save your money for the AVG license, replace it with MSE and buy Malwarebytes-Pro. It will actually be cheaper than your AVG license.
0
 

Author Comment

by:Bloxsom
ID: 34947995
Good advice, MSE and Malwarebytes-Pro it is !
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Updating clients Trend Micro (OfficeScan) Console 5 111
Laptop fan running all the time 21 121
Determine if SQL is installed in Server 2008 R2 4 114
Virus Software comparrison 5 51
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question