Solved

System Tool Virus

Posted on 2011-02-28
13
369 Views
Last Modified: 2013-11-08
Every Time I boot a Dell Optiplex 320 Windows XP box it launches System Tool and scans the computer. I can boot in safe mode and run SpyBot and Malwarebytes but it has been unable to find and remove the virus. I have tried a system restore but none of the restore points have been succesfully restored.

Do you have any suggestions to rid myslef of this virus?
0
Comment
Question by:pbelang11
  • 8
  • 5
13 Comments
 
LVL 38

Expert Comment

by:younghv
ID: 34997439
I just worked through this with another EE member a couple of days ago.
The detailed instructions - read them carefully and follow - are here:

http://www.bleepingcomputer.com/virus-removal/remove-internet-security-2011
0
 
LVL 38

Expert Comment

by:younghv
ID: 34997465
Here is a link to the actual question posted on EE:
http://www.experts-exchange.com/Virus_and_Spyware/HijackThis/Q_26833850.html
0
 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 34997499
Sorry - the link in my first post is for a different variant.
This is the post for "System Tool" malware:

This variant of malware is one of the few that require a "Safe Mode" boot (with networking) to clean with Malwarebytes.

Please review the detailed instructions here:
http://www.bleepingcomputer.com/virus-removal/remove-system-tool
0
 

Author Comment

by:pbelang11
ID: 34997886
I followed the instructions and unchecked the proxy server box under the lan settings but I still cannot access the internet or ping a website
0
 
LVL 38

Expert Comment

by:younghv
ID: 34998138
Did you re-boot to 'Safe Mode with Networking' first?
Do you have access to another computer?
You can just download the file (using the Save As function), then copy the file from USB stick or CD.
0
 

Author Comment

by:pbelang11
ID: 34998222
I have done that but how do I get the latest update for Malwarebytes loaded on the infected computer without internet access. I can get it installed on the infected computer but without internet access it is not the most current version
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 38

Expert Comment

by:younghv
ID: 34998283
0
 

Author Comment

by:pbelang11
ID: 34998400
ok Thank you that gives me a much more current build to run. Once this has completed and I reboot in normal mode I should be able to access the Internet?
0
 
LVL 38

Expert Comment

by:younghv
ID: 34998607
Please let me know if you need more than this, but I think it is pretty well covered in the instructions:

"4.This infection changes your Windows settings to use a proxy server that will not allow you to browse any pages on the Internet with Internet Explorer or update security software. Regardless of the web browser you use, for these instructions we will first need need to fix this problem so that we can download the utilities we need to remove this infection.

Please start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options as shown in the image below...."



0
 

Author Comment

by:pbelang11
ID: 34999186
I hope I am not being thick or missing something very obvious. I seemed to have removed the virus, however, I still cannot access the internet or ping a website from a command prompt. All the settings with internet explorer and in network connections (Local Area connection) appear to be fine. I am logging into a domain and the settings look the same as another workstation on the network that can access the internet. That is the unit I am using to correspond with you. Do you have any suggestions or other things I can check? I did an ipconfig /all and I don't see anything that looks out of sorts.
0
 
LVL 38

Expert Comment

by:younghv
ID: 34999554
To confirm - in your "Local Area Networ (LAN) Settings" tab - all of the boxes are unchecked?
0
 

Author Closing Comment

by:pbelang11
ID: 34999606
Thanks for all your help. I resolved the internet access issue by setting up the network connection from scratch.
0
 
LVL 38

Expert Comment

by:younghv
ID: 34999694
That is terrific - good for you!
Glad everything worked out.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

So you got the Conficker. You could go to each machine and run the eye chart test (http://www.confickerworkinggroup.org/infection_test/cfeyechart.html), but in a bigger environment, or if you prefer to work smarter and not harder, you need some …
PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now