- Joined
- Jul 24, 2002
- Messages
- 7,128
OT: "System Tool" virus
- Thread starter Andy Brown
- Start date
Help Support Intlwaters:
CySlyde
Well-Known Member
- Joined
- May 12, 2003
- Messages
- 839
Most anti-viruses miss something... nothing catches it all. I have viruses on disks that even after giving them to Norton and to mcaffe they still wont catch them. PC tools is pretty good... wouldn't waste my time with Mcaffee unless you want to pay the extra for enterprise then might as well get some extra ram... as it updates it becomes a memory hog unless you want to tweak it every few weeks... I still run Panda for my paid antivirus and AvG for the free, I do not run AVG all the time i only use it to catch what others miss... and it does that about 90% of the time.
you are in a seven step program step program here.
#1 get a good antivirus, Norton and Mcaffee are memory hogs, and a lot of worms and viruses have learned how to defeat them, so dont go with either in this instance.. after you get cleaned you can take the risk with them if you want. there are lots to choose from get two or three.. put em on a storage drive.
#2 get a good anti spy ware software (I use malware bytes and DRweb) DRweb DRweb is a malware tool that is fairly good at getting out rootkits and droppers too. I have it Malwarebytes and AVG on all my flashdrives should an emergency arrive.
#3 get a good anti rootkit. sophos rootkit removal tool even if you get drweb throw this in the mix..
#4 Start in safe mode (f8 while your computer is running), no networking... hit control alt delete and shutdown everything you can and still keep the computer running.. You must have explorer, winlogin, task manager, task host. your computer may need one or two more, but any OEM windows install will require those few to limp.
#5 RUN your spy-ware, run your rootkit tool, and lastly your anti-virus repeat if you have multiple programs (you should!).
#6 restart in safe-mode, this time don't shut everything down, let it start on it's own and repeat step four.
#7 attempt a normal boot... if your still having issues here is a last attempt effort. download hijack this hijack this
hijack this will not clean your system... the only thing it does is makes a readout of everything that is running, called up on start-up, or in a registry key on your system. it will give you a report. take that report and paste it in the hijack this forum... give yourself about an hour I guarantee someone will know whats dropping the virus and what you need to remove from your system, you can also ask them to help you tune your system for better performance... but focus on getting the system tools off your system first.
I have removed this program with malware bytes, however malware does not get the dropper / rootkits, so you get stuck in a cycle. I always redo the scans... sometimes you'll find a few things that get left behind and it's a good indicator of weather or not you got the rootkit or dropper out of your system if you keep finding new instances of the viru,s you know your not getting the source of the problem.
pm me if you need help with my list. if you have access to another computer use it to download the programs you want to use onto a thumb drive... most will run from a thumb if you install them there. U3's are the best for this type of usage though.
you are in a seven step program step program here.
#1 get a good antivirus, Norton and Mcaffee are memory hogs, and a lot of worms and viruses have learned how to defeat them, so dont go with either in this instance.. after you get cleaned you can take the risk with them if you want. there are lots to choose from get two or three.. put em on a storage drive.
#2 get a good anti spy ware software (I use malware bytes and DRweb) DRweb DRweb is a malware tool that is fairly good at getting out rootkits and droppers too. I have it Malwarebytes and AVG on all my flashdrives should an emergency arrive.
#3 get a good anti rootkit. sophos rootkit removal tool even if you get drweb throw this in the mix..
#4 Start in safe mode (f8 while your computer is running), no networking... hit control alt delete and shutdown everything you can and still keep the computer running.. You must have explorer, winlogin, task manager, task host. your computer may need one or two more, but any OEM windows install will require those few to limp.
#5 RUN your spy-ware, run your rootkit tool, and lastly your anti-virus repeat if you have multiple programs (you should!).
#6 restart in safe-mode, this time don't shut everything down, let it start on it's own and repeat step four.
#7 attempt a normal boot... if your still having issues here is a last attempt effort. download hijack this hijack this
hijack this will not clean your system... the only thing it does is makes a readout of everything that is running, called up on start-up, or in a registry key on your system. it will give you a report. take that report and paste it in the hijack this forum... give yourself about an hour I guarantee someone will know whats dropping the virus and what you need to remove from your system, you can also ask them to help you tune your system for better performance... but focus on getting the system tools off your system first.
I have removed this program with malware bytes, however malware does not get the dropper / rootkits, so you get stuck in a cycle. I always redo the scans... sometimes you'll find a few things that get left behind and it's a good indicator of weather or not you got the rootkit or dropper out of your system if you keep finding new instances of the viru,s you know your not getting the source of the problem.
pm me if you need help with my list. if you have access to another computer use it to download the programs you want to use onto a thumb drive... most will run from a thumb if you install them there. U3's are the best for this type of usage though.
Andy Brown
Well-Known Member
- Joined
- Feb 8, 2003
- Messages
- 2,657
Thank you for all of that info.
I just found a local computer shop that has plenty of experience with "systen tool".
I will take it to them now.
We have been using Norton. I will study all of your suggestions and impliment them.
Thanks,
Andy
CySlyde
Well-Known Member
- Joined
- May 12, 2003
- Messages
- 839
that sounds like a plan Andy. hopefully they will get it out for you without too much hassle or loss.
everyone is going to have different recommendations on which programs to use and why, feel free to ask the shop you take your computer to for recommendations.. or pop back on here if you have any questions.
everyone is going to have different recommendations on which programs to use and why, feel free to ask the shop you take your computer to for recommendations.. or pop back on here if you have any questions.
- Joined
- Nov 22, 2003
- Messages
- 7,159
Andy, I went through this about 6 months ago, the system tool virus was the anti virus AV8. I was able to have a tech from the Geek Squad clean it out remotely, took him 6 hrs his first shot. They came back 2 more times, the service was good for 30 days. He recommended Trend Micro Titanium software,which I bought and installed. Knock on wood no problems so far, software has stopped a few viruses since. It works for me, OMHO 
dwb2620
Well-Known Member
- Joined
- Nov 6, 2002
- Messages
- 638
This is a good post.
Tracy Dolphin
Well-Known Member
- Joined
- Jun 16, 2004
- Messages
- 279
Andy Download software called malawarebytes http://www.malwarebytes.org/ on another computer to a USB stick. Restart your infiected computer in safe mode F8 or F6. Install the software and run it. It's a pretty good. Should help
Feel free to give me a call for questions
- Joined
- May 28, 2004
- Messages
- 4,235
Drop microsoft and go with ubuntu 99.9% virus free.Been useing this for three years and no problems.
Dave Roach
Dave Roach
Last edited by a moderator:
- Joined
- Oct 25, 2004
- Messages
- 1,131
Andy, does that virus affect your phone as well??
T
TomMoorehouse
Guest
misshydro
Well-Known Member
- Joined
- Oct 26, 2006
- Messages
- 1,962
I got a question guys... Ok I endup buying a new compac lap top.. and yesterday I bought a new belkin router..loaded the disc on joes backup computer and the next day before joe even clic on the interent ,end up getting a windows tool!! It a defrager tool and its a virus cant get rid of it..Is this one of the tool virus's that going around?? I got mc afee and defender pro 2011 on my laptop...Need to know how to get that out of joes backup computer please.. He's very upset..
- Joined
- Nov 25, 2003
- Messages
- 16,194
Yup, I use it too. Works extremely well. B)
CySlyde
Well-Known Member
- Joined
- May 12, 2003
- Messages
- 839
you've lost me... how is it a defragger and a virus? defragger is a good (there are better out there) tool that comes pre-installed. why are you thinking its a virus?
misshydro
Well-Known Member
- Joined
- Oct 26, 2006
- Messages
- 1,962
It say wondows tools.. The icon looks like a puzzle .blue yellow green and red square puzzle peices..Ok the when you turn on the computer and after the windows goes threw,the screan goes black into safe mode.. the that tool pops up and you have to let it do its defrag before your main screan/home pops up/opens.then it say to fix your proublems you have to pay 69.00!! Now Joe just told me windows sent some updates..So he shut off the computer before he went to bed,well it was uploading then after its done the computer will shut down after its done like aways...Going to call Mico soft and ask them about it..Its acting like a virus because you cant delete it and when you get five to six pops ups small saying no windows disc.. You X out of others the computer rest starts again..
Last edited by a moderator:
Steve-O
Well-Known Member
- Joined
- May 2, 2006
- Messages
- 49
Guys,
I got hit by this "System Tools" virus despite having the enterprise version of McAfee.
This is a bad worm. The virus is hard to get rid of becazuse it loads into your user profile and disables many of the Windows tools that would be used to contain and eliminate it.
You can get rid of it by logging on to windows as an admin, then create a new logon profile and then delete your old infected profile. This virus kept the IT gurus hopping for quite awhile.
Good Luck!
I got hit by this "System Tools" virus despite having the enterprise version of McAfee.
This is a bad worm. The virus is hard to get rid of becazuse it loads into your user profile and disables many of the Windows tools that would be used to contain and eliminate it.
You can get rid of it by logging on to windows as an admin, then create a new logon profile and then delete your old infected profile. This virus kept the IT gurus hopping for quite awhile.
Good Luck!
misshydro
Well-Known Member
- Joined
- Oct 26, 2006
- Messages
- 1,962
I got rid of it to day!! Just reboot the computer to factory settings,and man its old..2003 setting.. wont updat windows browser.. so were using firefox as our browser.. unitl windows send updates to this computer.
CySlyde
Well-Known Member
- Joined
- May 12, 2003
- Messages
- 839
sorry i missed that miss h. glad you got a way around it though.
Steve, that will work to get you booted, but it doesn't get rid of the files that are infecting the computer, only the call to run it. you still need to get rid of the dropper or and the file itself, otherwise your likely to reactivate it without realizing it.
Steve, that will work to get you booted, but it doesn't get rid of the files that are infecting the computer, only the call to run it. you still need to get rid of the dropper or and the file itself, otherwise your likely to reactivate it without realizing it.
Andy Brown
Well-Known Member
- Joined
- Feb 8, 2003
- Messages
- 2,657
Took our computer to the shop. They had to wipe the Hard drive clean to get rid of the 'System Tool' virus.
Spent the last several days getting all of our programs reloaded including Book keeping, UPS shipping, Email files, ect, ect.
Will get back to everyone soon who have been awaiting e-mail responses the last weeks. Have about 150 new e-mails to get through so please be patient.
Thanks and good boating,
Andy
Spent the last several days getting all of our programs reloaded including Book keeping, UPS shipping, Email files, ect, ect.
Will get back to everyone soon who have been awaiting e-mail responses the last weeks. Have about 150 new e-mails to get through so please be patient.
Thanks and good boating,
Andy
