General Chat

see my post regarding malwarebytes..

startup in "safe mode with internet connections",~(or networking) and get the free download......you have nothing to lose..........

Bob

What is System Tool 2011?
System Tool 2011 with an alias SystemTool is a virus made to look like a legitimate anti-virus program but in reality it was a piece of fake application or commonly known as rogue security program. It will arrived on computers as a recommended virus removal tool from a fake online virus scanners. Instead of getting rid of computer threats, victims will experienced a more disturb computer system. A continuous pop-up alerts will be displayed accompanied by a promotion to get the licensed version of System Tool 2011. Some Windows functionalities will be rendered unusable like task manager, registry editor and control panel. This was intended to prevent users from removing System Tool 2011 manually.

When finding it hard to remove System Tool 2011, some will resort into purchasing the registered version of this useless software. By doing so, victims will be redirected to an online payment processing web site where credit card information will be requested. Providing this details may cause excessive charges to credit card for other unknown transactions. Instead of obtaining this potentially unwanted program. You might as well get a free version of an effective anti-malware program that was known for its ability to take out malicious programs from the infected computer.

Type Rogue
Sub-Type FakeAV
Aliases
OS Affected Windows
Detected By MalwareBytes

What are the Symptoms of System Tool 2011 Infection?


It will modify Windows Registry and add the following entries:
HKEY_CURRENT_USER\Software\System Tool 2011
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “2487226410?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random]”
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
“[Random]“=”c:\Documents and Settings\All Users\Application Data\[Random].exe”

The threat will drop the following malicious files:
%AppData%\[random]\
%AppData%\2487226410
%AppData%\[random]\[random].bat (2487226410.bat)
%AppData%\[random]\[random].cfg (2487226410.cfg)
%AppData%\[random]\[random].exe (2487226410.exe)
%UserProfile%\Desktop\System Tool 2011.lnk
%UserProfile%\Start Menu\Programs\System Tool 2011.lnk
%temp%.\[random]\
%systemdrive%\Documents and Settings\All Users\Application Data\2BcT333842 [Random Folder]
-%systemdrive%\Documents and Settings\All Users\Application Data\2BcT333842\2BcT333842 [Random File]
-%systemdrive%\Documents and Settings\All Users\Application Data\2BcT333842\2BcT333842.exe [Random Files]




How to Remove System Tool 2011 Manually
1. Restart your computer in SafeMode
- Press F8 on keyboard as soon as you turn on the computer
- Select SafeMode to start the computer loading only minimal resources

2. Delete Windows registry entries the malware created. It is important to BACKUP YOUR REGISTRY FIRST.
- On Windows Start Menu, Click Start > Run
- Type in the field, regedit
- Find registry entries mentioned above and delete if necessary

3. Files related to System Tool 2011 must be deleted:
- Browse and delete malicious files detected above.
- Some files cannot be deleted instantly. Press Ctrl+Alt+Del to open Windows Task Manager, look for any virus-related files mentioned on this page and highlight it, click End Process. Try to delete the file once more.

4. Run Antivirus Program
- You must be connected to Internet to be able to update your anti-virus program. This is needed to have the latest database available and detect newer threats.
- Thoroughly scan the computer and clean or delete all detected threats.

Automatic Removal of System Tool 2011
1. Print this procedure as we need to close all running programs later.
2. Download MalwareBytes’ Antimalware here and save it to your Desktop.
3. Close all open applications.
4. Double-Click on the downloaded mbam-setup.exe to start the installation. If unable to execute, infections on computer is preventing it from running, rename the file mbam-setup.exe to anything (like myfile.exe)
5. Run the installation on the default settings. No changes are necessary.
6. Just before completing the installation, make sure that the following are marked check.
- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware

7. MBAM will run and update itself after installation. Close MBAM after the update.

8. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode

9. Click on the MBAM icon and start to Perform Full Scan to begin scanning your computer for System Tool 2011 related files.
10. After scanning, a message will appear stating that the scan is completed successfully. Click OK.
11. Click Show Results and detected threats will be displayed.
12. Make sure that all threats are marked check, then click Remove Selected to begin removal of the malicious files.
13. Exit MalwareBytes’ AntiMalware and restart your computer.

14. System Tool 2011 and all its files are now removed from your computer. To protect your computer from this threat and avoid future infections, you may want to obtain a Full Version of MalwareBytes’ AntiMalware.
Categories: Rogue Tags: How to Remove System Tool 2011

It looks like it ate her computer!!!

Poor girl...

If you get these messages it MAY be possible to get your computer sorted but mine to about 20 hours of loading and uploading stuff to clean it up!!

Sandra I think you need an IT specialist to help you to get rid of it because it will automatically start on 'start up'.

Sandra ........I cant mail you I dont know if anyone else can ......so I assume we cant help you get rid of this system tools which is a virus........

hiya, anyone foolish enough like me and fell for system tools, how the heck do i get rid of it,(cost me £49 dead money) thx for replies x

i had the same problems with another forum i uesed last weekend readit swap it site so herhaps it sould be called bug weekend lol

Also this site is running very slowly. Do not usually have this problem,.
Other sites are as normal.

Quick answer to MGM:
Of course Malwarebytes can usually be run in Safe Mode, I was just trying to make the point that you need to install it BEFORE a virus cuts off your internet access, which is what has happened to a friend.

If GR were to let us know then people wouldnt visit the site ......

But at the same time they havent gained anything coz my facebook friends wont come here till they are sure its safe again....and the reason for that is I,m not posting there either except on my phone which caused friends to ask questions as to where my puter was!!!

They are losing out all round

l contacted them too a few days ago, not heard back yet and not had any probs recently:o))

jude

I've had no trouble since Sunday touch wood, but agree gr could let us know whats going on

It seems that GR is keeping very quiet about this, i contacted them the other day and got the reply back "we know of this and are working on it" or words to that affect,
Be nice if they used their new announcement board to tell every one what is happening

Blu

Its system tool 2011 thats making this happen from Russia!!!!!!

Run all scans and malware protectors and then PRAY!!!!!

can come in on e-mails!!!

Reading the various threads and articles on the internet it seems that many of the problems reported are being introduced by adverts on what are usually considered to be safe sites.

Switching to GR USA . GR South Africa, changing from Hotmail to Gmail etc etc isn't going to solve the problem. You need to stop the adverts loading up in the first place. Firefox with Adblock Plus seems to be a good option to ensure you are advert free.

But, make sure you have some up to date spyware / malware detection on your PC as well in case you get caught. Malwarebytes does seem to be reasonably effective in this respect and costs nothing to install.

Reading that Rose theya re saying Sunday night and only 6 sites affected. I reckon there must be more than that. Isn't it annoying when they only tell half a story.

Presumably to do with this?

http://www.dailymail.co.uk/sciencetech/article-1362205/Thousands-home-computers-infiltrated-hackers-infect-high-profile-websites-booby-trapped-ads.html

I have my suspicions about the GR adverts.

If you download and install the free version of Malwarebytes you should be able to access and run it in Safe Mode if you have problems.

It's no good trying to do it WHEN you have a problem as a virus might probably block your internet access, and then it's too late!

I have sent you a pm Bob to say thank you for the fix. Unfortunately I couldn't get the computer to read the USB drive to load it onto the computer. So I took the computer to a friend's husband and this is what he has just told me over the phone what I did wrong.

When I was on the boards on Monday morning there was a flashing message telling me I had just won a new Mac and there was a message in my inbox. Thinking it was a scam I closed it using the red cross and bang it got me and as I was on a spare computer which didn't have the most up to date anti virus the computer was kaput.

Now I did the same thing with our main PC also on Monday by closing this box when it appeared and nothing happened but this computer has Norton's 360 on it which runs a daily scan so it wasn't affected.

Now I changed my GR and Ancestry passwords just in case but according to Jim there was nothing in this malware that could trace passwords or keystrokes but it wanted you to buy their software using your credit card over the internet.

We can't blame GR for this as it's apparently happening all over the world to a large number of computers. I bet the those companies who make the anti virus software are rubbing their hands together.

Regards
Gai

I keep getting Trojan warning on Freinds Reunited. Same on Hotmail so I've switched to Gmail

Unfortunately the drivers were important ones like the keyboard. But IT man proved the keyboard was fine by attaching to another pc (or something). Sounds like it is going to cost £60 to fix.