Warning , fake anti virus / trojan

[briggie]

WARNING.. FAKE ANTI VIRUS/TROJAN . SYSTEM TOOL 2011



This is a scam that makes people think they have viruses when they do not.
When I had Norton scams like this didn't fool me because Norton always gave an unmistakable noise when it did something.
This scam makes it look as if it is the genuine Microsoft Security Essentials wanting to delete a Trojan.
it cerainly fooled me into thinking that anyway.
It will be easiest if I copy a message from another room

I might not be around for a few days.
I am using my old computer and it is very slow. I have to take my recent computer into PCworld because a virus has stopped it from working, I was all afternoon and evening yesterday trying to delete the virus, my son came down to help as well but we couldn't get rid of it.
The virus is called: SYSTEM TOOL 2011 It has really messed up my computer!!
I shall do my best to get in here.
Tammy.

[rustic]

Quote:

Originally Posted by briggie

WARNING.. FAKE ANTI VIRUS/TROJAN . SYSTEM TOOL 2011



This is a scam that makes people think they have viruses when they do not.
When I had Norton scams like this didn't fool me because Norton always gave an unmistakable noise when it did something.
This scam makes it look as if it is the genuine Microsoft Security Essentials wanting to delete a Trojan.
it cerainly fooled me into thinking that anyway.
It will be easiest if I copy a message from another room

I might not be around for a few days.
I am using my old computer and it is very slow. I have to take my recent computer into PCworld because a virus has stopped it from working, I was all afternoon and evening yesterday trying to delete the virus, my son came down to help as well but we couldn't get rid of it.
The virus is called: SYSTEM TOOL 2011 It has really messed up my computer!!
I shall do my best to get in here.
Tammy.

Last June a Trojan got into mine, and I bought a netbook, to use, while the main PC went to PC world. ( use netbook more now, sat on my lap while I watch TV, that's why I post more now I guess..)

The Trojan got in and deleted my Norton security and installed it's own programme, that wouldn't let me down load my online security free with BT.

So PC world had it for a week, I think £20-£30 and it was sorted and no data was lost on the main computer, eventhough I had backed up as well.

[Thomas-the-Terrano2]

feel for you, had something similar recently only just backon track after a full
system recovery.

dont know how got in, hadnt been anywhere dodgy.

only thing was looking at google images for pix of buses and trains
and one didnt expand under pointer so clicked on it.
also was ona an avg approved site went to play a video of a train
and all hell broke loose.

lappy nearly went thru window, was so close to just buying a new one
and i'm my family and friends techie so used to fixing other's malware

[rustic]

Quote:

Originally Posted by Thomas-the-Terrano2

dont know how got in, hadnt been anywhere dodgy.

I hadn't either, in fact I was on Google at the time looking at discounted TV's.

I clicked on Currys I think and then Dixons etc an this is when it all went haywire.

It may have been dormant in the system waiting for some trigger who knows, but it put some interesting sites on my start page.....

When I spoke to PC World they said these are often linked to emails, In fact I sometimes get emails from friends that haven't used that address for years, this is how they can get in.

The worst ones are where the title just says "Hi" , I always delete these straight away. Upsets wife though....And most I am not expecting, eg you have won this.... free gifts if.... etc

OR " John" has sent you a youtube to look at.... No he hasn't he would have sent it himself.... DELETED..... NEXT....

my daughters lappy got this just the other day,it got past avg 2011 full and it disables all antivirus software locking you out of where its hiding,if u google search it there rheams on it,little blighter eh!

[kitchenman]

I run Mailwasher from NZ
You get to scan the email while they are still on the server, & you get a stern warning if you try to click on a link. Well worth the 20 quid or so a year I think

[clivvy]

yeah its doing the rounds is that one, havng to clear it a load of client pcs. generlaly its not too bad, just an annoyance and easy to clear! I believe it gets in via websites, hacked ones of course so you have no way of knowing which ones I suppose.

[Fez_uk]

if you get a virus that stops you downloading or running anti virus run the computer in safe mode and then do a scan.

Bam.

[rustic]

Quote:

Originally Posted by Fez_uk

if you get a virus that stops you downloading or running anti virus run the computer in safe mode and then do a scan.

Bam.

Safe mode...
So where does the con*om go
Not on the USB port then?

[Coop48]

If you get Sytem Tool 2011 also known in other forms as SpywareQuake, SpyFalcon, SpywareStrike, SpySheriff, SpyHeal and many other pseudonyms on ur PC.
This program shows itself in the 1st instance as a genuine looking "advert, post,link or communication" Do not click "Yes or No or the red cross" it will have the same result ie it will install the bogus av software. Press "alt ctr del" run task manager close all running programs and then reboot pc.Hopefully you did not get hit. If you did dont use the pc just shut it down untill you can use a clean pc to download rkill, tdsskiller and Malwarebytes antimalware to a usb stick.(they are all freeware so just google for them).
Its no use using system restore either so dont be tempted to play.
Start in safe mode/command prompt and run rkill 1st then tdsskiller from the usb key, exit Command prompt install malware bytes anti malware and run it. This should remove the problem for you. Reboot and run Malwarebytes in Admin mode. Make sure you can then run your usual antivirus.
System tool 2011 adds a tag to your av and security programs to disable them and tags various system files as infected. It can only be installed on your pc if you do something to allow it. So NEVER EVER EVER click any link you are not sure about ( dont forget "nothing is free in this world"). If you are tempted to pay the "subcription fee" that will not be the end of it cos then you are trapped into paying more and more. I have removed this from 3 pc's in the last 2 weeks using the above method.
I also run Regmechanic to check the Registry.
I hope this helps if only to serve as a warning.
Gary

[4x4_Gav]

A virus, whats a virus, cough mac user cough rofl!!!!!!

Fix plenty of Virus' at work though

[paulp]

hi if it is the same virus i had - it will not let you proceed or enter into system tools.

Go into the computer using safe mode. then you can go into control panel and delete any suspect files.

once that has been done you can then do a system restore and the virus will be gone.

i currently AVG 2011 free version - then do a system scan.

if the puter is totally fugged then you should beable to recover your documents using KNOPPIX (a linux based operating system)

good luck hope all is sorted

paulp

all my pcs running avg full 2011 and there tuneup add on yet it still got onto her lappy,i can only asume shes "let it in" but it stopped avg,locked me outve system tools etc preventing it being dug out that way,peed me off getting past avg even if she clicked it!

[paulp]

Hi Jace sounds like the type of virus i had

safe mode then system restore to an earlier date should sort it.

paulp

[Thomas-the-Terrano2]

well one i had said avg was infected when clicked on avg icon etc.

then noted it was trying to open browser and got to dodgy looking adult
sites, adult.com was one i think.

so thought, f you and unpluged ethernet cable.

it then seemed to get bored, and go to sleep

and eventually avg would run, thouogh could rid some trojan files
in ram as i recall.

took a file from kerpasky to kill them.

certainly had a google rerouter.

if selcted something from a list of sites in google would go elsewhere

in end had to get to kaspersjy link by clickinging open link in new tab
with right click, foxing the sodding thing.