System Tool Virus

BleepingComputer.com: System Tool Virus

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.

Page 1 of 1

You cannot start a new topic
You cannot reply to this topic

System Tool Virus

#1 pd1dish

New Member

Group: Members
Posts: 2
Joined: 08-January 11

Posted 08 January 2011 - 07:32 PM

I got the System Tool Virus last night and I have gone through several steps to try and get rid of it on my computer. I booted my computer in Safe Mode with Networking and ran Rkill.exe. It only found one process running that was malicious and I removed it. I then downloaded Malwarebyte's Anti-Malware and ran a full scan and it detected 3 files that needed to be removed. They were removed. I also ran Spybot - Search and Destroy and it detected about 68 files of adware/spyware that I then removed. I then ran Webroot Spy Sweeper and it didnt find anything. I also deleted my HOSTS file and replaced it with the original Vista HOSTS file.

I then rebooted my computer and the virus seems to have pretty much gone away. The only problem I am currently having is that my Spy Sweeper is literally detecting every 10-15 seconds some sort of adware or spyware trying to get to my computer and blocking it. Im obviously happy that it is blocking them but it gives me an alert and pops up on my screen every time it blocks it and it interrupts what I am doing. So there is obviously a part of the virus still on my computer.

I can run Spybot S&D and every time I run it there are more files that I can delete. I ran it a second time and it found 8 files. I ran it a third time and it found more. So there is something on my computer that is still allowing spyware and adware onto my computer. This caused me to re-run Rkill and it found NO malicious processes running on my computer. So I then ran Malwarebyte's Anti-Malware and it found NO files that needed to be quarantined. Here is a screenshot of my processes in my task manager:

http://i461.photobucket.com/albums/qq335/pd1dish/taskmanager.jpg

Maybe someone can tell me if there are any suspicious processes. I went ahead and did some research on some I thought to be suspicious and I found that rundll32.exe can be linked with viruses or malware and so can csrss.exe. I tried ending these processes and I get this message: "The operation cannot be completed. Access is denied."

Any help with this would be appreciated. Thanks

Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

#2 Animal

Bleepin' Animinion

Group: Site Admin
Posts: 18,919
Joined: 18-August 05
Gender:Male
Location:Location, Location

Posted 08 January 2011 - 08:34 PM

Take a look here: Remove System Tool and SystemTool (Uninstall Guide)

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown
Posted Image

A learning experience is one of those things that say, "You know that thing you just did? Don't do that." — Douglas Adams.
Why is the word abbreviation so long?
Follow BleepingComputer on: Facebook | Twitter | Google+

#3 pd1dish

New Member

Group: Members
Posts: 2
Joined: 08-January 11

Posted 09 January 2011 - 02:33 AM

Animal, on 08 January 2011 - 08:34 PM, said:

Take a look here: Remove System Tool and SystemTool (Uninstall Guide)

Thats the exact step to step guide that I originally followed. Thats why I posted on here. I wanted to know if there was anything else I could try and do to get rid of the virus.