Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Tool Virus removal Help


  • This topic is locked This topic is locked
8 replies to this topic

#1 wheelie46

wheelie46

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 28 October 2010 - 11:02 AM

I got hit with the security tool spyware thing and I followed all the steps from this page
http://www.bleepingcomputer.com/virus-removal/remove-security-tool

I was downloading something and the download stops in the middle. Then a few minutes later a Security Tool scan pops up. I knew immediately it was a virus so I shut down the laptop. I used my another uninfected laptop and found the site I mentioned above went through all the steps in safe mode.

Using malware antivirus I was able to remove 3 infected files but after I restart the computer System Tool is still on my computer.
Every time I restart regularly(not under safe mode)there is a prompt:
####################################################################
User Account Control
Do you want to allow the following program to make changes to this computer?
Program name: malwarebytes' Anti-Malware
Verified publisher: Malwarebytes Corporation
File origin: Hard drive on this computer
Yes No
##################################################################
I restarted a few times and tried yes and no, same thing happens.
My background changed to "Warning? you're in danger! Your computer is infected with sypware...."
and system tool scan pops up.

What should I do now?

I have Windows7.

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:19 PM

Posted 28 October 2010 - 11:52 AM

Here's another guide, both are rather complicated, I would ty to follow them exactly if possible?

http://forums.malwarebytes.org/index.php?showtopic=66064&pid=334861&st=0&#entry334861
Chewy

No. Try not. Do... or do not. There is no try.

#3 wheelie46

wheelie46
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 29 October 2010 - 04:39 PM

Hey thanks for your input, I finally found some time and check out the link you send me. It's basically what I did for the first time, but I followed all the steps anyways.

So basically I rescan my computer with antimalware again. The first time I did it, antimalware was able to detect infected files and deleted them, but this time the antimalware cannot detect any malicious program and System Tool virus is still on my computer. What should I do now?

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:19 PM

Posted 29 October 2010 - 04:49 PM

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==

If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.
Chewy

No. Try not. Do... or do not. There is no try.

#5 wheelie46

wheelie46
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 29 October 2010 - 11:03 PM

Just a quick question

In a few days Im gonna get an external harddrive to back up my files, mostly music.
Im not sure how virus works, but should I be worry about the virus infecting my external hardrive?

#6 wheelie46

wheelie46
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 30 October 2010 - 08:24 PM

I am still waiting for the delivery of my external harddrive. In the mean time I tried to search through all my files under safe mode, and I think I found the virus.

I set the computer to show hidden files, folders, and drives. In my C: drive, I opened up ProgramData(a hidden folder) and found a folder called iBfHf01306 (I am guessing this is just a random name the virus generated). It was created on the 28th, the day I got the virus. There are 2 files:

1) iBfHf01306 (no extensions, the icon is a blank paper, Type: File, Size: 48 bytes)

2) iBfHf01306.exe (icon is the lock logo of system tool virus, Type: Application, Size: 535KB)

If I delete this iBf... folder, would I completely kill the virus? Should I try or should I wait till I created my log?

Thanks

Edited by wheelie46, 30 October 2010 - 08:45 PM.


#7 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:19 PM

Posted 30 October 2010 - 08:39 PM

In the interim while we wait for that hard drive to arrive, update MBAM and run another scan, post the log.
Chewy

No. Try not. Do... or do not. There is no try.

#8 wheelie46

wheelie46
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 30 October 2010 - 10:30 PM

I just posted my logs ==>HERE<==
named system tool virus removal help

I removed the infected file but system tool is still on my computer

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5003

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

10/30/2010 11:17:02 PM
mbam-log-2010-10-30 (23-17-02).txt

Scan type: Full scan (C:\|)
Objects scanned: 301972
Time elapsed: 43 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\U\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\logmhp32.exe (Trojan.Downloader) -> No action taken.

Edited by wheelie46, 30 October 2010 - 11:57 PM.


#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:19 PM

Posted 31 October 2010 - 06:35 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic357525.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users