Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

system tools 2011 infection, can't remove w/mbam


  • Please log in to reply
4 replies to this topic

#1 Renee32

Renee32

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 11 December 2010 - 03:24 PM

Hi,
I somehow picked up a system tools 2011 infection and can currently only operate my computer in safe mode. I have run the rkill process and then updated and ran Malwarebytes. It removed 4 infected files, but upon restarting my computer I found it was still infected. I went back to safe mode, ran rkill again, ran Malwarbytes again (found no infected files), downloaded and ran Spybot (removed 5 infected files) and restarted in normal mode. The infection is still there. Can anyone help? I'm definitely not a tech person so don't know the correct terminology for everything, but I do follow directions well.. Thanks!

BC AdBot (Login to Remove)

 


#2 Renee32

Renee32
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 11 December 2010 - 05:20 PM

An update - I've been performing the steps in the preparation guide and my computer keeps crashing at the end of the GMER scan, once just freezing completely and once with a "windows has encountered an error and must shut down". I did restart my computer in normal mode - the malware pop-ups appear to be gone and I appear to have full function. However, the System Tools program still shows up on the All Programs list from the start menu. Is it truly gone or still lurking somewhere and how do I remove it from my programs list? Thanks in advance for any assistance!

#3 jbahome936

jbahome936

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 11 December 2010 - 06:42 PM

I'm having the same problem as you were having before the update you posted. Sorry but I have no help to offer.

Edited by jbahome936, 11 December 2010 - 06:42 PM.


#4 Renee32

Renee32
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 12 December 2010 - 10:28 AM

Another update - I'm continuing to follow steps from other posts with similar issues and have run the rootkit unhooker program which indicated stealth objects and "possible rootkit activity". The stealth objects are below and I can post the full report if needed.
>Stealth
==============================================
0x03650000 Hidden Image-->app4r.monitor.common.dll [ EPROCESS 0x8645F440 ] PID: 3856, 36864 bytes
0x03880000 Hidden Image-->app4r.monitor.core.dll [ EPROCESS 0x8645F440 ] PID: 3856, 45056 bytes
0x03980000 Hidden Image-->app4r.devmons.mcmdevmon.dll [ EPROCESS 0x8645F440 ] PID: 3856, 77824 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

I then ran TDSSKiller, but it did not find any infections. I've noticed that my internet browsing seems to be running at normal speed, but everything else on the computer (pulling up start menu, opening control panel, working in excel files) is much slower than usual. Any other suggestions??

#5 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:02:58 PM

Posted 17 December 2010 - 01:18 AM

Hello Renee32, and :welcome: to the BC forums. I am sorry that your topic appears to have been overlooked.

Please follow the removal guide at the following link:
Remove System Tool and SystemTool (Uninstall Guide)

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Please do not neglect steps #22 - #24 which involve replacing the HOSTS file.

Please post the log and let us know how the system is running now.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users