Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Tool 2011 HELP!


  • This topic is locked This topic is locked
12 replies to this topic

#1 Toony

Toony

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 16 December 2010 - 02:23 AM

So I'm trying to help a relative who has system tools 2011 on their computer. I have tried running several spyware, malware, and virus scans in safemode. They remove it but then it comes right back. The virus will not let me access the internet on that computer so I cannot download DDS or Hijack this or anything of the sort to run.

I'm really not sure what to do now. I can't really do anything from that computer. Please help.

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:37 AM

Posted 16 December 2010 - 02:59 AM

Hello Toony ,

Let's disable the main file manually so you can run some tools. Do you have access to a flash drive?

What I want you to look for is in Application Data (If using XP). There will be a folder, with a file in it of the same "name". This will appear random, but it has a pattern. Look for letters and numbers in this order: lower case, upper case, lower case, upper case, lower case, then 5 random numbers. For example:

Folder -----> pEeHl02508\pEeHl02508.exe <-----file inside

Delete the folder. Now, if you still have no access to the internet, download the following tool to a flash drive from a different computer, then put it on the infected one and run it.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. IF YOU USE AVG IT MUST BE UNINSTALLED OR THIS WILL NOT RUN.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If you have trouble running it the first time, then rename ComboFix.exe to toony.exe and try again.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Toony

Toony
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 16 December 2010 - 03:24 AM

I was able to get access and run DDS. I'm running GMER now.

I'll post the rsults of the latter in the morning.

Attached Files



#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:37 AM

Posted 16 December 2010 - 03:28 AM

You deleted that folder, yes? Is that how you got these to run? Just want to be sure. :)

Post when you're ready. It's late for me too, but I'll have a look first thing. :thumbup2:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Toony

Toony
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 16 December 2010 - 03:30 AM

I had deleted several things in safemode prior to posting. (Simply searching for system tools and looking in other folders I had heard it hides in.)

It COULD be gone for all I know now. However I did not touch the registry or anything as I am not knowledgable enough to mess with that. It hasn't affected the computer again since I restarted but I have no idea if it is gone yet. I don't think I got everything.

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:37 AM

Posted 16 December 2010 - 03:41 AM

No, likely not. But the main file for System Tool is gone, so the rest will go easier, whatever else there might be present. :)
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 Toony

Toony
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 16 December 2010 - 06:16 PM

Here is the combofix log

Attached Files

  • Attached File  log.txt   22.35KB   1 downloads


#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:37 AM

Posted 16 December 2010 - 06:30 PM

Hello,

How is it running now?

Do you know what these are?

c:\windows\system32\drivers\12442642.sys Several of them. If not :

Please visit the online Jotti Virus Scanner Posted Image<--link
  • Copy and paste the following filepath in the box:

    c:\windows\system32\drivers\12442642.sys

  • Click on the Posted Image button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 Toony

Toony
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 16 December 2010 - 06:53 PM

All scanners found nothing.

Nothing partaining to system tools or anything unusual has happened since last night.

Edited by Toony, 16 December 2010 - 06:54 PM.


#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:37 AM

Posted 16 December 2010 - 07:09 PM

Excellent. :thumbup2: Post the results of the Jotti scan when you're ready. :)

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 Toony

Toony
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 16 December 2010 - 07:12 PM

Sorry, I had meant all the scanners from the jovi scan

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:37 AM

Posted 16 December 2010 - 07:28 PM

Ah, I see....thanks. I just wanted to be sure. :)

From what I see, or don't see really, you're good to go now.

Uninstall Anything to do with Ask if you don't use it. Most folks don't even know it's there. Sneaky way to do things. <_<

Uninstall ComboFix by doing the following :

Click Start>Run>Type in, or copy and paste ComboFix /Uninstall > click OK

Update your Adobe. Old versions are vulnerable and your version is out of date.

If you have any questions, please do ask. :) If not.....

Take care,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:37 AM

Posted 18 December 2010 - 04:02 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users