Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


System Tool Virus

  • Please log in to reply
2 replies to this topic

#1 pd1dish


  • Members
  • 2 posts
  • Local time:12:47 AM

Posted 08 January 2011 - 07:32 PM

I got the System Tool Virus last night and I have gone through several steps to try and get rid of it on my computer. I booted my computer in Safe Mode with Networking and ran Rkill.exe. It only found one process running that was malicious and I removed it. I then downloaded Malwarebyte's Anti-Malware and ran a full scan and it detected 3 files that needed to be removed. They were removed. I also ran Spybot - Search and Destroy and it detected about 68 files of adware/spyware that I then removed. I then ran Webroot Spy Sweeper and it didnt find anything. I also deleted my HOSTS file and replaced it with the original Vista HOSTS file.

I then rebooted my computer and the virus seems to have pretty much gone away. The only problem I am currently having is that my Spy Sweeper is literally detecting every 10-15 seconds some sort of adware or spyware trying to get to my computer and blocking it. Im obviously happy that it is blocking them but it gives me an alert and pops up on my screen every time it blocks it and it interrupts what I am doing. So there is obviously a part of the virus still on my computer.

I can run Spybot S&D and every time I run it there are more files that I can delete. I ran it a second time and it found 8 files. I ran it a third time and it found more. So there is something on my computer that is still allowing spyware and adware onto my computer. This caused me to re-run Rkill and it found NO malicious processes running on my computer. So I then ran Malwarebyte's Anti-Malware and it found NO files that needed to be quarantined. Here is a screenshot of my processes in my task manager:


Maybe someone can tell me if there are any suspicious processes. I went ahead and did some research on some I thought to be suspicious and I found that rundll32.exe can be linked with viruses or malware and so can csrss.exe. I tried ending these processes and I get this message: "The operation cannot be completed. Access is denied."

Any help with this would be appreciated. Thanks

Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)


#2 Animal


    Bleepin' Animinion

  • Site Admin
  • 35,570 posts
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:10:47 PM

Posted 08 January 2011 - 08:34 PM

Take a look here: Remove System Tool and SystemTool (Uninstall Guide)

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)

A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)

"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)

Follow BleepingComputer on: Facebook | Twitter | Google+

#3 pd1dish

  • Topic Starter

  • Members
  • 2 posts
  • Local time:12:47 AM

Posted 09 January 2011 - 02:33 AM

Take a look here: Remove System Tool and SystemTool (Uninstall Guide)

Thats the exact step to step guide that I originally followed. Thats why I posted on here. I wanted to know if there was anything else I could try and do to get rid of the virus.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users