Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"System Tool" - Malware Infection


  • Please log in to reply
3 replies to this topic

#1 terryfromco

terryfromco

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:02 AM

Posted 15 January 2011 - 10:02 PM

Thank you,

System Tool Malware: This is what I have so far in this battle:

First of all: I am running XPpro, AMD Athlon 64x2 dual core processor 4200+, but running 32, ASUS mb 2.2Ghz and 1Gig Ram.

I started up in Safe Mode w/Networking but I can't get any of the Rkill links to work, (I downloaded them all). I tried to run MBAM from my USB drive, but the update was old and infected pc will not connect to the internet. So I can’t get the MBAM update. I went and checked the LAN connections changed out the .bat file and the HOST file like your site suggested on the System Tool Removal page. Still, won’t connect so that I can download MBAM update. The MBAM did run and removed 3 bad files. I will post more after noon today 1/16/11.

I managed to get inside the infected machine through the "save file" on the "system tool" program itself, even into the hidden files, but not into the registry, I guess “system tool” must be blocking it. Also, I turned off system restore, but now it won’t let me turn it back on.

I’m hoping someone has experience with this beast and will help this humble child of God out. . .

Thank you pre-feat,
Terry

Edited by terryfromco, 16 January 2011 - 11:26 AM.


BC AdBot (Login to Remove)

 


#2 geezz

geezz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 20 January 2011 - 11:37 AM

sorry to hear of your plight, i just finished cleaning up my machine, what a pain. you'll need a WINPE cd to boot the machine, least thats what i did, it allows you to load a windows mini version on the machines ram, you can edit files and such. You'll need to replace 2 files to get you up and running WINLOGON.exe and Explorer.exe, when you get it backup turn on system restore, then create a restore point (name it ... you'll have many more before your done). run msconfig/startup look for a file "uhaxudipo.dll", its a registry entery, disable it, get out of msconfig and goto the windows directory and deleate the uhaxudipo.dll file, you may have to stop it from working in the task manager before deleating the file and of coarse it has a different name (a numbered file if i recall), but if you disable in msconfig it shouldn't be running. Sorry, i re read your post and didn't notice you installed the supposed repair tool, You'll need to remove the SytemTools program from your machine, you can try, uninstalling, but you may have to stop it from loading, in msconfig. The main trojan file which started you headache will be in the c\documents and settings\#####\local settings\temp folder ... it'll be a numbered .exe, you'll notice a number of .tmp files with the same creation date and time as well, you won't need those either, just remember to always empty the recycle bin prior to any file you deleate, that way if a mistake is made you can always put it back.

let me know if you get you machine up and running

#3 terryfromco

terryfromco
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:02 AM

Posted 20 January 2011 - 12:44 PM

Thanks geezz, This was my brother's computer and it had to be back on his desk by Tues. morning. I went and did another search and found that you could get the code to unlock the System Tool program and remove it from posts that I found online. The registration/unlock codes were in a list on one of the search results. They had been accumulated through Panda scans, and could be used to remove this System Tool nightmare, well I did it and it worked. It was as easy as getting the code and putting it in the programs registration window, it removes all the files and unlocks your computer and you don't have to pay for it. What a scam!!! I must add that I prayed to Almighty God(Jesus) for help because my time was short to get it done. He showed me where to go to get the file, so I must give Him thanks too. Good luck with your system and may you know God's love!

Terry from CO

Edited by terryfromco, 20 January 2011 - 12:47 PM.


#4 geezz

geezz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 20 January 2011 - 05:08 PM

good to hear




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users