Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


"System Tool" virus

  • This topic is locked This topic is locked
2 replies to this topic

#1 Marybeth17


  • Members
  • 10 posts
  • Local time:11:37 PM

Posted 27 February 2011 - 07:01 PM


My computer has been hijacked to such an extent I am unable to actually run any programs, run anything I've downloaded to try and purge the virus and I had to boot up in safe mode to gain the most minimal control over the computer.

This afternoon, my computer suddenly started to warn me that I had several viruses and a program I have never seen, but which sort of looked like a Microsoft security program, identified 36 trojans, malware and spyware threats and told me I needed to activate my security tool in order to get rid of them. Every time I tried to close out of the program, turn it off, get rid of the messages, they just popped back up. When I tried to run the security programs I have, I got messages that I didn't have permission or that the application was infected so could not be run.

I came here to see if there were any threads on this problem and found 2 (I did this before things escalated to the point I couldn't do anything) and suggestions to download and run things like DSS etc were unsuccessful as the virus kills them as they attempt to boot up and I get a message saying the application is infected and I must purchase a security update. I even couldn't access my Windows Task Manager (it too "is infected"). The only way I got this far was to boot up in safe mode with networking, then as fast as possible, open up the task manager and kill MsMpEng.exe. If I kill the local security operations though, the virus messages start up again and take over.

I am going to see if I can get any security tools to run after posting this (don't want to miss the opportunity to post in case things get worse when I do) and will provide an update if I get anywhere.

Any help is greatly appreciated. This is truly the worst my computer has ever been affected and it is pretty much unusable at the moment - I am just hoping whatever the cure it, is something I can actually do.

Thank you.

Mary Beth

Update: I found another thread with this issue and instructions on what to run and upload so performed (or tried to) the tasks requested. I ran Defogger, DDS, Gmer and tried to run RKHookerLE (see attached error). All logs are uploaded as well. I am still running in Safe Mode (haven;t logged off since loggin in with that mode). I ran Windows Defender and Spybot with no issues found (I was unable to update defender but was able to update Spybot).


Quick update: I was able to do a system restore in safe mode (no networking) and it did restore. No evidence of the virus and the Kaspersky software I renewed and updated yesterday showed no evidence of having been updated so I had to do it again. I "quick scan" with Kaspersky tuned up nothing, so now I am running the Full Scan. I had access to Windows Task Manager and ended the AMPMDM.EXE process (based on google articles suggesting it was malware). One thing: I can't get the Kaspersky message saying the Kaspersky databases are corrupted to go away - not sure it is legit, but any info may help. I have zero expectation the virus is gone - just figure it is hiding, so still need help (so far). Thannks....Mary Beth

EDIT: Posts merged ~BP

OK, since my last update: I ran the full Kaspersky scan and it found nothing. I ran it a second time yesterday and still nothing then Spybot today - nothing. Can a system restore really wipe out a virus that kidnapped my computer? I am suspicious (appreciative that I have control back, but suspicious). Any suggestions, thoughts, confirmation, etc., is truly appreciated!

EDIT: Posts merged ~BP

Attached Files

Edited by Budapest, 03 March 2011 - 01:41 AM.

BC AdBot (Login to Remove)


#2 rigacci



  • Members
  • 2,604 posts
  • Gender:Male
  • Local time:12:37 AM

Posted 06 March 2011 - 05:09 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



#3 thcbytes


  • Malware Response Team
  • 14,790 posts
  • Gender:Male
  • Local time:11:37 PM

Posted 16 April 2011 - 04:45 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users