No announcement yet.

"System Tools" is alive again

This topic is closed.
First Prev Next Last
  • Filter
  • Time
  • Show
Clear All
new posts

    "System Tools" is alive again


    On Sunday afternoon, my wife frantically came to me to see what was wrong with her PC. I have
    three PCs on a home network, the newest being a maxed out Win-7/64 system, and the other two
    running Win-XP Pro. All three have the free version of AVG anti-virus which my supplier, a fellow
    in my church, highly recommends. He also says that McAfee is good, but Norton, which was once
    good, now uses too many system resources.

    In any case, there is this huge message, all over the screen about the computer being infected, and
    if you provide your credit card number, you can buy the software to fix it. DON'T, this is a dangerous
    scam and a particularly nasty piece of malware. I called my supplier and he said that he has seen it
    several times over the past week and can deal with it, but in the meantime he recommended shutting
    down the machine, i.e. turning it off. He is a small business man that supports networks, servers,
    PCs etc. for a number of doctors, etc. and also takes care of church members PCs, but it is understood
    that we are in line after his commercial clients.

    This "nasty" is called "System Tools" and when it gets in your machine, the machine is useless because
    it will stop every other user activated program and even tell you that they, and your anti-virus software
    are "infected", but the program itself is the only virus present.

    Billy, my friend, recommended going to the website "" to find out about this
    nasty, and when I did, I found a 14 page tutorial on how to remove it. Another church member went to
    CompUsa to get his cleaned and said they kept the machine 3 days and charged him over $100. I expect
    to pay Billy around that figure myself. Three different pieces of malware removal software, which are
    downloaded from the above site, are required to clear it, and unless the whole thing is cleared, it will
    reproduce itself on the next bootup. Nice, Huh! I have used AVG for over 6 months, now, since I got
    the new machine, and this is the first time anything has gone past it, but according to Billy, this nasty
    first appeared over a year ago, and then died out, and has re-emerged. He believes that the perpetrator
    just makes minor tweaks to the thing so that it is not seen in virus databases for a day or two. Note that
    AVG updates their database at least once a day, and recently, two or more times a day. I have my AVG
    set to check for this every 4 hours and since it runs in the background it has little effect on what your are
    doing, even if it is doing a full system scan.

    J. H. Sullivan
    (aka landnrailroader)

    Agreed with you, Jerry about the site of and I have used this site for more than 2 years. Find this site very helpful and good information too.

    -- John


      Are your systems up to date with patches?
      I would be using Microsoft Essentials instead of AVG.



        I ran into the same thing the OP is describing recently, not even sure what I did that activated it, I was just reading "non-threat" personal e-mails when it popped up (could've been lying dormant, who knows).

        Anyway, the point I was going to make about successfully getting rid of these things was to do the following things:

        1) When these things pop up, NEVER select the "red X" box in the upper right corner to close a window. Shut down anything that pops up, if you must, by right clicking on it's tab on the taskbar at the bottom of the screen and selecting "Close". (better to skip right to step 3 "shut down" if you can)
        2) If you must, try to save whatever you're working on. If it's not crucial, then it's better to consider it "lost" at this point.
        3) Shut down your computer. Then restart it.
        4) While the computer is going through the initial bootup sequence, hit "F8" on the keyboard to start up in "Safe Mode". (depending on the situation, it may offer you different options for safe mode. In my most recent go around with this, I selected "Safe Mode with Networking" so that I could allow my anti-virus software to download the most recent update)
        5) Select your favorite anti-virus/malware program and run the scan while in Safe Mode. I actually ran mine twice, initially: first time did a "quick scan" and it found and eradicated a couple things, then I ran a complete scan and it found a few more. Often I run a second scanning program just to be sure the first one didn't miss anything. I keep running the anti-virus software until I get a clean scan (frustratingly, with a large, full hard drive, it can take a while)

        I wouldn't argue with any of the software suggestions offered, my wife uses AVG and has been happy with it. I'd only offer the additional suggestion of Malwarebytes as one of the anti-virus programs I use - that wiped out this latest infection.

        Good luck.



          My Techy friend dropped by this afternoon before church (as I said PCs, servers, etc. are his business) and he booted the
          infected PC up on a CD of his own that evidently has something that acts as an operating system and bypasses
          Windows. He then ran a couple of malware removal tools, and finished by running one called "combofix". All of this
          process took about 30' but when he was done, the PC was healthy and clean again. He then downloaded Avantis or
          something like that from (the cnet site, i.e.) . It is not as free as AVG, but will run free for
          a year, and his opinion was that it was better for Win-XP than AVG, which he favors for Win-7. He has another of my
          machines that he is going to refurbish and it will then be the one that I use for DEMEX and other programs that I do
          not wish to install by tinkering with the registry on the Win-7 machine. It will also get the better anti-viras item
          Malwarebytes was one of the programs he used and I believe Rkill was the other. He first ran one, then the other,
          and finally "combofix". Combofix took about 15' to run and generated a huge list of problem items, which it
          removed, but when he studied the log, he said that there were only 3 or 4 items that were serious problems and part of
          the "System Tools". Then tonight at church, another member was in the same fix, so he was going by their house tomorrow.
          I asked Billy if this was common, and he said that around the end of each school semester, viras activity seemed to pick
          up, and for the last several weeks, he had seen and fixed a number of "System Tools" infections. I believe I will download the
          items required and keep them on a CD or a thumb drive.

          Jerry Sullivan
          (aka landnrailroader)


            On my wife's win7 laptop i found that doing a system restore takes care of the problem. She has gotten the virus off of facebook three times already, & doing a restore works each time.