Antivirus

[bones615]

Just recovered from a nasty little thing called "system tool", took over, changed my wallpaper, kept telling me i had all sorts of problems & looked very much like its part of xp. Did some research on my sons laptop and found that it wanted me to click yes then take money from me to fix non-existant problems.
 Started in safe mode. Avast was not right, spybot found nothing so following online advice downloaded Malwarebytes which I believe has cleared it but am about to run everything i have to double check.

Simon

[Mick]

Simon, Malwarebytes is pretty good at sorting some of these nasties. 

I've used the freebie version myself in the past.  It seems to find stuff that even the most expensive AV programs don't even see lurking on your PC.  http://www.malwarebytes.org/

[Alfonso_Frisk]

How strange
I am at the moment in process of cleaning this nasty from my brothers lappy and its the second time he has had it
You need to do a little more than run malwarebytes.
have looks here
http://www.bleepingcomputer.com/virus-removal/remove-system-tool

[bones615]

Thanks Alf, all ok apart from changing the host file. New to me - will it cause problems to programs that were not part my original set up? Might search for a list of what should be there to compare with what i have got.
Everything seems ok, i can update virus software etc.

The wife thinks it came from the weightwatchers site which she just opened when all the bells and whistles started going off, she started a search on my boys laptop and there was mention of it but he told her to get off sharpish in case he got it.

Simon

[Alfonso_Frisk]

I just downloaded and placed the host file in there as instructed and have no issues at all.
Brother says he got this problem whilst on youtube searching for saxaphone music.

[Oldboy]

Have you got a firewall? Shouldn't be able to get on your system unless you downloaded it attached to something else. Not sure on this program, but some can be downloaded by opening a strange email. That's why I delete any email I don't know. 

[bones615]

Running zonealarm firewall + avast antivirus. Zonealarm picked it up when it tried to connect to the internet but missed it coming in??
Avast should be monitoring incoming mail and yes i do occaisionally get funnies as powerpoints or vids but not recently. Just seemed odd that as soon as the boss opened  the weightwatchers site everything went wrong.

Still running antivirus programs now, spybot, bitdefender, avast, microsoft onecare & cc cleaner. So far only the m$ program has found anything more but could not remove 12 of 13 threats.

Simon

[Oldboy]

Just had a quick read-up on the internet on this virus, and it appears to be close to Microsofts System Tools. Makes me wonder if a Microsoft update has missed 's' off, as nothing anyone has done is the same. 

The trouble with viruses is, that a small change can stop your anti-virus seeing it, until a new update is released, which may take a few days. I wonder if your wife put WeightWatchers into Google and then clicked on one of the returned suggestions? It could have been a fake site to download the virus.  That's why you should check the address looks OK before clicking on the link.

[bones615]

She uses a link in her favourites, same one she has used for a while. May not have been that site but coincidental the virus hit just as she opened it.
Bitdefender shifted another 6, cc cleaner cleared 200+ registry entries.

[Oldboy]

She uses a link in her favourites, same one she has used for a while. May not have been that site but coincidental the virus hit just as she opened it.
Bitdefender shifted another 6, cc cleaner cleared 200+ registry entries.

That blows that theory out of the water then! 

Perhaps it has a delay build-in, so it's only activated a few days later making it hard to trace where it came from? It is possible that the WeightWatchers site was infected but unlikely, so we may never know. 

[Oldboy]

She uses a link in her favourites, same one she has used for a while. May not have been that site but coincidental the virus hit just as she opened it.
Bitdefender shifted another 6, cc cleaner cleared 200+ registry entries.

Just come across this on AOL. 

Cyber-criminals have infected advertisements online and suckered a load of people into thinking they had a virus and needed to pay for an update. They used a Trojan - something that creeps into your system and installs itself - to display a warning on Windows' wallpaper background.
Closer inspection of the message on the fake wallpaper reveals that it actually has a couple of spelling errors in it, but a few people will no doubt have clicked through and paid up. Meanwhile it stops your computer working by blocking programs.


Innocent sites

The most frustrating thing is that the criminals managed to put the ad carrying the trojan onto some innocent and reputable sites. Our own household has been struck by this because my wife bought tickets from Vue cinemas on Saturday, clicked an ad and that was it.


Other carriers include the London Stock Exchange and Auto Trader. I should stress there is no question of any wrongdoing from these sites - they're as much innocent bystanders as the people hit by the virus.


What to do

If you're one of the estimated tens of thousands of people affected, the first thing to do is don't click through and pay any money. I'm glad we got that straight.

Try a Windows rollback to a date before you were hit. If that doesn't work run a full virus check (if the computer lets you) then download the malware remover I've put in the link below from Microsoft.

And whatever you do, keep your security software up to date.

http://www.microsoft.com/security/pc-security/malware-removal.aspx

[Tripod]

I've run AVG free for years and it has always caught nasty's. Upgraded to AVG full last year and never suffered any problems at all. Lucky no...in to-days world you have to be ultra careful and it is worth paying for peace.