Sign in with
Sign up | Sign in
Your question

System tools 2011 adware

Last response: in Windows XP
Share
January 23, 2011 8:36:16 PM

My PC, which has McAfee installed and fully up-to-date, became infected with SYSTEM TOOLS 2011. At first it just displayed annoying alarm messages which try to get you to buy fake adware/anti-virus software. But now the PC will not boot-up at all. The initial Dell start up page is displayed (the one with F2 and F12 in the top right corner), but then the screen goes completely blank and stays that way. Exactly the same happens when I start in safe mode. I am completely stuck!!
January 23, 2011 10:39:27 PM

Hi,

If you are unable to boot into Windows, you may have to play into the System Tools. Let it scan your computer, then it will allow you to boot into your PC. When it does, try to access the internet. Go download Microsoft Security Essentials available @ www.Microsoft.com.

If you are unable to access the internet, goto another computer, download the executable, store onto a flash drive/external hard drive, and transfer it to your infected PC. Install it, scan it, remove the virus. Run a FULL, THOROUGH SCAN.

Run through this article and follow the four-step removal process. http://www.spywareremove.com/removeSystemTool2011.html
January 24, 2011 4:30:15 AM



^+1 @khubani

Yup, now OP needs to do some housework after Mc afee let the stinky wet dog in the door.
Related resources
January 24, 2011 7:41:10 AM

khubani said:
Hi,

If you are unable to boot into Windows, you may have to play into the System Tools. Let it scan your computer, then it will allow you to boot into your PC. When it does, try to access the internet. Go download Microsoft Security Essentials available @ www.Microsoft.com.

If you are unable to access the internet, goto another computer, download the executable, store onto a flash drive/external hard drive, and transfer it to your infected PC. Install it, scan it, remove the virus. Run a FULL, THOROUGH SCAN.

Run through this article and follow the four-step removal process. http://www.spywareremove.com/removeSystemTool2011.html



Thanks for the suggestion Khubani. However, I can't do as you say because all that happens when I power up is that the Dell start up screen appears in the normal way, until the white bar has extended from left to right, and then the screen goes completely blank and stays that way. This happens in both normal and safe mode. I need to find out how to get past this problem first?
January 24, 2011 8:14:31 AM



Pull the drive and connect to another machine, as extra data drive. Use a real virus scanner on it, clean it up, put it back and try for safe mode again.

If safe mode is still ng, get the XP CD and do a repair.

Then reinstall all updates, hot fixes, Net.Framework and DirectX again.

Wasn't Mc Afee fun? (to understand that comment, look at my comment
HERE.)
January 24, 2011 8:53:29 AM

tigsounds said:
Pull the drive and connect to another machine, as extra data drive. Use a real virus scanner on it, clean it up, put it back and try for safe mode again.

If safe mode is still ng, get the XP CD and do a repair.

Then reinstall all updates, hot fixes, Net.Framework and DirectX again.

Wasn't Mc Afee fun? (to understand that comment, look at my comment
HERE.)



Thanks for that advice. I'm at work all day so will have a go later tonight or tomorrow. I'll let you know how I get on. Thanks again.
January 24, 2011 4:25:26 PM

[I hate to disagree but I've removed six of these threats in the last two weeks and needed to run ComboFix to make sure I got everything out. At the blank screen, try Control Shift and Escape together to see if that brings up the Task manager. If it does, you might be able to end the Process A20295.

If that fails, press your Windows key and R together to bring up a Run box. Use that to browse to Documents and Settings and look for a file called A20295.EXE and delete it. Restart into Safe Mode and run a full scan of MalwareBytes from http://www.malwarebytes.com. Post the log of that scan back here for further steps you need to take.
January 24, 2011 4:28:19 PM

How is he going to get into task manager if he can't boot into Windows?
January 24, 2011 4:59:18 PM

Saga Lout said:
[I hate to disagree

<snip>




Disagree? I do hope you will. It is through disagreement that a method can be challenged for superiority and what ultimately ends up being the most effective can be discovered. :) 
January 24, 2011 5:57:20 PM

khubani said:
How is he going to get into task manager if he can't boot into Windows?



It sounds to me that the system is running but not displaying his Desktop. Startin gTask Manager gives you the chance to go to Processes and from the File menu>New Task, type explorer.exe and bring thr Desktop back up.

System Tools like all the other crook-spread con-tricks, makes its living out of allowing people on to the Net. There's no money in it for them if their code causes systems to crash comletely.


January 25, 2011 12:25:13 PM

There is a very detailed malware guide in my signature. This includes a step for when you can't boot into windows (AVG rescue disc).
January 25, 2011 6:35:58 PM

I have tried 'ctrl+shift+escape' and 'windows+R'. In both cases the screen stays blank and the computer emmits a rapid beeping sound. I also tried 'ctrl+alt+delete' but this just causes the DELL start up screen to reappear repeatedly.
January 25, 2011 6:41:13 PM


Control Alt and Delete does cause that restart and that's why Control Shift and Escape is better. Sounds like there's life in there anyway - have you tried booting into Safe Mode? Did you download Aford10's suggestion of the AVG Rescue Disk?

Finally, do you have your own named User Account in there or do you log in as Adminstrator?

January 25, 2011 10:00:19 PM



If you have a way to copy a file into your machine...


The system sounds like it's loading properly until the black freeze hits.

If lsass.exe is bad for any reason, everything stops there. Sometimes a blinking cursor will be present in the top left corner, but not always.

Back to can you copy a file into your drive....

I posted a good lsass.exe at 4shared.com you can try to copy into your machine.
It goes in the Windows/system32 folder.

My file is an exe file (red flags go up everywhere).

So, details are in order....

It is 13,313 bytes in size.
Version 5.1.2600.5512

It was not replaced by service pack 3 so if you are running SP2 it will still work.

If interested, get it by clicking
HERE

If you can copy a file into your machine, you should be able to copy one out as well. Copy out yours first and store it so it can be put back someday if need (or it ends up not being bad).
February 22, 2011 7:28:52 PM

It is not possible to copy a file into the machine so I couldn't try the Isass.exe

I created the AVG rescue disc but it would not run on the infectred/faulty PC.

I had some success with the suggestion of taking the HD out and running it as an auxiliary drive on another machine. It was recognisable as drive E so I cleaned it up with an antivirus programme and re-installed it in the original machine. Unfortunately, it is exactly as it was beforehand - a blank screen after the initial DELL screen.

I have concluded that the drive must have gone faulty shortly after the SYSTEM TOOLS virus attacked it. This gave the impression that the virus was causing the blank screen etc. but in actual fact, the drive is faulty and the virus attack was a complete red herring. I have installed a spare HD now and will live with the fact that some recent files were lost.

Incidently, I take on board the critism of McAfee, but which anti-malware programme would you recommend instead?
February 22, 2011 8:08:24 PM

Microsoft Security Essentials or Avast are both very good.

Check the malware link in my signature. There download links for each.
February 23, 2011 5:33:23 AM

superjm said:
It is not possible to copy a file into the machine so I couldn't try the Isass.exe

I created the AVG rescue disc but it would not run on the infectred/faulty PC.

I had some success with the suggestion of taking the HD out and running it as an auxiliary drive on another machine. <snip>

Here was/is your chance to replace lsass.exe


Incidently, I take on board the critism of McAfee, but which anti-malware programme would you recommend instead?


Kaspersky Anti-Virus 2011 Click the red letters and try it out for a month... free.





!