System Tools 2.12 removal

#1
Hi all,

I have come down this morning to a seriously infected laptop. System Tools 2.12 will not allow me to do anything in order to remove it:

system tool reset prevented
cant find any software to assist in removing
looks like all executables are prevented from running.

Help please?
 
#2
a bit more info perhaps?
which version of windows or os?
have you tried system restore?
tried to install microsoft security essentials?
started copying your stuff to a usb stick? (this we need to be scanned before you can use it, if you havent made a backup)
 
P

PrinceAlbert

Guest
#3
msconfig.exe from the run command, to stop it starting on startup.

Stop the services it's using in the "task manager"

Delete all known associated files with it.

Use Google for more info
 
#4
Have you tried starting it in safe mode then just restore it to a date before it was infected. That has worked for me a few times.
 

Auld-Yin

ADC
Kit Reviewer
Book Reviewer
Reviews Editor
#7
I too have picked up this 'system tools' malware tonight on my notebook and have spent the past couple of hours trying to get rid of it using the tools suggested by msr. I have tried Hitman, avast, superantivirus - all to no avail.

As soon as something hits the notebook it is latching onto it and saying either the .exe is infected, please buy our software to get rid or dll etc is affected please buy.........

If anyone has any suggestions then I would be grateful to hear them. I am unable to search using google chrome but at the moment IE is working if I delete the malware warning notice a couple of times.

As I say - your help would be much appreciated.

A-Y
 
#8
Download, install, update and then run malwarebytes antimalware - free.

Malwarebytes

Click the blue button for the free version, and follow the instructions on the screen. Seemples.

AND STOP DOWNLOADING FUCKING TOOLBARS AND SMILEYS, EVERYONE!!! That's where half this sort of shite comes from. I've been an IT Tech for the best part of 15 years, and the last year has been the worst for this.

I blame the French.
 
#9
I too have picked up this 'system tools' malware tonight on my notebook and have spent the past couple of hours trying to get rid of it using the tools suggested by msr. I have tried Hitman, avast, superantivirus - all to no avail.

As soon as something hits the notebook it is latching onto it and saying either the .exe is infected, please buy our software to get rid or dll etc is affected please buy.........

If anyone has any suggestions then I would be grateful to hear them. I am unable to search using google chrome but at the moment IE is working if I delete the malware warning notice a couple of times.

As I say - your help would be much appreciated.

A-Y
Even this one: Emsisoft Free Emergency Kit ?
 
#10
^^^ Have used that one in the past myself, msr. It's pretty good in that it doesn't need to be installed, but picks up quite a few false positives. That said, it's sledgehammer methods will sort out a PC when it's goosed in extremis.
 
#11
^^^ Have used that one in the past myself, msr. It's pretty good in that it doesn't need to be installed, but picks up quite a few false positives. That said, it's sledgehammer methods will sort out a PC when it's goosed in extremis.
That's quite a fair assessment :)

I wonder how it fairs against System Tools? Perhaps you could let us know A-Y?

msr
 

Auld-Yin

ADC
Kit Reviewer
Book Reviewer
Reviews Editor
#12
Thanks msr but not a lot of success i'm afraid.

I have downloaded the kit but the virus keeps coming up with several messages including 'file start.exe is infected' 'AVGIDSMonitor.exe is infected' each time asking me to activate my antivirus software i.e. buy theirs.

This one is System Tool version 2.20. (Fecking tool is the word!!)
 
#13
Thanks msr but not a lot of success i'm afraid.

I have downloaded the kit but the virus keeps coming up with several messages including 'file start.exe is infected' 'AVGIDSMonitor.exe is infected' each time asking me to activate my antivirus software i.e. buy theirs.

This one is System Tool version 2.20. (Fecking tool is the word!!)
Have you tried starting in safe mode and seeing if that allows you to run eek?

If not try this: Download Free Online Virus Scanner | BitDefender

Then this: http://security.symantec.com/nbrt/n...ction&layout=na&osver=na&vendorid=na&ispid=na

If none of the above work, then make sure you have a tested backup, erase the HDD (Darik's Boot And Nuke | Hard Drive Disk Wipe and Data Clearing) and reinstall :(
 
#15
I had a quick Google on this and there are removal instructions here; How to remove System Tool (Uninstall Guide)

Article contains code to "register" the dodgy application which seems to free up system access.
I would try the 'Safe Mode with Networking' option after renaming start.exe iexplore.exe. Make sure you right click on it and select Run as Administrator

This also seems to have worked: Thanks...it worked!!! Actually the malware is resides in c:\documents and settings\all users\application Data\[Folder name with weired name]\foldername.exe.

I have deleted the folder using safemode...thats it..everything gone. Earlier I have tried Malwarebytes but it didnt helped...but the other way it done the magic.
 

Auld-Yin

ADC
Kit Reviewer
Book Reviewer
Reviews Editor
#16
Safe mode running now and Emsisoft is scanning - so far only low risk cookies but a long way to go yet. If that does not work I will try the blogsite from obnoxiousjockgit - I like the idea that someone is keeping an eyeon this fecker and I just wish there was a way in which we could bombard it to feck it right up a la what has happened to wikileaks.

If all else fails then it looks like the instant sunshine programme. I will have to dig out the system disks from the 'safe' place I put them :)

Thanks for all your help guys.
 
#17
Safe mode running now and Emsisoft is scanning - so far only low risk cookies but a long way to go yet. If that does not work I will try the blogsite from obnoxiousjockgit - I like the idea that someone is keeping an eyeon this fecker and I just wish there was a way in which we could bombard it to feck it right up a la what has happened to wikileaks.

If all else fails then it looks like the instant sunshine programme. I will have to dig out the system disks from the 'safe' place I put them :)

Thanks for all your help guys.
Are you running it as administrator?
 

Auld-Yin

ADC
Kit Reviewer
Book Reviewer
Reviews Editor
#20
On reflection it must have been in administrator mode as it was prior to any password. There was also no option for admin mode, just Safe, Networking and Command modes.

It looks like it is going to take quite some time to run so I will leave it to its own devices for the next couple of hours. Once complete and restarted in main mode I will come back here and give an update.
 

New Posts