Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Christopher AET
|
Posted - 2011.01.09 16:57:00 -
[1]
Recently my computer was infected with a ransom-ware virus called system tool 2011. This is a piece of spyware masquerading as an antivirus. It will stop you starting almost all applications and programs and give you a bogus message telling you that it is infected. It will also stop you starting your own antivirus.
It will also ask you for your card details repeatedly before releasing your computer essentially holding it to ransome. DO NOT PUT THEM IN. This program is known for identity theft.
To remove this malicious piece of software you need to start your computer in safe mode. When it is started you need to do a system restore to a point prior to the infection. I went to a point 3 weeks prior to be safe. When system is restored you should restart in normal mode and you should now be free of the virus. Make sure your real anti-virus has up to date definitions.
I hope this helps someone in the future.
|
Tyke Orlieveit
|
Posted - 2011.01.09 17:01:00 -
[2]
Originally by: Christopher AET Recently my computer was infected with a ransom-ware virus called system tool 2011. This is a piece of spyware masquerading as an antivirus. It will stop you starting almost all applications and programs and give you a bogus message telling you that it is infected. It will also stop you starting your own antivirus.
It will also ask you for your card details repeatedly before releasing your computer essentially holding it to ransome. DO NOT PUT THEM IN. This program is known for identity theft.
To remove this malicious piece of software you need to start your computer in safe mode. When it is started you need to do a system restore to a point prior to the infection. I went to a point 3 weeks prior to be safe. When system is restored you should restart in normal mode and you should now be free of the virus. Make sure your real anti-virus has up to date definitions.
I hope this helps someone in the future.
You should probably back everything up and nuke from orbit TBH, then scan everything before restoring to your new, clean install, just doing a windows rollback doesn't remove viruses/malware..
Also, how did you manage to get this lovely bit of garbage? Browsing unsafely, downloading nasty torrents, AV software out of date?
|
Christopher AET
|
Posted - 2011.01.09 17:11:00 -
[3]
AV was out of date. If you roll back to before it was infected, yes it may not remove all viruses. But it gave me the ability to update my AV and then remove any remaining viruses with that. With system tool on my whole computer was essentially locked.
|
Major Kaboomski
|
Posted - 2011.01.10 01:11:00 -
[4]
And I'm sure people with antivirus ransom problems will search the archives of the eve forum...
|
Zeba
Minmatar Honourable East India Trading Company
|
Posted - 2011.01.10 01:21:00 -
[5]
Originally by: Major Kaboomski And I'm sure people with antivirus ransom problems will search the archives of the eve forum...
Or they could read this thread and then know what to do in a future situation if something like this strikes them...
I see nothing has changed here at eve-o. Alts are still ignorant gits.
Originally by: Blane Xero Zeba a fanboi, Haha, Christ, Pull the other one will you.
Originally by: Ryhss There is no paranoia in Eve, everyone is out to get you....
|
Taedrin
Gallente The Green Cross Sev3rance
|
Posted - 2011.01.10 01:29:00 -
[6]
Originally by: Zeba
Originally by: Major Kaboomski And I'm sure people with antivirus ransom problems will search the archives of the eve forum...
Or they could read this thread and then know what to do in a future situation if something like this strikes them...
I see nothing has changed here at eve-o. Alts are still ignorant gits.
OR perhaps they will search on google about it, and google will point to this thread.
I myself keep a Linux partition exactly for situations like these. If my windows install ever becomes compromised, I can use my Linux partition to run anti virus scans, back up important files safely, etc etc... ----------
Originally by: Dr Fighter "how do you know when youve had a repro accident"
Theres modules missing and morphite in your mineral pile.
|
Zindela
Caldari School of Applied Knowledge
|
Posted - 2011.01.10 02:27:00 -
[7]
Pretty sure System Tools 2011 has a nasty rootkit part as well. Parent's computer got something like it, a fake antivirus, and I had to do the nuke from orbit approach. -------------------
Originally by: CCP Oveur
Guess what I'm wearing.
|
Helen Hunts
Gallente Red Dragon Mining inc Red Dragon Industries
|
Posted - 2011.01.10 03:15:00 -
[8]
Sounds like a continuation of the 'Antivirus 2008' and 'Security Tool'. Gets nastier to kill each year. Still the same desktop prevention behavior.
MalwareBytes will usually take it out, so long as the executable is renamed to something other than MBAM.exe BEFORE infection. (It'll auto-delete MBAM.exe to prevent easy removal) _______________________________
Mine da rocks, make more ships. Pop da rats, make more rigs. Sell da gear, make more money.
Any Questions? |
Deamos
Quintessential Teldar Paper
|
Posted - 2011.01.11 13:23:00 -
[9]
Wee Antivirus 20## derivatives! Yeah, this thing is a real pain in the ass and it brings other assorted malware in with it. Best bet, as someone has mentioned is to run Malwarebytes, along with Combofix. Those 2 should clean the system out. Then you might wanna run Trend Micro's Hijackthis to verify nothing got by. -
|
Grimpak
Gallente The Whitehound Corporation Hounds of Anarchy
|
Posted - 2011.01.11 14:09:00 -
[10]
spybot too. ---
Quote: The more I know about humans, the more I love animals.
ain't that right. |
|
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |