Oh dear what a day…..My computer was infected with the “System tool Virus”

Posted: March 1, 2011 in Misc
Tags:

Hi folks,

What a day I have had.  This morning my computer went haywire after I accidentally installed the system tool virus called system tool antivirus.  I thought I would share my experiences with you just in case the same thing happens to you.

I have since found out that the System Tool Antivirus is a new kind of fake antivirus program from the same family of Security Tool. The only difference being the core files are modified a little bit and the name is changed to hide it’s detection by legitimate Antivirus programs installed on your PC.

This program is distributed with the help of trojans. When the trojan is started, it will automatically download and install System Tool Antivirus onto your computer without your consent and knowledge and configure it to run when you start Windows.

When System Tool Antivirus is started, it will imitate a system scan and detect a lot of various infections that will not be fixed unless you first purchase the program.

But it is Important to know, all of these reported infections are fake and don’t actually exist on your computer! So you can safely ignore the scan results.  But I must admit when this happened to me I wondered what the hell was going on. And While System Tool Antivirus is running, it will block the ability to run any programs as a method to scare you into thinking that your computer is infected with malware.

What is more, the rogue will flood your computer with warnings and fake security alerts. Here are some of the alerts that you will see:

Warning!
Application cannot be executed. The file cmd.exe is infected.
Please activate your antivirus software.

System Tool Warning
Your PC is infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details.
Click here to activate protection.

System Tool Warning
Intercepting programs that may compromise your private and harm your system have been detected on your PC.
Click here to remove them immediately with System Tool

Security Monitor: WARNING!
Attention: System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files

Security Monitor: WARNING!
Attention: System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files

Your private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need to update your current security software.
CLick Yes to download official intrusion detection system (IDS software).

Warning: Your computer is infected
Windows has detected spyware infection!
Click this message to install the last update of Windows security software…

This infection will also change the background of your Windows desktop to display this

Warning!
Your’re in Danger!
Your Computer is infected with Spyware!

All you do with your computer is stored forever in your hard disk. When you visit sites, send emails… All your actions are logged. And it is impossible to remove them with standard tools. For your boss, your friends, your wife, your children. Every site you or somebody or even something, like spyware, opened in your browsers, with all the images, and all the downloaded and maybe later removed movies or mp3 songs – ARE STILL THERE and could break your life!

Secure yourself right now!
Removal all spyware from your PC! 

Of course, I realised all of above warnings and alerts nothing more but a scam and like false scan results should be ignored! and that is was scam that was designed to trick me into purchasing the so-called full version.

So I urge you, if the same thing happens to you; Do not fall for these virus messages and get forced into buying the Rogueware and if you already have, you should contact your credit card company and dispute the charges.

Anyway, My computer was coming up with all these error messages and at first I didn’t now what to do.  I realised it was probably a scam and that I should not enter my credit card details. I tried opening McAfee to try and remove the virus but everything I did resulted in further error messages.

I rebooted the computer a couple of times and the same thing happened.  I then ran the dell diagnostics program but that said nothing was wrong with the computer. So I sat there perplexed and then it suddenly occurred to me that the one thing I could try was do a system Restore.  But I couldn’t access that….. Because every time I clicked on anything it kept coming up with the error messages.

I must admit I was stuck.  I knew a system restore might work but wasnt sure how to access it.  But then another brain wave, maybe if I rebooted in safe mode that might work.  So thinking that this was my last resort, before restoring to factory settings, I rebooted the computer in safe mode with networking and had success.  The computer booted up ok in safe mode and I was able to do a system restore and restored my computer to previous settings before the virus occurred, which has hopefully now removed the virus.

I have since researched this virus and found out that this was one of the methods to be used in removing the virus, lucky guess on my part :).  The other method is a bit more complicated and involves installing Malwarebytes’ Anti-malware. 

The thing that’s got me confused/annoyed is how my computer got infected in the first place when I have full antivirus software.

Anyway, now my computer seems to be working ok.  I am relieved but it has also taught me a valuable final lesson and that’s I should routinely back up my data……. Which I will do from now on.

So has anybody else suffered the same virus attack and what did you do? Did you do the same as me?

For news and reviews of upcoming science fiction and horror films please look at the SFHDominion monthly Newsletter.  And if you want to purchase second hand Comics and books please look at the science fiction and horror online shop.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s