My trusty Toshiba laptop was infected this morning with a particularly vile virus/malware program called System Tool 2011. You can read in greater depth about my four-hour ordeal via this link to a blog post, but I just wanted to pass along a few pointers should your PC be attacked with this virus. I think my own computer became infected after I accidentally clicked a stupid Facebook app (I meant to click on the person's name, not the app link), but of course these trojans can get passed along in a wide variety of ways.
If the virus gets activated, your screen will fill up with a fake antivirus report like this:
There will also be a ton of fake warnings telling you to delete certain files. DO NOT allow this program to delete any files, as it will delete legitimate and important operating system material, turning your once-smart computer into an idiot drone. Also, do no agree to buy the System Tool 2011 program (the other purpose of this malicious program is to get unsuspecting dupes to hand over credit card info).
System Tool 2011 will hijack and shut down most executable (.exe) programs, making it difficult to manually kill this virus. The best thing to do is to reboot and go into safe mode with networking (the F8 key usually lets you change the boot mode, but follow the instructions in BIOS when your machine is booting up).
I found two shareware programs useful in beating this deadly virus: Malwarebytes and RKill. RKill is a process-killing program that allows you to temporarily shut down any components of system-hijacking viruses, while Malwarebytes was the only antivirus program I tried that could kill all traces of System Tool 2011. They are both free at the above links, though of course you can cough up a few bucks and reward these antivirus geeks for their hard work and purchase the retail versions.
Anyways, do not panic if this virus hits your machine. Simply reboot into safe mode and take your time to eliminate every trace. Some antivirus geeks also recommend going back to restore points, but I would wait until I was sure that every registry key or file associated with this malignant piece of virtual shite is removed: it took me over a dozen reboots and antiviral scans to get rid of every snippet of slime from this farker. If you go to a restore point while some of this crap is still on your system, you might end up helping it replicate itself.
When was the last time you backed up?
I am up-to-date with my files, madjack: I learned this painful lesson a few years ago when my laptop crashed and took with it hundreds of documents. As someone who teaches, the most critical lost files were the PowerPoints I use in lecture. Every hour of face-to-face lecture translates into about 15 PP slides, and it takes me about the same length of time to create new PP slides. I figure I lost two to three thousand hours of my work, and at $20 an hour, this is a hefty productivity loss.
historymike: if that or anyone you know has an issue like that again send me a note, I'd like to think I'm pretty good at data recovery. At least in most cases I can get it back, but not as advanced as say having a clean room with special hardware to read burned platters lol.
Thanks, INC. These days I am wiser, but you never know.
Thanks for the link Mike. I have been using my computer in safe mode for weeks after being hit by a bug. This seemed to clean it up nicely because I can run regularly now with no notice of the bug, but it now runs super slow. Any ideas?
Ryan: http://www.malwarebytes.org/ download, install, run, clean :)
Thats what I did earlier.
I too got this on a computer, Malwarebytes took care of it. It locks you out of task manager and I couldn't get spybot to start. Looking it up on the internet part of fixing it, is to reset your host file.
I've just cleaned 2 computers of this.
Here's what worked for me.
1) start the computer in safe mode (hit F8) while booting.
2) If given the option, start in safe mode with networking which allows internet access
3) Download both malwarebytes and super antispyware
4) after updating both, run "quickscan" on both
That should remove it from your computer (these instructions were used on windows system computer
Mike, what browser were you using? I had this problem for MONTHS. I used the malware a gazillion times and had to do a re-install, redo malware bytes a few more times, plus a tech had to tweak a few other things because of the task manager issue. He finally got it to where i could at least work. I upgraded to fire fox and haven't had that problem since (knock on wood)
Thank god for Macs and Time Machine.
Public execution of the people who create and spread viruses would help I'll bet. :-)
I had one several months ago. IIRC it was called "Antivirus8". That sob was hard to get rid of. I ended up having to re-install Windows to get rid of it. Malware Bytes didn't clean it, Spyware search and destroy didn't either. It was so damn tough it would prevent your browser from getting to sites that had information on how to get rid of it.
I "heart" Malwarebytes! Some time ago I picked up a nasty Trojan. I tried everything! to get my laptop working correctly and in the end, the only thing that worked was to download Malwarebytes on my husband's computer, burn it to a CD-ROM and then install it on my laptop. IIRC, web posts I read suggested to name the program something other than the default name it installs with because some infections have been programed to look out for Malwarebytes and prevent it from installing.