System Tool 2011 Infection

Over the Christmas weekend I had two PC's (both running XP with current AVG virus software) infected with a malware program called System Tool 2011. The infection actually occurred while I was clicking-on and reading various Cruise Critic postings on the Carnival Board.

Anyone else had this happen to them recently??

I got this on my computer yesterday as well :(

Not me, but I pretty much block everything.

You can download a free copy of malwarebytes to check for remnants.

http://www.malwarebytes.org/

Yep, got it yesterday! I had been on CC but had moved onto other vacation sites. My hubby blamed my son as he is always downloading games.

He was able to do a system restore to last week, so were good.

My Anti-Virus stopped it yesterday...

Thanks! After the 1st infection, on a separate PC, I downloaded Malwarebytes and did a "Full Scan". Then I downloaded Spybot and also did a full scan to clean up the rest of the mess. I made sure that both of my PC's were current on my anti-virus software and I was using Firefox as my browser.

Last night, on my other PC - darn if I didn't get System Tools 2011 on that one!!!!!!

Oh well - at least by that time I knew what to do.

Yep, I got it too!! Thanks for the hint on System Restore. Will try that next.

I also got it. I couldn't figure out where I got it because I don't open suspicious things, but I read that you can get it by clicking "no thanks" if a pop up offers you something and I do remember that happening to me a couple of days ago. I was surprised to see the pop-up becuase I have them blocked. I also have AVG, but it didn't stop it.

It's a booger to get out because it won't let any spyware/adware/virus programs run on your computer. I did get it out but it took all day.

good reminder to backup my files again. My Hard-drive crashed about a month ago and with no backup files it was devastating...and my own fault...I know that....

so now I'm trying an online backup program Carbonite...hoping that works well and it isn't too expensive!

Hope I don't come across anything through the threads though!

Mauraoel, if you don't mind, would you share what anti-virus program caught the System Tool 2011 malware before it infected your PC? My up-to-date AVG didn't catch it - so it may be time for a change.

I'd really appreciate it! :)

Over the Christmas weekend I had two PC's (both running XP with current AVG virus software) infected with a malware program called System Tool 2011. The infection actually occurred while I was clicking-on and reading various Cruise Critic postings on the Carnival Board.

 

Anyone else had this happen to them recently??

my wifes yesturday and mine today

Today was worse, had to do a restore to fix it.

Running a full scan, and malwarebytes says it found 3 items. hmmmm.

For those who think you have to click on something, all you have to do is run your mouse accidently over a infected banner advertisement. No clicking necessary.

Oh wow - I didn't know you didn't even have to click on it! Yikes!

Oh wow - I didn't know you didn't even have to click on it! Yikes!

CC has gone thru this before .. seems like last christmas season, when they think the hosts arent paying as much attention perhaps..Host Mach said just brushing by the infected ad with your mouse can infect you.

Everyone should run the scan who was here the last day or so .. just in case.

I deal with this all the time with my customer's getting their PCs infected.

I use a great site called bleepingcomputer dot com which has excellent info on how to remove alot of the common "mal-ware" that is out there now.

Malwareantibytes is a great tool, but many times the malware is able to shut it down before allowing it to run.

Most antivirus programs aren't very good at detecting some of this stuff and it comes right through.

Best word of advice is to keep your computer updated with all the latest Microsoft security and browser updates.

Also, using another browser like chrome or firefox also reduces the chances of getting infected with that garbage. :eek:

I got the virus when I first logged in to CC. I likely tried to access a menu - either my quicklinks to subscribed threads, or the new threads dropdown - that is typically what I do when logging in. I did hover over the banner at the top (was distracted for a minute) before trying to navigate.

The virus starts with a Java script, which loads the malware. It is in the background at first, and does the damage before you even know it's working. Once it loads you can't use control_alt_delete to kill it, you can't run any spyware, etc - it blocks all of it. It allows you to use some internet sites, but gives you pop up's constantly telling you that you have a virus and need to take action.

To get rid of it, I hard restarted the computer (hold down the 'off' button until it shuts down), restart it in "Safe Mode with Networking" by holding the F2 key while it booted up. This step depends on your operating system, and it should tell you as it loads what key tohkit. In Safe Mode, it allowed me to load Malwarebytes and use it to kill the virus.

I use Java for work, so I have to leave that open on my laptop. Most people don't use it, and it may be blocked in your settings or through your anti virus software. I wish I could block it to prevent this from hitting again. Unfortunately that is not an option for me :(

I deal with this all the time with my customer's getting their PCs infected.

 

I use a great site called bleepingcomputer dot com which has excellent info on how to remove alot of the common "mal-ware" that is out there now.

 

Malwareantibytes is a great tool, but many times the malware is able to shut it down before allowing it to run.

 

Most antivirus programs aren't very good at detecting some of this stuff and it comes right through.

 

Best word of advice is to keep your computer updated with all the latest Microsoft security and browser updates.

 

Also, using another browser like chrome or firefox also reduces the chances of getting infected with that garbage. :eek:

bleepingcomputer is where I got the info I needed to get rid of mine.

My computer is automatically updated and I use firefox but it got through everything. My DH, doesn't come here and I do - he didn't get this bug and I did....and I never figured out where it came from til this thread was started. Thanks OP, you have helped solve the mystery.

(Coincidentally?) my Norton AntiVirus 2010 reported blocking a "unauthorized intrusion" event on Sunday at 9:00AM EST.

Normally I don't cursor anywhere near the Banners.

This sounds very similar to the "Dr MalWare" infection of 6 or so months ago.

ken

I was bouncing between CC and other sites yesterday, and noticed in the evening that my Norton popped up around 5 times back to back saying suspicious activity was blocked. I didnt check out the details/info., but it was probably the same problem.

I also did notice that one time an "anti-virus software" started to do a scan of my system. It's the one where even if you click for it to stop/cancel it keeps scanning. I stopped it using the Task Manager, which is the only thing that seemed to work.

I got it Christmas day too. DH was not happy and for a couple of minutes was worried that it was going to wipe our whole computer. He said it could have been bad but luckily he got it off pretty quickly thanks to some website help. I was on this website and it was the only thing I could figure out where I got the virus from too.

Switch to Linux and you can forget about those Microsoft viruses

cleaned my daughter pc last night.. she is not a vistor to CC , she got it from facebook

its a fake security program ( Scare Ware), that will not cause harm but will take up many resources and can cause severe latency

I fixed it by:

enter safe mode with networking ( f8 at startup)

download and run both malwarebytes and spybot search and destroy

each will need to run twice as each will find it resident in memory and will state it needs to be rescanned again.. you will be good to go!

Btw not many anti virus/ anti malware programs will catch this ... at this time.

the issue is dont elect fix this to remediate on this program or any other scare ware type if malware

My Norton blocked it twice yesterday and once today.;)

Thank goodness I have it for protection & it worked.

Mauraoel, if you don't mind, would you share what anti-virus program caught the System Tool 2011 malware before it infected your PC? My up-to-date AVG didn't catch it - so it may be time for a change.

 

I'd really appreciate it! :)

AVAST, my IT husband swears by it and it's free. They do have a higher version that is paid for but we only have the paid version on one comp in the house; it is the only comp that is allowed to access facebook.

I got it on Xmas day also.

Got it from here on CC boards .

A pop-up (don't remember what it was) , which I declined , downloaded it.

Found the file that was downloaded , deleted it , then did a System Restore from a prior date.

That worked until I came back to browsing CC , got it again.

Did the same proceedure but stayed off of CC for a couple days.

Seems Okay now.