Results 1 to 8 of 8
  1. #1
    2 Star Lounger
    Join Date
    Feb 2010
    Location
    Iowa, USA
    Posts
    163
    Thanks
    1
    Thanked 1 Time in 1 Post
    2010 12 27
    After several years without any virus problems, I was surprised when my Windows XP Professional system suddenly locked up, displaying a garish screen saying that something called “SystemTool” was warning of a virus infection. I couldn’t run or start any other program (including Microsoft Security Essentials, which had been previously installed) and even the keyboard didn’t seem to work. The mouse did work, so I quickly shutdown the system and got on my other computer to figure out what to do. I couldn’t find any simple clear instructions of how to proceed so I wrote the following description of my efforts for anybody else who may have similar problems. I don’t need any help right now, but would be interested in comments from anybody else in a similar situation. Here’s what I did:

    After shutting down the system, I brought it up again normally to see if the virus infection was still there. It was, so I shut down again. Then I brought up my system in Safe Mode with Networking (by pressing F8 as the system came up), then went to http://www.malwarebytes.org/ and downloaded the free version.

    One oddity in Safe Mode was that there was a new user named “Administrator” and my normal user name of “Roger” was NOT there. I don’t know why that was, but Administrator seemed to work OK.

    Still in Safe mode, I ran the Malwarebytes download. It took about 15 minutes, and found three infected files. Malwarebytes removed them, then rebooted normally. However, the same problem occured with the same symptoms. The three infected files were:
    c:\RECYCLER\s-1-5-21-2155838564-2076788586-647548887-1009\Dc191.exe
    c:\documents and settings\Roger\local settings\Temp\sm6rt4gc.exe.part (Trojan.Agent)
    c:\documents and settings\Roger\Desktop\system tool 2011.lnk (Rogue.SystemTool)

    So I shutdown again, restarted in Safe Mode, and ran the Malwarebytes Full System Scan on C:. This took 1.5 hours and found five more infected files. After removing these files, the system shutdown and rebooted normally. The virus seems to have been removed. The infected files were:
    c:\documents and settings\all users\application data\gcbkc08200\gcbkc08200.exe (Rogue.SystemTool) c:\documents and settings\all users\documents\roger's shared files\Roger\rogers utilities\security programs\asterisk key finder\ariskkey9.5.exe (Tool.PassCracker)
    c:\documents and settings\Roger\application data\Sun\Java\deployment\cache\6.0\39\1d95d8e7-46a6ac36 (Rogue.SystemTool)
    c:\documents and settings\Roger\application data\Sun\Java\deployment\cache\6.0\43\6b487a6b-50aad3c9 (Rogue.SystemTool)
    c:\system volume information\_restore{cca15f78-7193-4ca6-8115-2b570dd6546c}\RP1542\A0225123.exe (Tool.PassCracker)

    I think the Tool.PassCracker files mentioned above were unrelated to the Rogue.SystemTool files but I removed them anyway.

    After the system was operating normally, I wanted to check it with several free online virus checkers. However, I couldn’t find a list of them anywhere. Here are my efforts to check that the SystemTool virus was really gone:

    First, I started a Full Scan by Microsoft Security Essentials (MSE), which had been previously installed on my machine, but apparently did not prevent the SystemTool virus from being installed. However, after four hours, MSE wasn’t finished so I cancelled it and will run it again overnight.

    Finally, I found the BitDefender Online Scanner at: http://www.bitdefender.com/scanner/online/free.html
    The QuickScan Beta 32-bit v0.9.9.52 found no infection after a run that lasted a few minutes.

    Next, I found the F-Secure online scanner at:
    http://www.f-secure.com/en_EMEA-Labs...online-scanner
    After 45 minutes, this scanner found 14 additional infected files, but these files were all tracking cookies, which appeared to be unrelated to the SystemTool virus.

    So, as far as I can tell, my system is now back to normal, but I will run MSE overnight. If there is anything else I should do, or if there is a list of free online scanners somewhere, please let me know. Thanks for your interest.

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    Free online scanner: HouseCall from Trend Micro

    Addtional free tool: SUPERAntiSpyware.com

    I'm surprised not to see something that runs the malware at startup. You might use try Autoruns (from Microsoft/Sysinternals) to double-check that there are no unexpected items in the usual locations (e.g., Startup folder, Run keys, Services).

  3. #3
    Gold Lounger
    Join Date
    Oct 2007
    Location
    Johnson City, Tennessee, USA
    Posts
    3,202
    Thanks
    37
    Thanked 215 Times in 202 Posts
    Quote Originally Posted by RogerF View Post
    2010 12 27

    So, as far as I can tell, my system is now back to normal, but I will run MSE overnight. If there is anything else I should do, or if there is a list of free online scanners somewhere, please let me know. Thanks for your interest.
    Roger,
    Hello... It's not free but ....Norton Internet Security 2011 has a feature called "boot time scan" and also another tool that you make a "recovery disk" to boot into Norton..(in case something renders your PC un-bootable). The scan can be set from normal to aggressive ... These are some of the reasons that i don't use "Mickey MSE" even though it's free... Just can't compare ... In my opinion it doesn't pay to "cheep out " when it comes to security... Regards Fred
    PlainFred

    None are so hopelessly enslaved as those who falsely believe they are free (J. W. Von Goethe)

  4. #4
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by Fred J Usack View Post
    Roger,
    Hello... It's not free but ....Norton Internet Security 2011 has a feature called "boot time scan" and also another tool that you make a "recovery disk" to boot into Norton..(in case something renders your PC un-bootable). The scan can be set from normal to aggressive ... These are some of the reasons that i don't use "Mickey MSE" even though it's free... Just can't compare ... In my opinion it doesn't pay to "cheep out " when it comes to security... Regards Fred
    Sorry Fred, couldn't resist quoting Fred Langa, from the August 5th edition of the Newsletter:


    (...) AV tools and security suites are notorious system hogs, and feature-bloat is common.

    For example, Trend Micro lists 13 major features and subsystems in its security suite, McAfee lists 14, and Symantec lists 33!

    Many of these features duplicate abilities already built into Windows and the major browsers. For example, Internet Explorer and Firefox have built-in link-checkers, pop-up-blockers, parental controls, and more. Windows itself (especially Win7) has a capable firewall built in.

    So the large security suites are including features you probably already have, and all of these redundant features consume memory and CPU time.

    In contrast, the small, more nimble security packages offer just the essentials. For example, ESET lists just six major features for NOD32.

    And my current favorite security tool, Microsoft's free Security Essentials (site), lists just two major functions: antivirus and anti-malware protection. When used with Windows' built-in firewalls and a fully current browser (say, IE8 or Firefox 3.6.x), you end up with essentially the same capabilities provided by the huge commercial security suites.


    Another perspective, from a respected Windows Secrets columnist. I do tend to agree with him.

    Regards
    Rui
    -------
    R4

  5. #5
    Gold Lounger
    Join Date
    Oct 2007
    Location
    Johnson City, Tennessee, USA
    Posts
    3,202
    Thanks
    37
    Thanked 215 Times in 202 Posts
    Quote Originally Posted by Rui Ribeiro View Post
    you end up with essentially the same capabilities provided by the huge commercial security suites.

    Another perspective, from a respected Windows Secrets columnist. I do tend to agree with him.
    Rui,
    Hello... The word "essentially" says it all for me ... here's a short list of some of the things that "essentially" leaves out

    1. Being able to choose what to scan... Ex: which one of my Drives \ Partitions to scan,and which to leave out.
    2. To what extent to scan whatever i choose... normal or aggressive.
    3. When to scan and what files\folders\ programs to exclude.
    4. Boot time scan....Takes care of problems before your OS "boots up", and to what degree.
    5. Can build a "Recovery Disk" ...so in the event that some "malware" gets past, you run Norton from a "boot disk" to remove the problem before it loads itself.
    6. Can access all security( E mail AV, AM etc) with a"mouse click" and change any setting to whatever i choose . Unlike "Mickey MSE" and some other combo of freebies. Kinda reminds me of the movie 2001 space odyssey ... HAL speaking (MS) "Fred don't switch that off Fred..Fred i really wouldn't do that . I can do it all with one program, and all for the huge cost of about 2$ USD a month.
    7.I prefer a one stop configurable security program and like i have said "What do i care". If my security uses more CPU \ Resources etc.I'm not working with NASA and helping them compute Space Shuttle launches. ...So what if it take several msec more to do something because of my security.
    8. And one of the most important... I can "switch off" any part of Norton that i want ...for as long as i want ...to install or test new software. As some will give a "false positive" (not real security problem)
    The bottom line for most is that they don't want to bother with all the settings ...so for them "Mickey MSE" works great... For me I take recommendations and throw that in the mix with what i feel is important.. and decide for myself ....Even if it's against "Common Wisdom" Regards Fred
    PlainFred

    None are so hopelessly enslaved as those who falsely believe they are free (J. W. Von Goethe)

  6. #6
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Hi Fred,

    You are, of course, entitled to your choices. I have been there, done that. Ages ago, when Norton was even more bloated than it seems to be now, I used it, until I couldn't stand the bloat anymore and also at a time several tests showed the included firewall was really bad. So I changed to another paid app, which also turned to be bloated and ineffective and changed again. I must say that in all this time, I never got an infection, virus or otherwise, while I ran these bloated apps.

    Today I run another paid app (Online Armor ++) together with an AV app, which is MSE (on my 64 bit desktop) or Vipre (on two laptops one running Win7 x86 and another running Vista x86)- Vipre is paid for, as is Online Armor. I actually own a site license for Vipre, so I could install it in all my PCs. On my desktop, I do prefer MSE to Vipre, for a simple reason - it has shown to be less intrusive.

    So, Fred, maybe your view that people use free apps just because they are free is just wrong - it surely is on my case. I could use Vipre and I could buy another app if I thought it would be more effective. In my case, the use of MSE it's really because I like it and the protection it provides seems enough to me.

    I am sure that you know that no single app provides full protection, these days. That's why I use two, both of them light, so that they do disturb my normal use of my own hardware. I hate to try to do something and have to wait because a bloated security app is taking too much of your cpu time or accessing your disk in a way that effectively prevents you from doing so.

    Each user is entitled to use the apps of its choice and you should not assume that those who choose to use Microsoft software are ignorant about alternatives. I, for one, will use all alternatives that are better, even if they are paid, but there are also paid alternatives that are way much worse than free ones. Advising others about what to use in their own computers is risky and there is no panacea to solve everyone's security problems.

    Regards

    Rui
    Rui
    -------
    R4

  7. #7
    2 Star Lounger
    Join Date
    Feb 2010
    Location
    Iowa, USA
    Posts
    163
    Thanks
    1
    Thanked 1 Time in 1 Post
    Thanks for the debate above and responses to my original question. An additional point, from my point of view: I realize that security is important but it's not my main business. In addition, since I hadn't had a problem for several years, it really doesn't pay me to spend much time on it. Even if I studied the various options, I would likely forget the details by the time a real problem occurred. It seems more efficient to use something simple and easy (MSE), be careful with web access, and then deal with whatever problems might occur, rather than spend a lot of time studying or implementing options that take a lot of time to understand and may or may not provide much additional protection. But thanks for all the thought provoking commentary.

  8. #8
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    It should also be said that spending a great deal of time troubleshooting infections is a waste of ones time when a calculated regimen for data preservation is put in place as a contingency for such an occurrence.
    ...Unless one has a great deal of time on ones hands, and the data one has isn't realy that important.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •