Register | Login
BootSkins XP
Cursor FX
Dream
Icon Packager
LogonStudio XP
LogonStudio
Object Dock
Sound Schemes
Suites
WallPapers
WindowBlinds
All

Search
Forum Home | Login
We have re-enabled logins for the forums, please be aware that you may need to reset your password or register for an account again while we continue to restore full functionality.
jazzymjr
jazzymjr
Join Date 03/2004
+98

Malware Alert...System Tool 2011! RESOLVED

It takes over your entire computer

March 1, 2011 7:06:44 AM from WinCustomize ForumsWinCustomize Forums

Just wanted to alert everyone about a very nasty piece of malware out there! 

My companion was the recipient of this "nice" piece of software.  He is running Windows 7, 32 bit.  He has no idea how he got it.  Anyway, it takes over your whole computer, and you cannot even open any executable on your computer.  It tells you that your computer is infected...it even takes over your desktop.  It disables eveything.  You cannot even get into safe mode to try to run a anti-malware program to try to get rid of it.  It even blocks all your system restore backups!  What a piece of work!  I am hoping that I can get to his documents folder and copy that...I can't remember if I put that on a different partition or not...I sure hope I did!  I am going to have to wipe and re-install everything for him. 

Locked Post
Search this post
Advanced Search
Subscription Options
Reason for Karma (Optional)
Successfully updated karma reason!
2 Pages1 2 
jazzymjr
Jafo
Join Date 03/2001
+1808 sdemployee
Reply #1 March 1, 2011 7:15:42 AM
from WinCustomize ForumsWinCustomize Forums

http://www.spywareremove.com/removeSystemTool2011.html

May be some help ...

Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
DrJBHL
Join Date 04/2002
+4052 moderator
Reply #2 March 1, 2011 7:18:17 AM
from WinCustomize ForumsWinCustomize Forums

DON'T! You don't have to do all that, MJ.

Here: http://www.wiki-security.com/downloader/SpyHunter-Installer.exe 

or:

 

 

Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
DrJBHL
Join Date 04/2002
+4052 moderator
Reply #3 March 1, 2011 7:19:16 AM
from WinCustomize ForumsWinCustomize Forums

how did he sneak that in? 

Reason for Karma (Optional)
Successfully updated karma reason!

Sign Up or Login and this ad disappears!
There are many great features available to you once you register. Sign Up for a free account and browse the forums without ads.

jazzymjr
sydneysiders
Join Date 04/2004
+1042
Reply #4 March 1, 2011 7:49:18 AM
from WinCustomize ForumsWinCustomize Forums

ahhh..... so that is what I have..... I have been on an old lappy for a week.....  blocks everything...including the net....gave up... 

thanks for the headsup jazzy....

Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
DrJBHL
Join Date 04/2002
+4052 moderator
Reply #5 March 1, 2011 8:19:44 AM
from WinCustomize ForumsWinCustomize Forums

See if you can download the tool, and put it on a flash drive, then transfer it to the laptop, Syd...

Hope that works for you.

Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
ElanaAhova
Join Date 09/2008
+105
Reply #6 March 1, 2011 8:32:28 AM
from Elemental ForumsElemental Forums

I'm not a windows 7 person,  still on XP.  Can you boot from a different drive, or boot insafe mode, and then restore to an earlier point, etc.?

My system was infected with the infamous 'facebook trojan.'  After a week i finally had to reformant my hd, and reinstall windows.  I hope you get your system cleaned more easiallly than I did mine.   There is hope, many very knowledgabe people on this site who will give excellent' suggestions.

 

Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
sydneysiders
Join Date 04/2004
+1042
Reply #7 March 1, 2011 8:45:28 AM
from WinCustomize ForumsWinCustomize Forums

I'm on XP..... no safe mode... no restore points... no nuttin...

might give that a go doc... just over it at the moment........looking at getting a new PC.... 'bout time I bit the bullet and got 7..... just got a lot on at the moment and can't get my head around specs.....   then I'll just reformat this one...

Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
benmanns
Join Date 12/2005
+93
Reply #8 March 1, 2011 9:05:47 AM
from WinCustomize ForumsWinCustomize Forums

Quoting sydneysiders,
reply 7
I'm on XP..... no safe mode... no restore points... no nuttin...

might give that a go doc... just over it at the moment........looking at getting a new PC.... 'bout time I bit the bullet and got 7..... just got a lot on at the moment and can't get my head around specs.....   then I'll just reformat this one...


Ok... normaly i dont do any commercial based posts but for everyone who isnt to much into computing and security i only can recommend you "Lavasoft AD AWARE"
there is a free version and a premium version but free is just as good.It basically prevents such things and can remove almost every trojan, backdoor jacker, worm, Keylogger and also infected rootkits.
For your problem above every OS has a safemode all you have to know what button you have to press when the computer is starting.Normaly pressing F8 during bootup should do the trick if . Note some older mainboards have a diffrent F-key for access if F8 doesnt work you may need to try F2 or F12.



Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
MadDeez
Join Date 11/2001
+147
Reply #9 March 1, 2011 9:30:15 AM
from WinCustomize ForumsWinCustomize Forums

hitting F8 at start-up on some newer boards will bring up the boot order menu. on other boards, F2, F10, or F12 will do the same. to get to safe mode, one needs to wait until the motherboard "info page" and list of drives passes and then hit F8. that will bring up a menu of boot options for Windows. safe Mode will be at the top of the list.

 

Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
jazzymjr
Join Date 03/2004
+98
Reply #10 March 1, 2011 10:01:19 AM
from WinCustomize ForumsWinCustomize Forums

UPDATE!  I got rid of the dang thing, using MalWare Bytes.  I went to their forums, and found very specific instructions on how to get rid of the Trogen.  Here is the link to it: 

http://forums.malwarebytes.org/index.php?showtopic=66064

You will not be able to download the file from the infected computer.  I downloaded it to my pc, then copied it to a flash drive and then copied that to his desktop.

I didn't have to wipe and re-install anything.  I also did not have to go into safe mode.  It took all of about 15 minutes from to start to finish.  Just be sure you follow the instructions EXACTLY as stated in the instructions.

Needles to say, My companion is a happy camper now.

Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
DrJBHL
Join Date 04/2002
+4052 moderator
Reply #11 March 1, 2011 10:19:34 AM
from WinCustomize ForumsWinCustomize Forums

Good!

Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
sydneysiders
Join Date 04/2004
+1042
Reply #12 March 1, 2011 10:19:49 AM
from WinCustomize ForumsWinCustomize Forums

I have Lavasoft AD AWARE....

and I didn't explain myself well before.... it automatically goes to the Safe Mode boot options menu page only... just, when you select it... it just boots back to the menu....constantly...

but, I don't get the pop ups to buy a removal program... so maybe I have a different prob...

nothing a sufficiently high balcony won't solve though...... 

 

Edit.... just saw your reply jazzy...page been sitting here for awhile..... will give that a go.... 

Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
Phoon
Join Date 10/2001
+382
Reply #13 March 1, 2011 10:37:17 AM
from WinCustomize ForumsWinCustomize Forums

I've encountered this rascal on several occasions on various PCs. Malwarebytes was the only thing that fixed it. Note of advise. Run at least 2 full scans with it and perform a reboot to safe mode between scans.

Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
Philly0381
Join Date 11/2004
+844
Reply #14 March 1, 2011 10:47:44 AM
from WinCustomize ForumsWinCustomize Forums

For those that encountered the trojan, any thoughts on where you may have picked it up from? 

Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
Phoon
Join Date 10/2001
+382
Reply #15 March 1, 2011 11:44:00 AM
from WinCustomize ForumsWinCustomize Forums

I've seen this thing come in from various places just out of the blue too.

Last encounter.. I saw someone playing a game on facebook and BAM! it just starts scanning your system. Once that starts you are already infested.

Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
Philly0381
Join Date 11/2004
+844
Reply #16 March 1, 2011 11:53:10 AM
from WinCustomize ForumsWinCustomize Forums

Thanks Phoon.

Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
natas2
Join Date 01/2008
+100
Reply #17 March 1, 2011 11:56:24 AM
from WinCustomize ForumsWinCustomize Forums

I had this on my daughter's PC.  It comes up as a pop-up and tells you you are infected.  When you try to close the pop-up, it launches the program.  Then entire pop-up is the "accept" button.  In other instances that it has come up, I've just killed it with Task Manager or shut down the PC.

Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
Philly0381
Join Date 11/2004
+844
Reply #18 March 1, 2011 12:15:26 PM
from WinCustomize ForumsWinCustomize Forums

The reason I asked about how it is picked up is I believe it tried to get to me by way of ImageShack the last couple of times I used it.

Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
Dr Guy
Join Date 09/2004
+129
Reply #19 March 1, 2011 1:30:51 PM
from JoeUser ForumsJoeUser Forums

I have not had time to view Doc's video (will do so in a bit), but a friend got  a bug just like that one.  I was about to reformat and re-install! (not quite, I had other options, but you can see the frustration level).  But then I stumbled upon a way around it.

I tried to open a file that did not have an association.  So it let me pick something to open it with. I chose CMD.EXE (it would not let me go to the command line itself).  And it opened a command line!  I was then able to switch to the infected directory, rename the file (not delete it, it was running) and reboot - and then clean everythiing up!

So I guess the key is to leave a disassociated file on your desktop? 

As for how your friend got it, I have had many people tell me the same thing.  One thing I have read is that when the infecting popup shows up, the only "clean" way of closing it is to crash your browser.  Any other click was probably programmed in by the authors to be a "yes".

Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
jazzymjr
Join Date 03/2004
+98
Reply #20 March 1, 2011 1:44:06 PM
from WinCustomize ForumsWinCustomize Forums

Quoting Philly0381,
reply 14
For those that encountered the trojan, any thoughts on where you may have picked it up from? 

My companion is not sure how he got it, but he had been looking at a slide show that he got in an email, just before the thing popped up.

Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
DrJBHL
Join Date 04/2002
+4052 moderator
Reply #21 March 1, 2011 1:46:31 PM
from WinCustomize ForumsWinCustomize Forums

You can browse in https mode on facebood (highly recommended).

You can also browse in virtual mode using Sandboxie (sandboxie.com) for x32 and x64, or BufferZonePro (free) for x32.

They give you a red line around your browser window and seemed to bother a couple of skins (sandboxie).

Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
Phoon
Join Date 10/2001
+382
Reply #22 March 1, 2011 2:40:11 PM
from WinCustomize ForumsWinCustomize Forums

So I guess the key is to leave a disassociated file on your desktop?

This thing will infect more than just a few files. It will blow itself through the registry and many areas of your system. You got lucky!

I have avoided it before by pulling the plug on the PC... how-ev-errrrrr.... that is NOT advisable.

A few weeks ago I flipped a breaker that turned out to be the computer room. 1 system shut down and the OS was hosed upon attempted reboot.

 

Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
natas2
Join Date 01/2008
+100
Reply #23 March 1, 2011 3:11:44 PM
from WinCustomize ForumsWinCustomize Forums

I have avoided it before by pulling the plug on the PC... how-ev-errrrrr.... that is NOT advisable.

Yeah.  Try the old task manager next time and kill whatever web browser you are using.  It's also a good idea to not have firefox set to reload the last page you were viewing or you might be right back at square 1.

Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
ekimragz
Join Date 05/2007
+13
Reply #24 March 1, 2011 3:24:16 PM
from WinCustomize ForumsWinCustomize Forums

Quoting jazzymjr,
reply 20




My companion is not sure how he got it, but he had been looking at a slide show that he got in an email, just before the thing popped up.

 

Them dang slideshows are frought with peril.

Reason for Karma (Optional)
Successfully updated karma reason!
jazzymjr
Uvah
Join Date 05/2006
+874
Reply #25 March 1, 2011 4:23:34 PM
from WinCustomize ForumsWinCustomize Forums

I guess I'm lucky then.

 

 

*looking over shoulder warrily*

Reason for Karma (Optional)
Successfully updated karma reason!
2 Pages1 2 
View all recent posts
Mark all posts as read Delete cookies created by the forum Return to Top
Stardock Forums v        Server Load Time:   Page Render Time:


Top Skin Authors

Yesterday  |   Last 30 Days  |   All Time
View More

Latest News

View Homepage

Return to the WinCustomize homepage.
CursorFX

CursorFX is a utility which allows you to have much more flexibility in the cursors you use to interact with Windows. CursorFX users can create and use cursors that look and feel far superior to anything you've ever seen before! Best of all, it's really easy to create your own super-charged cursors!

Publisher: Stardock Corporation
Developer: Stardock Corporation
Genre: Object Desktop
Website | Download | Purchase
Stardock Curtains

Customize Windows with additional styles beyond light and dark mode

Publisher: Stardock Corporation
Developer: Stardock Corporation
Genre: Object Desktop
Website | Download | Purchase
DeskScapes

Stardock DeskScapes extends Windows 10 with the ability to run spectacular animated wallpapers (Dreams) on your desktop. Choose your Dream from our extensive library to personalize your pc.

Publisher: Stardock Corporation
Developer: Stardock Corporation
Genre: Object Desktop
Website | Download | Purchase
IconPackager

IconPackager is a program that allows users to change nearly all of their Windows icons at once by applying "packages" of icons. A package of icons contains icons to replace most of the common icons on your Windows PC.

Publisher: Stardock Corporation
Developer: Stardock Corporation
Genre: Object Desktop
Website | Download | Purchase

Icons

Icons for applications and folders.

Rainmeter

Rainmeter allows you to display customizable skins on your desktop, from hardware usage meters to fully functional audio visualizers. You are only limited by your imagination and creativity.

Rainmeter is open source software distributed free of charge under the terms of the GNU GPL v2 license.

Website | Download
Screenshots

Show off your favorite desktop configuration by uploading a screenshot of your desktop!

SoundPackager

SoundPackager brings customization of your auditory experience to Object Desktop! Users can now choose from "sound packages" to enhance their Windows desktop experience. Over 30 different system sounds are supported; unique new Stardock Design sound packages are included with the package.

Publisher: Stardock Corporation
Developer: Stardock Corporation
Genre: Object Desktop
Website | Download | Purchase
Start8 Themes

Microsoft Windows® 8 is shipped without the "Start" menu. Stardock heard the cries from Windows 8 users. We put the "Start" menu back in Windows 8. We accurately recreated the most used desktop feature billions of users depend on every day and packed it with additional functionality.

Publisher: Stardock Corporation
Developer: Stardock Corporation
Genre: Object Desktop
Website | Download | Purchase
Wallpapers

The finest collection of desktop backgrounds on the Internet!

Publisher: Stardock Corporation
Developer: Stardock Corporation
Genre: Object Desktop
WindowBlinds

WindowBlinds changes the look and feel of your Windows desktop by applying visual styles to your entire Windows environment. When a visual style is applied, they change nearly every elements of the Windows GUI such as title bars, push buttons, the Start bar, menu and more.

Publisher: Stardock Corporation
Developer: Stardock Corporation
Genre: Object Desktop
Website | Download | Purchase
Winstep Software Technologies

Winstep Extreme is a powerful suite of applications that merge incredible usability and performance with breathtaking eye candy. Add your own Menus, Docks, Tabbed Docks, Taskbar and Widgets with this Windows User Interface Replacement!

Website | Download

View Gallery List

View a list of all of the different galleries available in WinCustomize, which you can then browse individually.

Explore All

Explore all available galleries on WinCustomize.

Customize This Menu

This option is only available for subscribers of WinCustomize. If you are a subscriber it will allow you to select which categories you would like to see in this menu from a list of all galleries available on the site. This information will be stored on your account for all your future visits.

Subscribe
Home | About | Privacy | Upload Guidelines | Terms of Service | Help
WinCustomize © 2025 Stardock. All Rights Reserved.