[laryb]

Let me preface this by saying that I run Panda Internet Security 2011, Webroot Spysweeper, free version of Super Anti-Spyware, and Spy Doctor. Also, I am not a computer expert, nor do not play one in the movies, but this freaked me out and I hope this will help someone if they run into it too. The other day, I got a pop-up that said "System Tool" virus program had detected 73 serious level infections, and that I should pay $79 to download the program and remove these deadly viruses. Normally I would ignore this and continue on, but every thing had been disabled. Web page, browser, Panda, spysweeper, everything. Tried to reboot numerous times, but still frozen, except for message from "System Tool" asking for $79. Got on the other laptop and started to research "system Tool" and discovered that it is a rogue program. If you run into this program, DO NOT buy it or give out any of your info. What worked for me was to reboot in safe mode and do a system restore to a earlier safe date. I then ran a full scan of Panda, SpySweeper, Spy Doctor, the free version of MalWareBytes (http://www.malwarebytes.org/rogueremover.php ), and Microsoft Security Essentials. I know it was probably overkill, but I thought, better safe than sorry. If this sucker got through all my protection, it might get through yours. Remember, don't buy the program, your info will end up in Holland or Belgium.

[njbchbum]

thanx for the heads up, laryb!

[K9-Lovers]

Thanks Laryb, I've run into this one before also. When something like this happens, I don't click on anything, and instead immediately turn off my computer by holding in the on/off button for 5 seconds. That's the best way I've found to bypass this bug. Then I turn the computer back on and run my malwarebytes and superantispyware scans. You are right, it disables all your virus protection. Sometimes, I have to download McAfee security all over again because it's disabled. Be sure to really check your security systems because sometimes they appear to be working but actually are not. Try running a virus scan with your McAfee or Norton, etc., and if it will not scan then you may need to download again.

[rjm1cc]

In some cases your only option is to reformat your drive and rebuild your system. Best to have an external drive that you back up your data to on a regular basis. You should also have a backup of your operating system Windows/Mac). Buying the program will not help.

[memason]

I had this virus in Germany, last year. Like Larry, the only way I found to eliminate it was to reboot in safe mode and recover the system to a about a week in the past.

That took care of it, but I tell you, I got a few more gray hairs trying to get past the purchase screens.... It's a nasty virus, to be sure.

Unfortunately, the less initiated, will start clicking on the free scan or purchase screen.

Never had anything remotely resembling this on my Apple ...

[LittleDog]

I did the same thing when this virus attacked. Turn on the computer in safe mode and do a system restore. Worked like a charm. Then I ran a virus scan. Simple solution but effective.

John

[ajbrown]

FWIW. Part of my job requires me to research Linux vulnerabilities which often takes me to some sites that are unknown and potentially malicious. I was always dealing with malware of some type. I had been running a virtual machine just for browsing, but then I found a piece of software called Sandboxie and have been using it for some time now. Sandboxie is a piece of software that allows you to run your browser (or other programs) in a "sandbox". In theory the browser cannot write to your real system. I have been hit by some malware last week and it worked. I simply cleared out the sandbox and was all set. If you are interested check it out here.

http://www.sandboxie.com/index.php?FAQ_Virus

[laryb]

Thanks AJ.... will give it a look today

[rubicon]

I am afraid of viruses that is four kinds little ones and big ones aliv ones and dead ones. You guys are way over my head if :systmes tools" strikes I have little choice but to call the Geek Squad

[inda50]

thanx for the heads up, laryb!

[gongoozler]

Quote:

Originally Posted by jrheydt

I did the same thing when this virus attacked. Turn on the computer in safe mode and do a system restore. Worked like a charm. Then I ran a virus scan. Simple solution but effective.

John

Thanks for this advise . . . was at the airport and used the "free" wifi and pick up this "System Tools" virus . . . did the reboot in safe mode (f8) and the system restore (Start . . . All Programs . . . Accessories . . . . System Tools . . . System Restore). Set the date to the day earlier and restarted . . . all clear! Thanks!

[mrdills]

I had that problem yesterday, its comes up on your computer as "Windows Efficiency Magnifier" and if you download that program you will get that rouge virus, and they want you to spend money to clean it up but Don't fall for that scam. Do what jr said you will get it off your computer. Good job guys...

[StarbuckSammy]

Thanks gongoozler for the in-depth instructions on how to go into safe mode etc.

[harbor53]

http://www.securitynewsdaily.com/cat...security-news/

[gardenia]

Thank goodness for this thread and to gongoozler for the specific instructions on how to restore. Yesterday I got a pop up that had the McAfee icon saying "windows detected a virus...." and advised to purchase spyware removal tool by clicking on a YES button. I thought I hit the "X" button to close the pop up but must have hit "NO" instead and ended up getting an attack on my computer which disabled McAfee, could not get to to the internet or any of my local files, repeatedly got the annoying msg to purchase the tool which I knew was a total scam. Thankfully I was able to do my research from another computer, then thought of checking TOTV and sure enough, followed gongoozler steps and I am now safely back in business!!! And the restore didn't touch my documents. I did reboot using safe mode earlier but hadn't thought of the restore, so thanks a million for saving me "dinero"!