+ Post New Thread
Results 1 to 10 of 10
Windows Thread, System Tool 2011 - Virus Warning (Related to Hotmail Adverts) in Technical; Hello All! I'm sure some of you maybe of seen it already, but take a look at the screenshots below... ...
  1. #1

    Join Date
    Nov 2008
    Location
    Chelmsford, Essex
    Posts
    144
    Thank Post
    8
    Thanked 21 Times in 14 Posts
    Rep Power
    16

    System Tool 2011 - Virus Warning (Related to Hotmail Adverts)

    Hello All!

    I'm sure some of you maybe of seen it already, but take a look at the screenshots below...





    This all down to the "System Tool 2011" Virus that's started to go around like wildfire! We've had 3 staff personal computers, a couple of student laptops and 2 on-site computers get hijacked with this virus in the last week. All of the on-site machines accessed hotmail before getting infected and from researching this, it's coming through an advert on the hotmail website. You don't even need to click the advert as the virus executes via a Java/Javascript vulnerability. There's also a PDF vulnerability this virus can take advantage as well. There are reports other sites are infected too through the same type of advert. I'm unsure of these though. It effects all Windows XP, Vista and 7.

    The only way we've been able to remove the virus use the Malwarebytes' Tool. The instructions in the forum post below work 100%. The tool needs to be run in the user account it's hijacked. However, we've seen one computer corrupt itself as the virus had time to completely ruin the boot-up and then we had to rebuild it from scratch.

    Removal instructions for System Tool - Malwarebytes Forum

    We've blocked the hotmail website as a precaution so far to stop any further infections. It might be worth warning staff who have home computers that could be at risk. Unfortunately, it's bypassed Sophos Anti-Virus (due to the nature of how the virus renames itself everytime it excutes after a reboot) and it cannot be detected outside of the user account it's hijacked.

  2. 3 Thanks to Tunster:

    andrew_91090 (4th March 2011), itguy22 (8th March 2011), speckytecky (6th March 2011)

  3. #2

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    395
    There's a long thread going about this one already: Compromised Websites - Anyone else affected yet?

    It's not just Hotmail by a long shot, so a block there will not be effective.

  4. #3

    Join Date
    Nov 2008
    Location
    Chelmsford, Essex
    Posts
    144
    Thank Post
    8
    Thanked 21 Times in 14 Posts
    Rep Power
    16
    Quote Originally Posted by AngryTechnician View Post
    There's a long thread going about this one already: Compromised Websites - Anyone else affected yet?

    It's not just Hotmail by a long shot, so a block there will not be effective.
    Not noticed this but Hotmail has been mentioned everytime we've spoken to each user who's had there machine hijacked by this virus. Didn't notice the above thread. Will read and contribute there .

  5. #4
    this_is_gav's Avatar
    Join Date
    May 2009
    Location
    Shilbottle, Northumberland
    Posts
    46
    Thank Post
    19
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    It's adverts in general - even the London Stock Exchange was spreading it apparently.

  6. #5
    andrew_91090's Avatar
    Join Date
    Jan 2008
    Location
    England
    Posts
    362
    Thank Post
    87
    Thanked 55 Times in 42 Posts
    Rep Power
    25
    we unfortunally had a member of staff recently infected with this, i spent 2 days scanning for this rogue and nothing was found, i evan tried malwarebytes and it did not work, but i didn't try it this way, i'll try it this way next time, thanks

  7. #6

    Join Date
    Apr 2009
    Posts
    35
    Thank Post
    13
    Thanked 8 Times in 6 Posts
    Rep Power
    13
    ive had this on many private jobs - best solution i found was

    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    make sure you boot into safe mode - as usual!

    make sure SAS has the latest version - has not failed me yet

  8. #7

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    6,365
    Thank Post
    612
    Thanked 1,133 Times in 867 Posts
    Blog Entries
    15
    Rep Power
    497
    I've said it once and will continue to say it many times : SAS bulks out results with legitimate files, if you want to trust your network/systems to that level of deceit then you might as well open it up to proper infections.

  9. #8

    Join Date
    Apr 2007
    Location
    York
    Posts
    573
    Thank Post
    11
    Thanked 5 Times in 5 Posts
    Rep Power
    20
    I've had it loads on private jobs too.
    Boot into safe mode
    The file is in Documents and Settings / user / app data
    there is a folder with random letters and numbers
    Delete that and run malwarebytes / alternative

  10. #9
    silver_uk's Avatar
    Join Date
    Sep 2009
    Location
    Lancaster
    Posts
    61
    Thank Post
    3
    Thanked 8 Times in 6 Posts
    Rep Power
    12
    Found it using the old rename OLD.xxx letters and numbers the normal stuff would not remove this one.
    One happy head teacher :-) Cheers.

  11. #10
    AyatollahPies's Avatar
    Join Date
    Jan 2008
    Location
    Earth
    Posts
    900
    Thank Post
    48
    Thanked 105 Times in 95 Posts
    Rep Power
    42
    Quote Originally Posted by synaesthesia View Post
    I've said it once and will continue to say it many times : SAS bulks out results with legitimate files, if you want to trust your network/systems to that level of deceit then you might as well open it up to proper infections.
    We're all paying small fortunes for Anti-Virus software that is failing miserably to do it's job, so I'm more than happy to get false positives, as at least then I'll have an idea where a genuine issue might be.



SHARE:
+ Post New Thread

Similar Threads

  1. System Tools Virus
    By leemac13 in forum Windows
    Replies: 7
    Last Post: 2nd March 2011, 03:51 PM
  2. Warning of anti-virus calls scam
    By MK-2 in forum General Chat
    Replies: 11
    Last Post: 15th November 2010, 02:55 PM
  3. Your favourite (IT-related) tool?
    By pete in forum General Chat
    Replies: 60
    Last Post: 18th September 2009, 11:45 PM
  4. Virus Warning!?
    By PRicho in forum Windows
    Replies: 2
    Last Post: 2nd March 2009, 08:10 PM
  5. Doom as a tool for system administration
    By pete in forum Jokes/Interweb Things
    Replies: 4
    Last Post: 17th November 2006, 10:32 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •