Latest Virus: Security Tool

It appears these cheese weasels locate on Italian and Italian restaurant websites, since that seems to be when it happened. Although I understand it can squat for 90 days then release. It hijacks your desktop and task manager. It's ransomware. It's on one of my work PCs that runs Windows 2000.

Smitfruad doesn't get it.
I tried deleting it from the My Documents authorized user window. The files deleted ok but must be hiding somewhere else as well.

Malwarebites finds it and deletes it but it returns.

any fixes for this thing yet, gurus?

reboot in Safe Mode with Networking, run Malwarebytes.

But I am also infected with this same thing, I believe, seeing as I visited the same cooking sites, I bet.

How do you "Turn OFF System Restore"? It's Windows XP office version that I use. Thanks in advance.

I will try that, along with downloading and running Malwarebytes.

Yikes - I hate this crap!

Go to the System Restore tab, uncheck and click OK you want to turn it off. Then run Malwarebytes and disinfect. Reboot the system back to normal and scan again with Malwarebytes and your Antivirus.

If everything checks clean, then turn System Restore back on.

One of the problems with Windows is that System Restore will put the infection back in on bootup if it isn't wiped beforehand.

?

and the virus returns, 2 things should be done. 1 has already been mentioned, turn off system restore. 2 never ever hope that an infected computer can be cleaned in Normal or safe mode. Ge an AV software that does boot mode scans. Avast does it, and several others.

Disconnect the network from the computer first.
These things can hijack your home page and make them look like the real thing.
If you have google for instance, make sure it is set to www.google.com Anything after the .com is asking for trouble.
If you have some odd ball home page, check EACH character to make sure it is correct.

I ran it in secure mode, and I downloaded a killprocesss program to shut Security Tool off. I ran it twice. It said that there was nothing wrong.

I tried finding the host folder because it must be hiding there; it won't allow that. It says the file is missing. Fuck. Good thing I have other machines.

unless safe mode is the only way you can get into your system. MWB is designed to run in normal mode as safe mode can prevent some malware from loading.

It's good also. Maybe it will find whatever infection you have. Best to ya! I'm just in the same boat as you.

http://www.lavasoft.com/products/ad_aware_free.php

so far, nothing works. All the suggestions here have not removed this but there's several solutions floating around out there.

One problem is running Windows 2000 Pro. Many of the solutions aren't designed for this. If I replace it with XP will the infection remain?

If I were you I would go to one of the online free help sites and let them guide you through ridding this thing from your computer.

I just had them help me get a really nasty trojan off mine and now my PC is back to normal.

Some trusted ones:



http://forums.techguy.org/54-malware-removal-hijackthis-logs/

http://www.geekstogo.com/forum/Virus-Spyware-Trojan-Removal-f37.html

this is happening to me and I am SO ignorant of technical situations. I am now scanning with malwarebytes after turning off restore. Have run adaware, avg, and malwarebytes earlier. I don't have a clue. All help will be appreciated!

Accessed the links at the bottom of this thread but I have no idea how to form the question.

yeah, I know that feeling! It's awful. Did you get help at one of those forums?

I finally just wiped the damn computer and installed XP. Much of the problem was the OS was Win2000 and there's not much antivirus support. Now, I'm running Microsoft Security Essentials. Best AV I've used . And I've had them all, Kapersky, Norton, Webroot, you name it. The Borg triumphs again.

Long story short, it detected and quarantined an infection on my computer called Trojan.Smitfraud.Variant/IE Anti-Spyware. Microsoft Security Essentials, Spybot Search & Destroy, & Malwarebytes all failed to detect it. SmitFraud is now being used to term infections wherein users receive fake alerts from software luring the user into installing some affiliated fake/rogue anti-spyware with or without user's knowledge.

http://en.wikipedia.org/wiki/SmitFraud

Like I said this is the short story. I kept notes, so I can give you the long version if you want it. There's a lot of this going around. If you witness an attack, physically disable your internet connection. For the time being I have blocked all internet connections in Windows Firewall.