Skip to main content

How to remove System Tool a fake security antivirus?

Image
By [email protected] and Support @ Whaddya.com
Everything is working OK with your computer and all of sudden you are prompted with a windows alert that you are infected, showing a fake scan to scare you. First thing you need to do, DO NOT order anything from the website. Take a deep breath and follow the procedure here to fix it.

It is easy to fix this problem, this is just another misleading (rouge) anti-spyware program.
  • You need a tool to remove this program. Actually, you can use registry editor to delete but it is not advisable if you are not familiar on how to use. I suggest that you download one file from Trend Micro website. Here's the link: http://free.antivirus.com/hijackthis/. Download the executable (not the installer) so you can run this tool right away. You need to use a working computer to download the program and save to a USB drive. Then copy the executable program to the infected computer. For example, copy the executable program (HijackThis.exe) to your c:\temp folder. If you don't have a temp, create the folder.
  • Restart your computer. After the BIOS message, click F8 function key to boot in Safe Mode.
  • Login to your workstation, go to the c:\temp folder and double click HijackThis.exe file. In open file - Security Warning, click Run to continue.
  • Click "Do a system scan and save a log file."
  • You will see the Trend Micro HijackThis report from R1, R0, 01, 04, etc.
  • You need to find the System Tool random executable file, should be something like this: O4 – HKCU\..\RunOnce: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe
  • Put a check, then click Fix checked. This program will clean your computer.
  • Restart the computer.
Trend Micro Internet Security Pro 3.0Now you removed the System Tool (fake anti-virus tool), it's time for you to run a full scan of your computer. If you don't have a anti-virus program install, check the Microsoft Security Essential. This is free to all Windows operating system version except for Windows Server.

If you need additional assistance, please leave us a comment or visit Whaddya.com to post your question.

References and Tools:

Labels:

Comments

Post a Comment

Popular posts from this blog

Alternative Social Networks

By [email protected] and EM @QUE.com
If you are planning to create your  social network  e.g. similar to Facebook. Here's a short list of alternative software's: Open Source and Free​ http://buddypress.org/  - Wordpress (Open Source and Free) http://elgg.org/  - (Open Source and Free) Commercial Social Networks software http://www.socialengine.com/  ($299 Stand Alone, $29/mo Cloud) http://www.jomsocial.com/  (run with Joomla, need to know CMS) http://www.boonex.com/  (very expensive, $399 for Standard) http://www.anahitapolis.com/ http://www.oxwall.org/ http://sharetronix.com/ http://www.moosocial.com/ http://www.jcow.net/ http://phpdolphin.com http://www.grou.ps  (from free to Commercial, I left my networks and they are selling it  http://www.phpfox.com/  (I used this before, it's hard to maintain. I moved to NING but left too after it was sold to another company) http://www.ning.com  (I don't recommend using this service, it's hard to export your data when it's time to move) S
3 comments
Whaddya know more?

Learning Vulnerability Scanning by KING.NET

By [email protected] and EM @QUE.com
Learning Vulnerability Scanning is fun and easy. So I hope you enjoy reading this short how to guide on how to use vulnerability scanning to secure your servers and networks. NMAP is the swiss tool that you need to learn if you're serious in Cyber Security profession. The NMAP tool can be use with NSE scripting (Nmap Scripting Engine) to automate your tasks. For example using NSE Script using a  single vulnerability (cold fusion)  to scan our test lab machine. root@kali:~# nmap -v -p 80  --script http-vuln-cve2010-2861  10.11.1.220 Starting Nmap 6.47 ( http://nmap.org ) at 2016-07-22 17:34 EDT NSE: Loaded 1 scripts for scanning. NSE: Script Pre-scanning. Initiating ARP Ping Scan at 17:34 Scanning 10.11.1.220 [1 port] Completed ARP Ping Scan at 17:34, 0.04s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 17:34 Completed Parallel DNS resolution of 1 host. at 17:35, 13.01s elapsed Initiating SYN Stealth Scan at 17:35 Scanning 10.11.1.220 [1 port] Comp
Post a Comment
Whaddya know more?