My brother Lap Top is infected with the System Tools 2011 Malware program. He is running Windows 7 Ultimate.

I searched around on my computer to figure out how to get rid of this. It says boot in safe mode networking. And to run Rkill.exe which we didnt have but I some how managed to get that installed on his computer. I ran the Rkill and it didnt find anything, then if you start systems tool then it wont allow you to run the rkill.exe.

If Systems Tool is running you need to reboot into safe mode for it to allow you to do anything. I did and ran the malwarebytes thinking maybe it will find it. No such luck.

I tried to install hijackthis but I cant get that installed. System Tools says it is infected in normal mode and then in safe mode you cant install anything(duh).

One thing I thought of is, is there somewhere in the Registry that I can delete this? I have looked but I dont know what or where to look for this to start with. I can get to Registry Editor in safe mode, not in normal(again it says its infected).

If I cant do the registry editor way what else do I have to get this out of the computer? I worked on someone elses last week with this too and I ended up doing a System Recovery but really dont want to do that here since my brother does use it for College.

I then read this post here. I am to slow to get into task manager, have tried it multiple times but I am to slow. Anyone have any suggestions or where to go from here?

EDIT: I can get task manager open but cant find what task I need to end before system tool opens up and closes task manager.

What the heck??? Someone responded, I leave for five minutes now that reply is gone???

Hello, and welcome to The Ultimate Geek TaskForce!

Please note the following information about the malware forum:

• Only Trained Advisors, Moderators and Administrators are allowed to give advice on removing malware from your computer.
  
• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  
• If you have already asked for help somewhere, please post the link to the topic you were helped.
  
• We try our best to reply quickly, but for any reason we do not reply in two days, do this:
  
  Reply to this topic with the word BUMP.
  
  
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

---

Download the OTLPE Standard REATOGO Windows Recovery Environment.

• Place a blank CD-R disc in to your CD burning drive.
• Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
• Reboot your system using the boot CD you just created.
  
  Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
  
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  • Change Drivers to Non-Microsoft
    
  • Press Run Scan to start the scan.
    
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    
  • Copy this file to your USB drive if you do not have internet connection on this system
    
  • Please post the contents of the OTL.txt file in your reply.

http://www.computerforum.com/188281-need-suggestions-how-remove-system-tools-2011-a.html

There is the one other place I posted.

Thanks for your help I will do it tomorrow, I am done working on this computer for tonight.

Tell your other helper on the other forum you are getting help here. Don't bother getting help on that topic, especially when it appears the helper is in distrust with a mod or whoever that was.

As soon as you can get the ball rolling on the OTLPE, we can disinfect the system.

DragonMaster Jay wrote:Tell your other helper on the other forum you are getting help here. Don't bother getting help on that topic, especially when it appears the helper is in distrust with a mod or whoever that was.

As soon as you can get the ball rolling on the OTLPE, we can disinfect the system.

Im not looking at forum any more for this issue. They obviously cant tell that I already tried everything they suggested. Ill take your advice as soon as I get home. But I have another paying customers computer to look at tonight too so Im not sure if Ill be able to post the results before late tonight.

When I run OTLPE I see this screen:


I choose C: and then I get this:


Is there something else I should be doing? I was never asked the questions you said in your post.

Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore.

• Download The Avira AntiVir Rescue System from Antivir.de.
  
• Just double-click on the rescue system package to burn it to a CD/DVD.
  
• Then please use that CD/DVD with Avira Rescue System to boot your computer.

You'll get a boot option to either boot from hard drive or AntiVir Rescue System.


Press the number 2 on your keyboard to boot into AntiVir Rescue System.

Please wait until drivers are loaded and Main menu shows. Then please select the second option “Scan your system with AntiVir” and hit Enter.


Under Configuration, please select Scan all files, Try to repair infected files and Rename files if they cannot be removed?.


Then please start the scan.

The Avira AntiVir Rescue System wil now

• repair a damaged system,
  
• rescue data,
  
• scan the system for virus infections.

I fixed it by running Combofix in Safe Mode by what was suggested on the other forum and a bigger nerd than me at work. Thanks for your suggestions though.

Running ComboFix without the help of an expert is a big risk, and you are lucky your machine was not bricked.

Very well. Topic closed.