Message boards :
Number crunching :
Virus alert! : avoid "System Tool Firewall Alert"
Message board moderation
Author | Message |
---|---|
Dirk Villarreal Wittich Send message Joined: 25 Apr 00 Posts: 2098 Credit: 434,834 RAC: 0 |
Hi folks! Yesterday I got my PC infected with this kind of malware/virus named "System Tool Firewall Alert", which blocks the PC , even the BOINC-Manager stops working. It pops-up with some kind of alert, warning people of dangerous/potencial risk for your PC. DO NOT OPEN IT! I am trying to get a solution for this shortly, like a new and powerful antivirus program. Suggestions and expertise will be very much appreciated. Thank you very much. |
Mike Send message Joined: 17 Feb 01 Posts: 34258 Credit: 79,922,639 RAC: 80 |
Hi Dirk. I´m using Avast its free for personel use. You only have to register and can get updates every day automatically. I also use spybot and malwarebytes for trojans and spyware. With each crime and every kindness we birth our future. |
Bob Giel Send message Joined: 11 Jan 04 Posts: 76 Credit: 5,419,128 RAC: 0 |
I use a product called "Ad-Aware". It's saved by butt on several occasions and it's free http://www.lavasoft.com. If that doesn't work, try "AVG Anti-virus", which is also free http://www.avg.com. |
MusicGod Send message Joined: 7 Dec 02 Posts: 97 Credit: 24,782,870 RAC: 0 |
I got this a couple of months back and nothing I did helped me. I finally had to buy a new HD and new windows, along with all of the software I had on the PC. My backups didn`t work so had to start from scratch. I kept the old hd and at some point will try again....the whole thing cost me over 1,000 dollars. |
-BeNt- Send message Joined: 17 Oct 99 Posts: 1234 Credit: 10,116,112 RAC: 0 |
Boot up the computer. Once it starts hit control + alt + del. End any tasks you don't recognize. Then startup explorer manually and run the virus scans you need to. This is an old common virus you get from malicious websites. Pretty much everything including Microsoft Security Essentials blocks it. I suggest Security essentials for free solutions and Nod32 for payware. Good luck! And if you get a Virus Musicgod and have no other choices just format the drive and reinstall everything. You don't need to buy a new hard drive and windows etc?!!! Traveling through space at ~67,000mph! |
MusicGod Send message Joined: 7 Dec 02 Posts: 97 Credit: 24,782,870 RAC: 0 |
I bought a new hard drive because I wanted to keep the old one and work around with it. It would`ve been just as expensive to keep the old one since the new hard drive was cheap enough. It was the software that was on it that was expensive.....I do a lot of recording and had lots of midi and audio software. |
KB7RZF Send message Joined: 15 Aug 99 Posts: 9549 Credit: 3,308,926 RAC: 2 |
I believe this was the same thing on my desktop computer. Same symptoms. I searched and searched, and I could not find anything to help cure it. So I just re-formatted and did a fresh install. I hope your able to sort it out DVW. |
SciManStev Send message Joined: 20 Jun 99 Posts: 6653 Credit: 121,090,076 RAC: 0 |
There is a lot of malware that is being disguised as security software. This has been written up in the PC Pitstop newsletter. I had to remove an infection several months ago on my coworkers daughter's computer that said Personel Antivirus. Some of them trick you into spending money for a non existant product, and others cause out right harm. Do the research up front, and go to the manufacturer website for any new security software. One thing I have found, is that modern virus's pack unpleasant payloads. Even if the malware is removed, the registry damage it caused is not. Every time I fix a machine with a virus, I am looking at a drive wipe. Steve Warning, addicted to SETI crunching! Crunching as a member of GPU Users Group. GPUUG Website |
soft^spirit Send message Joined: 18 May 99 Posts: 6497 Credit: 34,134,168 RAC: 0 |
If you see any virus warning that is not obviously your anti-virus, it is invariably coming from the web page you are on. Unfortunately the browsers seem to allow enough lattitude that a malware page can lock up the browser until you respond. This leaves you to two options.. either accept it and hope your anti-virus picks it up(mine did on one occasion.. after even a complete reboot failed to clear it) or(prefered) 3 finger salute it away. Go to task manager and kill it. Either way.. be sure to report that site. Janice |
Cruncher-American Send message Joined: 25 Mar 02 Posts: 1513 Credit: 370,893,186 RAC: 340 |
I think this is one I had gotten a couple of times in the past on one particular Vista machine (not used as a cruncher here). The cure was simple - do a system restore from a Restore Point that was taken some days before the pop-ups started to show up. I definitely did NOT need an AV to purge it. As I recall, I had to boot into Safe Mode to do this. Good luck! |
W5DMG - Dave Send message Joined: 19 May 99 Posts: 155 Credit: 33,162,251 RAC: 0 |
There is a lot of malware that is being disguised as security software. This has been written up in the PC Pitstop newsletter. I had to remove an infection several months ago on my coworkers daughter's computer that said Personel Antivirus. Some of them trick you into spending money for a non existant product, and others cause out right harm. Do the research up front, and go to the manufacturer website for any new security software. One thing I have found, is that modern virus's pack unpleasant payloads. Even if the malware is removed, the registry damage it caused is not. Every time I fix a machine with a virus, I am looking at a drive wipe. Yeah I have had to remove the fake antivirus from 3 friends computers this past year, all 3 had the same fake A/V. I solved it by removing the infected drive from the pc, and connecting it to my pc via usb and scanning it. |
edwartr Send message Joined: 2 May 00 Posts: 31 Credit: 79,402,615 RAC: 14 |
Yep, I clean these types of viruses from my clients all the time. Boot your system into Safe Mode and then run Malwarebytes Anti-malware (free version). Run the quick scan and let it find a bunch of stuff. It will ask to reboot, let it and then run a full scan to clean up left behind stuff. For free anti-virus, Microsoft's free Security Essentials is actually very good. I would install it and run a full-scan as a lot of these fake security viruses also install a root-kit. Security Essentials usually finds it. Though I have had systems that I have had to run superantispyware on and even either fsecure's or Sophos's root-kit detector. Make sure you get your free anti-virus/anti-malware software from a truly clean site. Some examples: http://www.malwarebytes.org http://www.microsoft.com/security_essentials I would download them on a clean system and install to a thumb drive. You can install Malwarebytes on a system in safe mode. Be sure to scan the thumb drive before using again on another system as some of these things can/will infect them too. Also, check your network settings in IE, etc. and see that most set your system to use custom proxy servers. The cleanup tools will generally take out the apps they use but you still won't be able to get on the internet until you wipe out the proxy settings. It won't say auto-detect proxy settings, it will be checked to use a proxy server and it will have information/ip addresses in the proxy server box. Be very careful about what you click on when surfing - especially pop-ups that say stuff like you might be infected, etc. But know that there is stuff out there that if your settings aren't locked down totally and/or you don't have decent anti-virus, just going to the page will get you infected. One of the reasons I use Firefox with no-script. I gotta fever and the only prescription is more cowbell. |
ML1 Send message Joined: 25 Nov 01 Posts: 20334 Credit: 7,508,002 RAC: 20 |
If you see any virus warning that is not obviously your anti-virus, it is invariably coming from the web page you are on. Unfortunately the browsers seem to allow enough lattitude that a malware page can lock up the browser until you respond. ... I occasionally see such 'Microsoft virus warnings' for this system... Even though I'm NOT running anything Microsoft!... I don't see the browser 'lockups' though. Obviously, the virus or firewall 'warnings' are just a blind scam. I'm not running a firewall either (there's no services open to be exploited)... You can use the NoScript and Flashblock with Firefox. That blocks all the scripting on web pages including many web pages from dubious scripting, but you also get a lot of innocent websites restricted until you do multiple clicks to allow them. Also look at "the "BetterPrivacy" add-on to clean up DOMs left lingering from flash sites... The only real fix to all the malware silliness attacking web browsers is for web browsers to be only web browsers that only display web content, interact with the browser window area, and nothing more... But... Keep searchin', Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
soft^spirit Send message Joined: 18 May 99 Posts: 6497 Credit: 34,134,168 RAC: 0 |
I would take it one step further. Only from THAT website. no redirects, nothing 3rd party. Communicate with who you communicate with. Of course enforcing that right now would pretty much disable browsing completely. I firewall blocked doubleclick one time, and crashed about half the websites I visit. also blocked ads.*.com. crashed most of the other half. Janice |
Dirk Villarreal Wittich Send message Joined: 25 Apr 00 Posts: 2098 Credit: 434,834 RAC: 0 |
Thank you folks for your information. My PC is working fine again, at least that´s what I believe. |
Cruncher-American Send message Joined: 25 Mar 02 Posts: 1513 Credit: 370,893,186 RAC: 340 |
Thank you folks for your information. To make sure, do a system restore from a restore point you took from BEFORE you had this start happening. (If you have Vista/W7, I believe - unless you turned it off - that it takes a system backup every day by default, so you can go back and restore from before you had the problem. I had the same thing (more than once, unfortunately), and that's what worked for me. (If you don't know what I am talking about, use Help from the Start menu and search for "System Restore Point"). |
-BeNt- Send message Joined: 17 Oct 99 Posts: 1234 Credit: 10,116,112 RAC: 0 |
I would take it one step further. Only from THAT website. no redirects, nothing 3rd party. Communicate with who you communicate with. *cough*adblock*cough*Google Chrome*cough* man I got this weird thing going on. Traveling through space at ~67,000mph! |
andybutt Send message Joined: 18 Mar 03 Posts: 262 Credit: 164,205,187 RAC: 516 |
Very informative and helpfull comment |
-BeNt- Send message Joined: 17 Oct 99 Posts: 1234 Credit: 10,116,112 RAC: 0 |
Very informative and helpfull comment Just as yours was! I was commenting on blocking out people you don't want to communicate with. Get a sense of humor dude, not everything has to be 110% strict here. Traveling through space at ~67,000mph! |
ML1 Send message Joined: 25 Nov 01 Posts: 20334 Credit: 7,508,002 RAC: 20 |
... crashed most of the other half. Still surprised this is going on. Surprising this thread is still lingering. I've had the same malware claim whatever silliness for my system claiming whatever Windows 'infections'... And yet I'm running Linux! No viruses here :-) So I guess, no. I don't want whatever website to supposedly check my Linux system for Windows viruses. All rather a silly waste of time! (You would have thought that the Windows malware writers would at least check first what type of system they are trying to attack! How dumb can they get?!) Keep searchin', Martin ps: More seriously: Firefox with "BetterPrivacy", "Flashblock", and "NoScript" goes a long way to stop some of the web excesses, malware or not! See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.