Virus alert! : avoid "System Tool Firewall Alert"

Message boards : Number crunching : Virus alert! : avoid "System Tool Firewall Alert"
Message board moderation

To post messages, you must log in.

1 · 2 · 3 · 4 · Next

AuthorMessage
Profile Dirk Villarreal Wittich
Avatar

Send message
Joined: 25 Apr 00
Posts: 2098
Credit: 434,834
RAC: 0
Holy See (Vatican City)
Message 1059765 - Posted: 26 Dec 2010, 8:45:49 UTC

Hi folks!
Yesterday I got my PC infected with this kind of malware/virus named "System Tool Firewall Alert", which blocks the PC , even the BOINC-Manager stops working. It pops-up with some kind of alert, warning people of dangerous/potencial risk for your PC.
DO NOT OPEN IT!
I am trying to get a solution for this shortly, like a new and powerful antivirus program.
Suggestions and expertise will be very much appreciated. Thank you very much.

ID: 1059765 · Report as offensive
Profile Mike Special Project $75 donor
Volunteer tester
Avatar

Send message
Joined: 17 Feb 01
Posts: 34253
Credit: 79,922,639
RAC: 80
Germany
Message 1059767 - Posted: 26 Dec 2010, 8:59:54 UTC


Hi Dirk.

I´m using Avast its free for personel use.
You only have to register and can get updates every day automatically.
I also use spybot and malwarebytes for trojans and spyware.




With each crime and every kindness we birth our future.
ID: 1059767 · Report as offensive
Bob Giel
Volunteer tester

Send message
Joined: 11 Jan 04
Posts: 76
Credit: 5,419,128
RAC: 0
United States
Message 1059775 - Posted: 26 Dec 2010, 9:24:12 UTC - in response to Message 1059765.  
Last modified: 26 Dec 2010, 9:33:08 UTC

I use a product called "Ad-Aware". It's saved by butt on several occasions and it's free http://www.lavasoft.com. If that doesn't work, try "AVG Anti-virus", which is also free http://www.avg.com.
ID: 1059775 · Report as offensive
Profile MusicGod
Avatar

Send message
Joined: 7 Dec 02
Posts: 97
Credit: 24,782,870
RAC: 0
United States
Message 1059776 - Posted: 26 Dec 2010, 9:37:53 UTC

I got this a couple of months back and nothing I did helped me. I finally had to buy a new HD and new windows, along with all of the software I had on the PC. My backups didn`t work so had to start from scratch. I kept the old hd and at some point will try again....the whole thing cost me over 1,000 dollars.
ID: 1059776 · Report as offensive
-BeNt-
Avatar

Send message
Joined: 17 Oct 99
Posts: 1234
Credit: 10,116,112
RAC: 0
United States
Message 1059777 - Posted: 26 Dec 2010, 9:46:56 UTC

Boot up the computer. Once it starts hit control + alt + del. End any tasks you don't recognize. Then startup explorer manually and run the virus scans you need to. This is an old common virus you get from malicious websites. Pretty much everything including Microsoft Security Essentials blocks it. I suggest Security essentials for free solutions and Nod32 for payware. Good luck!

And if you get a Virus Musicgod and have no other choices just format the drive and reinstall everything. You don't need to buy a new hard drive and windows etc?!!!
Traveling through space at ~67,000mph!
ID: 1059777 · Report as offensive
Profile MusicGod
Avatar

Send message
Joined: 7 Dec 02
Posts: 97
Credit: 24,782,870
RAC: 0
United States
Message 1059837 - Posted: 26 Dec 2010, 15:39:22 UTC

I bought a new hard drive because I wanted to keep the old one and work around with it. It would`ve been just as expensive to keep the old one since the new hard drive was cheap enough. It was the software that was on it that was expensive.....I do a lot of recording and had lots of midi and audio software.
ID: 1059837 · Report as offensive
KB7RZF
Volunteer tester
Avatar

Send message
Joined: 15 Aug 99
Posts: 9549
Credit: 3,308,926
RAC: 2
United States
Message 1059893 - Posted: 26 Dec 2010, 18:36:26 UTC

I believe this was the same thing on my desktop computer. Same symptoms. I searched and searched, and I could not find anything to help cure it. So I just re-formatted and did a fresh install. I hope your able to sort it out DVW.
ID: 1059893 · Report as offensive
Profile SciManStev Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 20 Jun 99
Posts: 6651
Credit: 121,090,076
RAC: 0
United States
Message 1059909 - Posted: 26 Dec 2010, 19:52:43 UTC

There is a lot of malware that is being disguised as security software. This has been written up in the PC Pitstop newsletter. I had to remove an infection several months ago on my coworkers daughter's computer that said Personel Antivirus. Some of them trick you into spending money for a non existant product, and others cause out right harm. Do the research up front, and go to the manufacturer website for any new security software. One thing I have found, is that modern virus's pack unpleasant payloads. Even if the malware is removed, the registry damage it caused is not. Every time I fix a machine with a virus, I am looking at a drive wipe.

Steve
Warning, addicted to SETI crunching!
Crunching as a member of GPU Users Group.
GPUUG Website
ID: 1059909 · Report as offensive
Profile soft^spirit
Avatar

Send message
Joined: 18 May 99
Posts: 6497
Credit: 34,134,168
RAC: 0
United States
Message 1059918 - Posted: 26 Dec 2010, 20:01:52 UTC - in response to Message 1059909.  

If you see any virus warning that is not obviously your anti-virus, it is invariably coming from the web page you are on. Unfortunately the browsers seem to allow enough lattitude that a malware page can lock up the browser until you respond. This leaves you to two options.. either accept it and hope your anti-virus picks it up(mine did on one occasion.. after even a complete reboot failed to clear it) or(prefered) 3 finger salute it away. Go to task manager and kill it. Either way.. be sure to report that site.
Janice
ID: 1059918 · Report as offensive
Cruncher-American Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor

Send message
Joined: 25 Mar 02
Posts: 1513
Credit: 370,893,186
RAC: 340
United States
Message 1059919 - Posted: 26 Dec 2010, 20:03:16 UTC

I think this is one I had gotten a couple of times in the past on one particular Vista machine (not used as a cruncher here).

The cure was simple - do a system restore from a Restore Point that was taken some days before the pop-ups started to show up. I definitely did NOT need an AV to purge it.

As I recall, I had to boot into Safe Mode to do this.
Good luck!


ID: 1059919 · Report as offensive
W5DMG - Dave

Send message
Joined: 19 May 99
Posts: 155
Credit: 33,162,251
RAC: 0
United States
Message 1059960 - Posted: 26 Dec 2010, 21:40:50 UTC - in response to Message 1059909.  

There is a lot of malware that is being disguised as security software. This has been written up in the PC Pitstop newsletter. I had to remove an infection several months ago on my coworkers daughter's computer that said Personel Antivirus. Some of them trick you into spending money for a non existant product, and others cause out right harm. Do the research up front, and go to the manufacturer website for any new security software. One thing I have found, is that modern virus's pack unpleasant payloads. Even if the malware is removed, the registry damage it caused is not. Every time I fix a machine with a virus, I am looking at a drive wipe.

Steve


Yeah I have had to remove the fake antivirus from 3 friends computers this past year, all 3 had the same fake A/V.
I solved it by removing the infected drive from the pc, and connecting it to my pc via usb and scanning it.
ID: 1059960 · Report as offensive
edwartr
Avatar

Send message
Joined: 2 May 00
Posts: 31
Credit: 79,402,615
RAC: 14
United States
Message 1059972 - Posted: 26 Dec 2010, 22:21:45 UTC

Yep, I clean these types of viruses from my clients all the time.

Boot your system into Safe Mode and then run Malwarebytes Anti-malware (free version). Run the quick scan and let it find a bunch of stuff. It will ask to reboot, let it and then run a full scan to clean up left behind stuff. For free anti-virus, Microsoft's free Security Essentials is actually very good. I would install it and run a full-scan as a lot of these fake security viruses also install a root-kit. Security Essentials usually finds it. Though I have had systems that I have had to run superantispyware on and even either fsecure's or Sophos's root-kit detector.

Make sure you get your free anti-virus/anti-malware software from a truly clean site. Some examples:

http://www.malwarebytes.org
http://www.microsoft.com/security_essentials

I would download them on a clean system and install to a thumb drive. You can install Malwarebytes on a system in safe mode. Be sure to scan the thumb drive before using again on another system as some of these things can/will infect them too.

Also, check your network settings in IE, etc. and see that most set your system to use custom proxy servers. The cleanup tools will generally take out the apps they use but you still won't be able to get on the internet until you wipe out the proxy settings. It won't say auto-detect proxy settings, it will be checked to use a proxy server and it will have information/ip addresses in the proxy server box.

Be very careful about what you click on when surfing - especially pop-ups that say stuff like you might be infected, etc. But know that there is stuff out there that if your settings aren't locked down totally and/or you don't have decent anti-virus, just going to the page will get you infected. One of the reasons I use Firefox with no-script.
I gotta fever and the only prescription is more cowbell.
ID: 1059972 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20147
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1060069 - Posted: 27 Dec 2010, 1:20:25 UTC - in response to Message 1059918.  
Last modified: 27 Dec 2010, 1:22:39 UTC

If you see any virus warning that is not obviously your anti-virus, it is invariably coming from the web page you are on. Unfortunately the browsers seem to allow enough lattitude that a malware page can lock up the browser until you respond. ...


I occasionally see such 'Microsoft virus warnings' for this system... Even though I'm NOT running anything Microsoft!... I don't see the browser 'lockups' though.

Obviously, the virus or firewall 'warnings' are just a blind scam. I'm not running a firewall either (there's no services open to be exploited)...


You can use the NoScript and Flashblock with Firefox. That blocks all the scripting on web pages including many web pages from dubious scripting, but you also get a lot of innocent websites restricted until you do multiple clicks to allow them. Also look at "the "BetterPrivacy" add-on to clean up DOMs left lingering from flash sites...


The only real fix to all the malware silliness attacking web browsers is for web browsers to be only web browsers that only display web content, interact with the browser window area, and nothing more...

But...


Keep searchin',
Martin
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1060069 · Report as offensive
Profile soft^spirit
Avatar

Send message
Joined: 18 May 99
Posts: 6497
Credit: 34,134,168
RAC: 0
United States
Message 1060086 - Posted: 27 Dec 2010, 1:57:40 UTC - in response to Message 1060069.  

I would take it one step further. Only from THAT website. no redirects, nothing 3rd party. Communicate with who you communicate with.

Of course enforcing that right now would pretty much disable browsing completely. I firewall blocked doubleclick one time, and crashed about half the websites I visit. also blocked ads.*.com. crashed most of the other half.
Janice
ID: 1060086 · Report as offensive
Profile Dirk Villarreal Wittich
Avatar

Send message
Joined: 25 Apr 00
Posts: 2098
Credit: 434,834
RAC: 0
Holy See (Vatican City)
Message 1066547 - Posted: 14 Jan 2011, 15:15:34 UTC

Thank you folks for your information.
My PC is working fine again, at least that´s what I believe.

ID: 1066547 · Report as offensive
Cruncher-American Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor

Send message
Joined: 25 Mar 02
Posts: 1513
Credit: 370,893,186
RAC: 340
United States
Message 1066551 - Posted: 14 Jan 2011, 15:34:51 UTC - in response to Message 1066547.  

Thank you folks for your information.
My PC is working fine again, at least that´s what I believe.


To make sure, do a system restore from a restore point you took from BEFORE you had this start happening. (If you have Vista/W7, I believe - unless you turned it off - that it takes a system backup every day by default, so you can go back and restore from before you had the problem.

I had the same thing (more than once, unfortunately), and that's what worked for me. (If you don't know what I am talking about, use Help from the Start menu and search for "System Restore Point").
ID: 1066551 · Report as offensive
-BeNt-
Avatar

Send message
Joined: 17 Oct 99
Posts: 1234
Credit: 10,116,112
RAC: 0
United States
Message 1066639 - Posted: 14 Jan 2011, 18:44:47 UTC - in response to Message 1060086.  

I would take it one step further. Only from THAT website. no redirects, nothing 3rd party. Communicate with who you communicate with.

Of course enforcing that right now would pretty much disable browsing completely. I firewall blocked doubleclick one time, and crashed about half the websites I visit. also blocked ads.*.com. crashed most of the other half.


*cough*adblock*cough*Google Chrome*cough* man I got this weird thing going on.
Traveling through space at ~67,000mph!
ID: 1066639 · Report as offensive
andybutt
Volunteer tester
Avatar

Send message
Joined: 18 Mar 03
Posts: 262
Credit: 164,205,187
RAC: 516
United Kingdom
Message 1066670 - Posted: 14 Jan 2011, 19:56:01 UTC - in response to Message 1066639.  

Very informative and helpfull comment
ID: 1066670 · Report as offensive
-BeNt-
Avatar

Send message
Joined: 17 Oct 99
Posts: 1234
Credit: 10,116,112
RAC: 0
United States
Message 1066690 - Posted: 14 Jan 2011, 21:04:26 UTC - in response to Message 1066670.  

Very informative and helpfull comment


Just as yours was! I was commenting on blocking out people you don't want to communicate with. Get a sense of humor dude, not everything has to be 110% strict here.
Traveling through space at ~67,000mph!
ID: 1066690 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20147
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1066753 - Posted: 14 Jan 2011, 23:51:33 UTC - in response to Message 1066639.  
Last modified: 14 Jan 2011, 23:53:40 UTC

... crashed most of the other half.


*cough*adblock*cough*Google Chrome*cough* man I got this weird thing going on.


Still surprised this is going on. Surprising this thread is still lingering.


I've had the same malware claim whatever silliness for my system claiming whatever Windows 'infections'...

And yet I'm running Linux!


No viruses here :-)

So I guess, no. I don't want whatever website to supposedly check my Linux system for Windows viruses. All rather a silly waste of time!

(You would have thought that the Windows malware writers would at least check first what type of system they are trying to attack! How dumb can they get?!)


Keep searchin',
Martin


ps: More seriously:

Firefox with "BetterPrivacy", "Flashblock", and "NoScript" goes a long way to stop some of the web excesses, malware or not!
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1066753 · Report as offensive
1 · 2 · 3 · 4 · Next

Message boards : Number crunching : Virus alert! : avoid "System Tool Firewall Alert"


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.