Sunday, December 12, 2010

System Tool 2011 Rogue Antivirus Program

I don't usually go off-topic here, but this is information worth sharing just in case any of you should encounter this misfortune. I found that the sites that shared information gave the wrong directions on what to do. Not only that, but they each had an agenda and tended to suggest buying a program that was not free.

A secondary computer got a virus called System Tool 2011 yesterday. It took me most of the day to get rid of it! This is only the second time I have ever had a computer taken over by a virus, but this one was far harder to remove. The program blocked access to the legitimate antivirus program, my internet browsers, and the task manager; additionally, the add/remove programs list did not work properly. This one was vicious. It disabled every single way that someone could get rid of it.

System Tool 2011 is a rogue program that looks like it is an antivirus program. It has a warning message that says that the computer is infected with 38 viruses. The point is to force people to click on a link and enter their credit card information. Then, the people who are responsible for the program can make a bunch of charges.

I knew that the program was not legit since the message was highly emotional and spelled "your" as "your're." Whenever words are misspelled, it is a scam.

I was only able to figure out what to do because I had another computer upon which I could run searches and get information about the virus. I went through several hours of following directions that did not work for me.

Some sites suggest removing it manually in safe mode. This does not work because the program does not run in safe mode. It has to be removed in regular Windows mode, and unfortunately, the rogue program disables everything right after Windows opens.

The only option is to restart windows and click CTRL + ALT + DEL as soon as Windows opens. The task manager will open before the program disables it. You only have a few seconds to act, and it is definitely like playing a timed game. You have to look for "oHaKo00902" to appear as a process, right click, and disable. I had to restart around five times before I disabled it before it closed the task manager. The only reason I finally succeeded is because I clicked on the sort at the top of the task manager to sort alphabetically so I could stare where the letter "O" would appear in the list.

I then had to download a new free antivirus because mine was not working due to the virus. With the new program, I was able to complete a scan of the computer and remove the files. When I restarted the computer, the virus was gone, and my regular antivirus was finally working again.

2 comments:

Troy said...

This is really good information to have, Jennifer. I had a similar virus a while ago and had to take the computer back to the factory settings. Fortunately, I had backed up all of my important files. It is just amazing to me that there are people out there who like to cause harm like this to others.

Logansport Library Children's Department said...

If you can turn your computer off before clicking anything, sometimes you can keep it from taking hold.