tag:blogger.com,1999:blog-1641410171038712287.post5777417375525115162..comments2023-05-25T07:32:45.455-07:00Comments on Rogue Antispyware: System Tool 2011Rogue Antispywarehttp://www.blogger.com/profile/06824519055198949802noreply@blogger.comBlogger97125tag:blogger.com,1999:blog-1641410171038712287.post-54801401448728040822011-03-14T15:30:42.718-07:002011-03-14T15:30:42.718-07:00My husband was on Facebook this AM, and his comput...My husband was on Facebook this AM, and his computer was infected with System Tool 2011. <br />I have Zone Alarm firewall installed, and it alerted us that an executable was trying to access the internet. I denied access, and noted the exe name (bDdGkOp06300.exe) <br /><br />The PC had the blue screen of death, before I could do anything, so on boot up I selected CNTRL-ALT-Delete, and when task manager started, I removed the application (bDdGkOp06300.exe)<br /><br />I then performed a file search and found this file name in the C:\Windows\Prefetch directory, where I deleted the file.<br />I also deleted the file directory and executable in C:\Document and Settings\All Users\Application Data\bDdGkOp06300\bDdGkOp06300.exe<br /><br />I also deleted all entries with this filename in the Registry using Regedit.<br /><br />I downloaded Ad Aware latest free version and installed it, since it has a program that runs in the system tray which hopefully will alert us to any new attempted infections.<br /><br />Thanks for the blog and the info on this devious plot to outwit PC users - Glad I own a Mac!Unknownhttps://www.blogger.com/profile/14076839197404822002noreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-50505452294740387882011-03-12T20:22:46.322-08:002011-03-12T20:22:46.322-08:00Carl you are probably tired of hearing this but yo...Carl you are probably tired of hearing this but you are a genius. i thought the worst when i started reading up on this virus. how it can take your personal information and could lead to a lot of bad stuff. i have so much on this computer from pictures to music and to think i almost had to do an entire system restore. thank you again for your help.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-20557505295562997682011-03-11T22:53:04.340-08:002011-03-11T22:53:04.340-08:00Well let me tell you the depths of how bad this vi...Well let me tell you the depths of how bad this virus is. First off I needed this repaired ASAP so I fell for the scam and purchased the program. I was alerted by Chase Bank security within three hours where I found out I fu-ked up! I closed my personal bank account ASAP and took the computer to a pro who fixed it...but there was still a good five day period I was using computer with virus. I then learned last week that hackers broke into my business account and attempted to steal thousands!!! I know it all happened from the wonderfuk country of Azerbaijan near Afghanistan. IF YOU GET THIS VIRUS YOU MUST UNPLUG YOUR INTERNET CONNECTION IMMEDIATELY UNTIL IT'S GONE! There is possibly a keylogger attached. SERIOUS RISK VIRUS!!!Unknownhttps://www.blogger.com/profile/17643130869786454211noreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-44625259729819888062011-03-10T20:51:33.830-08:002011-03-10T20:51:33.830-08:00Thanks Carl.
Viper ran for ages then the problem...Thanks Carl. <br /><br />Viper ran for ages then the problem was not resolved. Use Carl method but you still need to clean the program somehowSandmanhttps://www.blogger.com/profile/03338460489637844923noreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-61265524147148263152011-03-10T03:26:09.884-08:002011-03-10T03:26:09.884-08:00I just want to join those people thanking Carl for...I just want to join those people thanking Carl for his advice. This thing took hold of the most important pc in my wifes business, but following Carls directions, I managed to remove it using RegEdit. <br /><br />It's good to know that there are genuine people like Carl who offer there advice for free and don't try to sell you another anti-virus or software removal tool. Thanks Buddy!!<br /><br />Toni.... follow Carl's instructions carefully. RunOnce is the final folder you click on (after clicking on CurrentVersion)that will show you the entry/file that holds the infection. Remove/delete this file and reboot your pc.Chrishttps://www.blogger.com/profile/09921627646987794287noreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-32370915933784700612011-03-09T18:31:06.091-08:002011-03-09T18:31:06.091-08:00So in order for this to work do I have to always b...So in order for this to work do I have to always be in safe mode? I am in safe mode now and it works fine, but if I were to restart my computer System tools will still be there? How do I get rid of it permanently, or will I forever have to be in Safe Mode?2Real4Uhttps://www.blogger.com/profile/00499134496023259396noreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-44871097679345244702011-03-09T09:59:40.666-08:002011-03-09T09:59:40.666-08:00I got the "System Tool" virus/malware ye...I got the "System Tool" virus/malware yesterday. Tried the normal methods; complete scan with MS Security Essentials, Sytem Restore but could not get to that application in the Mormal Mode. Tried loading StopZilla but it wouldn't load. Called StopZilla, they recommended I take my PC to Best Buy and Geek Squad could probably fix it in a week or ... he could connect me to a tech for $129.95 and they could fix it in about 3 hours. Decided to try Safe Mode (striking F8 repeatedly on reboot) got to Safe Mode and was able to restore system to a point 6 days earlier. It has been about an hour and all seems OK.Unknownhttps://www.blogger.com/profile/12833768696316251281noreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-13567041693903773952011-03-08T15:17:03.225-08:002011-03-08T15:17:03.225-08:00got infected with system tool today, pain in the r...got infected with system tool today, pain in the rear, amused at the desktop warning though, system restore through safe mode sorted it, also got free avast protection,,,nice when its free. realised it was a scam it took me straight to the payment screen,,,yeah right,,,gotta get up earlier than that to catch me out.Unknownhttps://www.blogger.com/profile/17430039747030750459noreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-18005052933979828072011-03-08T00:00:34.685-08:002011-03-08T00:00:34.685-08:00Thanks a bunch. it worked by removing specified it...Thanks a bunch. it worked by removing specified items in regedit.Feras : - )https://www.blogger.com/profile/07767687517767430567noreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-44132047015040618812011-03-07T21:45:36.318-08:002011-03-07T21:45:36.318-08:00Not only I had to remove all entries of runOnce
I ...Not only I had to remove all entries of runOnce<br />I also had to remove a randomly created folder under %COMMON_APPDATA% which was created by 'system tool" virus. Generally Malwarebytes program had removed all my infections, but sytem tool escaped this.<br />Thank you rogueantispyware.blogspot for saving my PCThe Inspirerhttps://www.blogger.com/profile/09508389873876014925noreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-54248558743094149652011-03-07T19:34:50.280-08:002011-03-07T19:34:50.280-08:00I am trying to get into safe mode on Windows 7. Pr...I am trying to get into safe mode on Windows 7. Pressing F8 trying F10 still not working. I tried opening 'msconfig' in search to set 'boot' tab for safe but this ST will not allow anything to open so I can follow instructions above.....anybody PLEASE....lol...Barkerhttps://www.blogger.com/profile/00725446161267962632noreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-59880577943463880102011-03-07T15:11:59.478-08:002011-03-07T15:11:59.478-08:00How do i get my money back for this non existant s...How do i get my money back for this non existant software? I've tried with my cardholder but can find no support to get this taken care of. Should i delete this before i8 can re3solve the money issues?Unknownhttps://www.blogger.com/profile/00538433945211624562noreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-90301838029817968552011-03-07T14:08:54.079-08:002011-03-07T14:08:54.079-08:00thank you so much carl, i run regedit and it worke...thank you so much carl, i run regedit and it worked first time....whoever makes these virus,s up are sick...they must have plenty of spare time on their hands.....from karol, derry city irelandUnknownhttps://www.blogger.com/profile/05365973170941776700noreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-40793127439584310252011-03-07T11:39:33.824-08:002011-03-07T11:39:33.824-08:00Frustrated, I booted in safe mode but the system r...Frustrated, I booted in safe mode but the system restore has all been deleted or I can't see it. It tells me there is no date to revert to. I can get into Regedit but can not find any line that has runonce in it. Any other suggestions?Steve & Toni Goodsell's Bloghttps://www.blogger.com/profile/15280343071375346579noreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-51048894014850042412011-03-07T07:18:32.119-08:002011-03-07T07:18:32.119-08:00Thanks Carl, removing the reg key did the trick be...Thanks Carl, removing the reg key did the trick beautifully.Unknownhttps://www.blogger.com/profile/07522545914523001094noreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-60833391675495254002011-03-06T10:45:40.431-08:002011-03-06T10:45:40.431-08:00Thank you so much!!! I run Windows on Parallels a...Thank you so much!!! I run Windows on Parallels and was at a complete loss as to what to do because I am a Mac person. Doing a system restore in safe mode did the trick. Thank you so much for taking the time to help us poor unfortunate souls who were attacked by this virus!Juleshttps://www.blogger.com/profile/03355138398362555853noreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-7884475744500293402011-03-06T08:58:04.886-08:002011-03-06T08:58:04.886-08:00Anyone find it odd that this thing just seemed to ...Anyone find it odd that this thing just seemed to pop up out of nowhere here recently?<br /><br />What, new owners of this 'System Tools' virus?<br /><br />Yeah, a Safe Mode with a System Restore works fine. And, you don't have to scan afterwards, but if you want to that's good, too.<br /><br />It's gone with a System Restore.Unknownhttps://www.blogger.com/profile/16392714971655604449noreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-21232879272794286362011-03-05T14:36:41.561-08:002011-03-05T14:36:41.561-08:00My daughter's Dell Inspiron came down with the...My daughter's Dell Inspiron came down with the System Tool blight last night. Googled it and came upon this thread. She has Vista. Followed Carl's advice from 12/21/10 and it worked to the "T". Started it up pressing down on F8. Got to the DOS screen and hit F8 again and chose Safe with Command Line. Put in regedit.exe next to the exisitng command line and followed Carl's instructions:Went to HKeyCurrentUser - Software - Microsoft - Windows - CurrentVersion - RunOnce and deleted the alpha numeric entry (left the default entry in). Said a quick rosary as I rebooted the machine and voila! Carl, you're a good man!Unknownhttps://www.blogger.com/profile/03831221024438288655noreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-72883234930034100542011-03-05T07:55:31.755-08:002011-03-05T07:55:31.755-08:00I've never posted anything but this time I fee...I've never posted anything but this time I feel obligated, listen to Carl DEFINITELY! Safe mode, run, regedit.exe, etc, etc. it worked just fine for me, thanks Carl!Unknownhttps://www.blogger.com/profile/13360176578006704656noreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-68498800002155501362011-03-04T20:19:54.210-08:002011-03-04T20:19:54.210-08:00You have no idea how much trouble you've saved...You have no idea how much trouble you've saved me. i spent about 5 hours trying to resolve this issue before i stumbled on your blog.i followed the instruction and it worked.victorhttps://www.blogger.com/profile/18093211959429153346noreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-11148260236364185612011-03-04T15:04:46.714-08:002011-03-04T15:04:46.714-08:00@ carl.. you are truly genius man....I owe you for...@ carl.. you are truly genius man....I owe you for this definitely...I was so terrified by this spyware...and I din't want to format my computer and lose all my documents and files....I tried myself a lot but couldn't figure out but dude what you told worked fantastic...and for the one who created this spyware F*** you man!!(pardon my language)but he deserves it. Thanks a lot carl again!!Unknownhttps://www.blogger.com/profile/06187289546810690424noreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-87670065881576582112011-03-04T14:00:28.275-08:002011-03-04T14:00:28.275-08:00For those of you who cannot find the "run&quo...For those of you who cannot find the "run" command, simply go to Start > All Programs > Accessories and click on "cmd". this will take you to the DOS prompt. Then type in "regedit" (without the quote marks) and hit enter. Regedit will start and you can clean the registry.TomKhttps://www.blogger.com/profile/10586435839260656176noreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-57185471783496767442011-03-04T11:07:51.680-08:002011-03-04T11:07:51.680-08:00im glad you got it i Am having a heck of a time ge...im glad you got it i Am having a heck of a time getting this off here!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-83841864998966459872011-03-04T11:06:31.056-08:002011-03-04T11:06:31.056-08:00I am glad you got it I am having nothing but troub...I am glad you got it I am having nothing but trouble with this messAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-1641410171038712287.post-8494908253983382242011-03-04T08:26:52.481-08:002011-03-04T08:26:52.481-08:00I spent a couple of hours trying all kinds of thin...I spent a couple of hours trying all kinds of things to get rid of this virus - and it was blocking EVERYTHING! I couldn't even access the internet in safe mode. Finally, I tried a system restore in safe mode...and it *worked* yipee! :) :)Unknownhttps://www.blogger.com/profile/12421758255576094965noreply@blogger.com