Win 7 home security 2011, real or bogus?

[BoomChickn]

So I was looking on mmo-champion on my own computer and the computer lags out, firefox closes, and i get a message about this giving a bunch of "Your computer is infected!" messages. The way the program popped up and the "site" it directed me to seem really sketchy, anyone know if this is a legit program or a virus pretending to be one?
Need responses fast.

[Havermeyer]

Win 7 Home Security 2011 is malware. The free version of http://www.malwarebytes.org/ should clear it up.

[BoomChickn]

Win 7 Home Security 2011 is malware. The free version of http://www.malwarebytes.org/ should clear it up.

This is what I thought, I got a TrendMicro program up and running (came with the computer on purchase), problems ended fairly quick.

Anyone have an idea what its name is in the processes window of the task manager so i can get rid of it right now?

[Visioned]

Trust me, and Havermeyer. Run Malwarebytes.

Trendmicro, Webroot, Mcafee, Panda, AVG Free and IS are all junk. I garauntee you'll find more than what you thought.

[Forsedar]

This is what I thought, I got a TrendMicro program up and running (came with the computer on purchase), problems ended fairly quick.

Anyone have an idea what its name is in the processes window of the task manager so i can get rid of it right now?

I ran TrendMicro and it fixed a few things... but malwarebytes found EVERYTHING. You will only stall the virus/malware with TrendMicro... but thats it.

[Kawaii]

As others have stated, Malwarebytes fixes this shit.

[llDemonll]

Start, click run and type cmd. Then from c:\, type dir “System Tool” /s. This will recursively search for any file name with System Tool. Once you find that file, open it up with an explorer window. It will most likely be a shortcut to the actually executable. Right click on the short cut and view the properties to get the actual path to the executable. Now… copy this path. From the command line delete this path by typing del and pasting the path. Since this file is hidden you won’t see it if you try to navigate to it… But you will notice that after deleting it the first time you will get no error messages, indicating the operating system successfully deleted the file. If you attempt to del that file again you will get an error message…something like file not found. So, once the executable is removed you can restart your computer in normal mode and you system should start up without all the malware/virus crap.

AND

It will modify Windows Registry and add the following entries:
HKEY_CURRENT_USER\Software\System Tool 2011
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “2487226410″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random]”
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
“[Random]“=”c:\Documents and Settings\All Users\Application Data\[Random].exe”

The threat will drop the following malicious files:
%AppData%\[random]\
%AppData%\2487226410
%AppData%\[random]\[random].bat (2487226410.bat)
%AppData%\[random]\[random].cfg (2487226410.cfg)
%AppData%\[random]\[random].exe (2487226410.exe)
%UserProfile%\Desktop\System Tool 2011.lnk
%UserProfile%\Start Menu\Programs\System Tool 2011.lnk
%temp%.\[random]\
%systemdrive%\Documents and Settings\All Users\Application Data\2BcT333842 [Random Folder]
-%systemdrive%\Documents and Settings\All Users\Application Data\2BcT333842\2BcT333842 [Random File]
-%systemdrive%\Documents and Settings\All Users\Application Data\2BcT333842\2BcT333842.exe [Random Files]

I did this with a few computers at work and the issue hasn't arisen since

[axi0m]

Yup, some of the current variants will also add hidden attributes to everything on the root drive, while still others will MOVE everything to another directory.

As stated above these types of infections general sit in AppData/Application Data/ProgramData and are random variable strings.

Also look out for a new variant I spotted the other day. It called itself E-Set Antivirus 2011 (Mind your E-Set NOD is a legit AV software) had a similar UI was whoever coded it was a moron and used the AVG logo for everything.

[Chickensoup23]

As others have stated, Malwarebytes fixes this shit.

Malwarebytes + Avast/Microsoft Security Essentiels = more protected/safe than a double-wrapped pee-pee during cush-cush moments. A similar combo doesn't only protect you (ex; Avast fully blocks the kind of pages you got from opening), but removes almost everything with a click.

McAfee and such, pretty much as others said, junk.

[Deleted]

Do a quick scan with hijackthis as well,check through the services running.

[BoomChickn]

Start, click run and type cmd. Then from c:\, type dir “System Tool” /s. This will recursively search for any file name with System Tool. Once you find that file, open it up with an explorer window. It will most likely be a shortcut to the actually executable. Right click on the short cut and view the properties to get the actual path to the executable. Now… copy this path. From the command line delete this path by typing del and pasting the path. Since this file is hidden you won’t see it if you try to navigate to it… But you will notice that after deleting it the first time you will get no error messages, indicating the operating system successfully deleted the file. If you attempt to del that file again you will get an error message…something like file not found. So, once the executable is removed you can restart your computer in normal mode and you system should start up without all the malware/virus crap

I am having a bit of an issue, the system tool file isn't found, but the malware is still there. And I cant get malwarebytes or another program right now because it doesn't let me go anywhere on the internet.

[jobdone]

I am having a bit of an issue, the system tool file isn't found, but the malware is still there. And I cant get malwarebytes or another program right now because it doesn't let me go anywhere on the internet.

You're on here?

[BoomChickn]

You're on here?

Using another computer.

[Pancha]

I am myself using:
- Microsoft Security Essentials
- Spybot S&D / Ad-Aware

I'm uncertain if this still is a good combo, but I has been the one I've used now pretty much since early 2000 (with the exception of MSE). So. Since the OP's question is answered. What differences is it with malwarebytes and S&D/Ad-aware?

[BoomChickn]

I am myself using:
- Microsoft Security Essentials
- Spybot S&D / Ad-Aware

I'm uncertain if this still is a good combo, but I has been the one I've used now pretty much since early 2000 (with the exception of MSE). So. Since the OP's question is answered. What differences is it with malwarebytes and S&D/Ad-aware?

Sorry to say but the issue still exists, I can't find the system tool file through cmd, so I can't get to the exe to delete it.

[slowside]

Always ask the professor if you are having problems.

[BoomChickn]

Always ask the professor if you are having problems.

Hmm...well done my friend, well done.

[Zamfix]

If an antivirus program you didn't install is telling you you're infected, it's not an antivirus program.

If you don't know what's installed on your computer, you should probably disconnect it from the internet to be safe and keep it that way.

[Deleted]

Win 7 Home Security 2011 is malware. The free version of http://www.malwarebytes.org/ should clear it up.

This. Just this.

[NatePsy]

Hm.. Tell me the exact details of this