Left: pink screen of misery created by System Tool 2011
My laptop got nailed today by a particularly wicked virus/malware infection called System Tool 2011. The virus pretends to be an antivirus program, but it really operates for two purposes: 1) to try and dupe people into giving out their credit card number; and 2) to try and duper users into deleting important system files, turning their machines into slave drones.
Luckily, I had enough common sense not to fall for either ploy, but this virus was a royal pain the the arse to eliminate. If you get hit with this virus, DO NOT allow it to delete any files when it prompts you with scary messages.
One of the biggest problems with System Tool 2011 is that the virus hijacks useful programs like Task Manager, regedit, and msconfig. System Tool 2011 will also detect and shut down legitimate antivirus programs. The first thing to do is to restart your computer in safe mode with networking: as the computer is booting up, look for the prompt that asks you to hit F10 for boot manager and hit F8 for advanced boot options (the function keys might be different on different operating systems). This will allow you to operate your computer without System Tool 2011 taking over.
You can try to manually remove all the associated files and registry entries, but this can be both cumbersome and confusing, as System Tool 2011 generates random alphanumeric names for files and registries. Thus, my unwanted guest called itself gLagg00309, a name that did not jump out at me as a likely target for manual removal.
I recommend two programs to combat this deadly virus: Malwarebytes and RKill. RKill is a process-killing program that will allow you to temporarily shut down any components of system-hijacking viruses, while Malwarebytes was the only antivirus program I tried that could kill all traces of System Tool 2011.
Both programs, by the way, offer free versions available for download, and I am gratefully sending each group a cash donation via PayPal to reward them for their selfless efforts.
I suspect that this virus entered my computer via a Facebook application. I normally avoid all Facebook apps (mostly out of annoyance) but I think I accidentally clicked someone else's app and wound up with a backdoor trojan.