Really Bad Virus - need help asap

[WhiteFlare]

My aunt just bought a brand new ASUS laptop 2 days ago and it is already infected. The virus is acting like another antivirus which will scan and redirect her to a place to enter her credit card info (dead givaway). It also changes her desktop background to blue with red letters saying "WARNING, REMOVE ALL SPYWARE NOW" or something of the sort.

The tricky part is that it will not let you click on anything without getting a message saying "failed to open, object is infected", so I am unable to run any scans. Even System recovery fails to load because its "infected".

I then tried to boot into safe mode to run scans from there, but the ASUS boot screen dosnt even show up, it just goes right into the operating system, making it unable to even boot from a CD/flashdrive.

The next thing I will try is to remove the hard drive, put it into an external case, and try to run scans on the hard drive from another computer.

She bought the computer from Best Buy so she does not have an operating system disk in case she needs to reformat (unless you guys know of another way)

I would post scan logs but I'm not able to run any programs.

Any other suggestions?
All help is appreciated.

 

[KSoD]

Just restore the machine to factory settings. It is only 2 days old.

 

[WhiteFlare]

I've tried that, but when I click to run it, it says that the object is infected and cannot run.

 

[KSoD]

Then take it back to Best Buy and have them preform the reinstall. The machine is 2 days old. If they refuse just return it and buy a new one and get protection on it right away. The amount of time you will spend trying to remove this infection will not be worth it on a machine that is still covered under a return policy. If you cant download, run or do anything on it then it is not worth it. You will be stuck with the laptop if you open it.

Just take it back to them. It is much easier and quicker.

Did you change the boot order in the BIOS? Cause if you didnt that would be why you cant boot from CD/USB not cause of the infection. Did you hit F8 during the boot process to get the Advanced Windows Boot Menu? Cause if not then you did not get to the correct section to recovery factory settings.

Last but not least, no computer comes with a disk anymore. Doesnt matter if it is bought at Best Buy, Walmart, Target, Dell, HP, or NewEgg. They all come with Recovery Partitions.

 

[WhiteFlare]

When I power up the computer, the screen stays black without the boot menu until the windows 7 logon screen comes up, pressing F keys does nothing during this. And thats another thing I found odd, it does not have a recovery partition, it only has one partition called OS. When I go into restore to manufacture settings, the only option is an installation disk.

 

[KSoD]

Then you have to hit F12 during startup. The screen may stay black but there has to be the ability to get into the BIOS. If not then she has a bad machine to begin with. I have worked with Asus machines before and i know this is not normal behavior. So yet again i state, return it.

No machine comes with the media. So there has to be the recovery partition. If it doesnt have one then she got a unit that was returned to the store and the Geek Squad screwed up and re-sold.

 

[KidTech]

Did you try command prompt to access it? There is no way to delete a virus already on there other than find the problem, fix it, or reboot the whole os with a disk or flashdrive so I agree. RETURN IT!

 

[Alvin.C]

Hi,

This sounds like a piece of malware called System Tool 2011 trojan. I've encountered this many times on student owned laptops and university owned staff machines at work - which don't even have administrative privileges. The main variant exhibits the following:

The malware changes the desktop background.

The main variant installs and runs the 'System Tool 2011' trojan.

It's nasty in that it disables any anti-virus software installed on the machine, and also prevents the user from carrying out system restores (both Windows and OEM - in some cases).

Further, at present, it's able to pass through all the common anti-virus software undetected even with the latest definitions - this includes Avast!, AVG, Microsoft Security Essentials, Norton Internet Security, Norton 360, McAfee Antivirus Plus, Norton Internet Security and even McAfee VirusScan Enterprise 8.7i - which we have installed on student and staff machines, and which we manage centrally.

If the machine is infected with this malware, the good news is that it can be removed very easily using the free malware removal tool: Malwarebytes Anti-Malware (aka MBAM). If it's another piece of malware, MBAM may still be able to remove it - in my experience it's proved to be rather effective.

...Firstly, since it's a new machine, see if the retailer can assist you / swap the machine. If they refuse, follow the steps below...

Download, install, update and run MBAM in Safe Mode (with networking). Boot into Safe Mode (with networking) by tapping F8 on the keyboard just before the OS loading screen. Once the scan is complete, it will show you a list of malware found and prompt you for removal. The system will then reboot into normal mode, and any anti-virus software installed will be re-enabled. This is the procedure we've been employing back at work - which has been effective in all cases of this malware.