Last year was the Microsoft Antivirus 2010. This year it’s the System Tools 2011 Antivirus malware/spyware. It is most commonly identified by an active desktop screen stating you have been infected and your wife and boss will know all that you do.
What is does:
This nasty simple program locks itself running. Disables the Task Manager. Disables loading msconfig and other system tools. It also disables booting into Safe Mode.
To Remove:
Step 1: If you are fast enough (30 seconds) to login, start the Task manager and kill the random.exe process at the time it starts, then you can begin removal. On to Step 3.
Step 2: Speed on on your side, you can also do this. Boot the computer with a MiniXP or other boot cd that allows access to the NTFS partition. Continue to Step 3 and Reboot.
Step 3:
browse to Documents and Settings\All Users\Application Data folder and locate a random named folder. There will be two(2) files inside the folder. Write down the name and Delete the folder.
Step 4:
Run CCleaner to clean up all the Resources
Step 5:
Run Spybot, Malware Antibytes and update your antivirus program or install Microsoft Security Essentials. Reboot and you should be good.
* Windows Vista/7 look under the Users/Public or Users/%UserProfile% folder. %UserProfile% being the most used account on the computer.