PC Tool 2011
PC Tool 2011 (or PCTool 2011) is a modified variant of rogue antispyware programs like System Tool, Security Shield and others. PC Tool 2011 deceives PC users by reporting infections on your computer and then asks you to make a payment for PC Tool 2011 to remove these so-called threats. The fact is PC Tool 2011 reports non-existent threats to scare you into making the purchase. PC Tool 2011 looks perfectly legitimate and claims to detect badware that is not even on your computer. So if you receive some alerts or see scanners from PC Tool 2011 that you never initiated, be advised you are dealing with a rogue program. PC Tool 2011 is hard to remove and it may keep you from launching some trusted removal tools. Other symptoms include the infected computer's wall paper being changed to a fake warning and stating that PC Tool 2011 should be purchased to regain control of the desktop. PC Tool 2011 must be taken out of the system immediately by using and updated malware remover.
File System Modifications
- The following files were created in the system:
# File Name 1 %UserProfile%\Application Data\[random digits]\[random digits].exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[random digits]"
I've battled with a similar rogue fake anti-virus software on my dad's laptop and I did use similar methods of finding where it was located (buried appdata in this case) and none of the windows tools worked or any browsers. So, i had to use sysinternals process explorer to kill it and then deleted the offending .exes. Did a full scan with avast and mse and was cleaned out. I just LOOOVVEEE process explorer.