So I just removed this crap from one of my cousins PC. It disguises itself as a windows virus/spyware scanner. It gives you false alarms and does not let you open programs or go online. It also tells you to register to get protection etc. She has no idea how she got it. Any one have any info on how it could have been?

Well, I had System Tool spoofing as "Windows 7 AntiVirus" when I got it, and using GFWL as its backdoor access to my system, something I knew was a lie because I never had GFWL installed to begin with. Is she careful with her email? Stuff gets passed through there like nobody's business.

Maybe she clicked on one of those annoying popups that tend to come up every now and then. Those of us who are not completely informed will take the bait and be stuck with these kind of programs. In order to avoid this kind of thing in the future, tell her to not install anything unless she asks you first.

Gonna have to ask her about the email. Now that I think about it there have been a los of ppl sending [no subject] emails from msn lists. She uses a lot the IMVU client I think users of that site get targeted a lot because of iits micro transaction business.

^^ This. My mother got hit with the same one a while back. It was simply a malicious but "official looking" popup that installed the malware, but she took it one step further and actually bought the thing. Let me tell you, that was a bitch to get rid of.

You should try downloading MalwareBytes, and run a full scan. Hopefully, it'll resolve the issue.

http://www.malwarebytes.org/

Yeah I used it to remove it. Thing is that the total care edits the registry and you cant start up programs and such. For example you turn on firefox you get a pop up saying it has a trojan etc get the protection. So i had to use a registry entry I found that re enabled me to run exes.

For future reference the first step for eliminating any sort of infection should be to use System Restore to reach a point prior to infection. This is very effective against fake AVs. Nastier types of malware may try to mess with restore points to prevent you doing this but it's definitely worth trying anyway before resorting to removal tools because unlike them it doesn't miss any changes.

Don't use System Restore directly from the operating system, however, because the infection will most likely try to interfere with it; instead restart the system and hit F8 during startup, then choose Repair Your Computer. If you're still on XP you'll have to select Safe Mode from the F8 menu instead (don't do it this way for Vista and newer).