System Tool or SystemTool is a fake security program which is a clone of Security Tool. The program is classified as a rogue antispyware tool because detects numerous false infections and displays a lot of fake security alerts in order to scare you into thinking your computer in danger. It hopes that you will then purchase its full version. But you should know, System Tool is unable to detect or remove any viruses, trojans, worms nor will be protect you from legitimate future security threats. Thus, you need to remove this malware from your computer as soon as possible.
SystemTool is distributed through the use of malware that pretends to be flash updates, or even video codecs required to watch an online movie. Once started, it will configure itself to run automatically when Windows starts. Next, the rogue will perform a system scan and report numerous infections to make you think that your computer is infected with trojans, spyware and other malware. Then it will prompt you to pay for a full version of System Tool to remove these threats. Of course, all of these infections are fake and don’t actually exist on your computer. So you can safely ignore them.
While SystemTool is running, it blocks the ability to run any programs, including legitimate antivirus and antispyware applications. The following warning will be shown when you try to run any program:
Application cannot be executed. The file {file name} is infected.
Please activate your antivirus software.
More over, System Tool will display a lot of false security alerts and nag screens. Some of the alerts:
System Tool Warning
Intercepting program that may compromise your privacy and
harm your system have been detected on your PC.
Click here to remove them immediately with System Tool
System Tool
WARNING 23 infections found!!!
System Tool Warning
Some critical system files of your computer were modified by
malicious program. It may cause system instability and data
loss.
SystemTool will also replace your current Windows background with a fake security warning that states:
Warning!
Your’re in Danger!
Your Computer is infected with Spyware!
Of course, all of these warnings and alerts are a fake and like scan false results should be ignored!
If your computer is infected with SystemTool, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove System Tool and any associated malware from the system for free.
Symptoms in a HijackThis Log
O4 – HKCU\..\RunOnce: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe
Automatic removal instructions for System Tool
Step 1. Reboot your computer in Safe mode with networking
Restart your computer.
After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.
Instead of Windows loading as normal, Windows Advanced Options menu appears similar to the one below.
Windows Advanced Options menu
When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.
Step 2. Remove SystemTool and any associated malware
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for System Tool infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove System Tool. MalwareBytes Anti-malware will now remove all of associated SystemTool files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Step 3. Reset HOSTS file
System Tool will change the Windows system HOSTS file so you need reset this file with the default version for your operating system.
Please download OTM by OldTimer from here and save it to desktop. Run OTM, copy, then paste the following text in “Paste Instructions for Items to be Moved” textarea (under the yellow bar):
:Commands
[resethosts]
Click the red Moveit! button. Close OTM.
SystemTool removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
System Tool creates the following files and folders
C:\Documents and Settings\All Users\Application Data\{RANDOM}
C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe.
SystemTool creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\{RANDOM}
thank you for your help.. the process/ instructions you shared helps me to remove the system tool that prompts on my computer.. now i can already install and download again..
The paste to OTM does not work. I get the message
cannot create file C:\WINDOWS\System32\drivers\etc\Hosts
Other than that, your fix was dabomb. That bullshit System Tool is gone! Thank you Thank you.
Calabrese, if you using Vista/7 then you need run OTM as administrator. Right click to OTM and click Run as Administrator option.
I already had Malwarebytes but had to update it, after which it ID’d 150-plus infections and took System Tool away! Thanks!
But OTM doesn’t work (I have Windows XP). It opened; I dopied
:commands
[resethosts}
under yellow bar, clicked “Move It” and “Commands” when over to under the green bar, leaving “[resethosts]” under the yellow bar. Then OTM went “not responding” and won’t do anything, like close. I tried “End Task” and it doesn’t work on OTM, which appears twice on that screen. What should I do???
Whoops! OTM is gone. I went to desktop, re-opened and recopied and it told me the action was complete and it had created a log. I clicked exit and that worked too. I presume I’m all set to trot normally.
Thanks for great instructions and help!
I ran the quick scan and it tells me the is nothing there but the system tool is still all over my computer how do I get rid of this thing…
This has not helped me…i ran through the entire process, and system tool is still on my laptop?
Thanks for the help, it was invaluable. Wasted about an hour or so running a full scan, without updating, then finally updated and did quick scan, but rebooted without taking out the file folders and the regkey. Followed your instructions again to the T and got rid of it. No idea where I picked it up…twitter? Anyway I’m back on track again. Thanks and mahalo!
I followed all the steps and BINGO! that “system tool” is gone! You saved my day. You saved my MIND!
THANK YOU!
Ran program but after re starting virus [System Tool] is still here
oh man [resethosts] is not working. Keep getting the same message even after making it ambass. ahh broke heart. any suggestions?
not working for me…
so, i have restarted my comp in safe mode, run rkill, updated MBAM, run MBAM, manually deleted all “system tool” paraphernalia and restarted my comp regularly and it STILL is 100% infected.
any pointers??
Thank you, thank you, thank you. This saved my life and so much of my time. I thought my computer was kaput. It took me less than 40, 50 minutes to uninstall System Tool. Man, thank you so much.
do you restart before resetting the host
Matt and Jennie, ask for help in our Spyware removal forum.
Perfect! thanks
Information to remove system tool was very helpful I’m glad that bullshit is gone thanks
thank you, thank you, thank you! I worked twelve hours today trying to remove system tool from my computer. and once i discovered this helpful page it took all of ten minutes. you are my hero!
Morgan, probably your computer is infected with a trojan that reinstalls the rogue. Start a new topic in our Spyware removal forum. I will help you to remove this malware.
renee, yes, reboot your computer before resetting the hosts file.
this virus SUCKS. i didnt trust it from the start ><
Has anybody run into a problem where system tool does not show up as an infection using mbam?
So it says that i got it off on safe mode but once i start my computer again it’s still there. So i went back to safe mode to rescan but it says 0 infections found! HELP!
Great help, thank you. All steps worked and I’m now much more up-to-date on general protection tools.
do i need to reboot my pc in safe mode or the regular one? bc i rebooted in regular and stupid system tool came back :S
help plz
Stephen and Fatimeh, try the following:
Reboot computer in Safe mode with networking. Download HijackThis from here. Run HijackThis and click Scan button to perform a system scan. Place a checkmark against each of lines:
Example:
Note: list of infected items may be different. Template of the malicious entries:
O4 – HKCU\..\RunOnce: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe
If you unsure, then start a new topic in our Spyware removal forum. I will help you.
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
tish, you need use Safe mode. It will stop the rogue from autorunning.
Thankyou Patrik – You DA MAN! =)
Tough nut to crack. Had to search through registry for all RunOnce instances. Found one that pointed to the random-named folder/file. They used a guid/SID/class in the registry path that threw Malwarebytes off. Erased by hand.
I too had trouble tracking this one down. With hijack this I was able to delete an odd RunOnce entry that was random but was not in the Documents and settings\all users\application data folder mentioned above. It was in Program Data folder.