System Tool or SystemTool is a fake security program which is a clone of Security Tool. The program is classified as a rogue antispyware tool because detects numerous false infections and displays a lot of fake security alerts in order to scare you into thinking your computer in danger. It hopes that you will then purchase its full version. But you should know, System Tool is unable to detect or remove any viruses, trojans, worms nor will be protect you from legitimate future security threats. Thus, you need to remove this malware from your computer as soon as possible.
SystemTool is distributed through the use of malware that pretends to be flash updates, or even video codecs required to watch an online movie. Once started, it will configure itself to run automatically when Windows starts. Next, the rogue will perform a system scan and report numerous infections to make you think that your computer is infected with trojans, spyware and other malware. Then it will prompt you to pay for a full version of System Tool to remove these threats. Of course, all of these infections are fake and don’t actually exist on your computer. So you can safely ignore them.
While SystemTool is running, it blocks the ability to run any programs, including legitimate antivirus and antispyware applications. The following warning will be shown when you try to run any program:
Application cannot be executed. The file {file name} is infected.
Please activate your antivirus software.
More over, System Tool will display a lot of false security alerts and nag screens. Some of the alerts:
System Tool Warning
Intercepting program that may compromise your privacy and
harm your system have been detected on your PC.
Click here to remove them immediately with System Tool
System Tool
WARNING 23 infections found!!!
System Tool Warning
Some critical system files of your computer were modified by
malicious program. It may cause system instability and data
loss.
SystemTool will also replace your current Windows background with a fake security warning that states:
Warning!
Your’re in Danger!
Your Computer is infected with Spyware!
Of course, all of these warnings and alerts are a fake and like scan false results should be ignored!
If your computer is infected with SystemTool, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove System Tool and any associated malware from the system for free.
Symptoms in a HijackThis Log
O4 – HKCU\..\RunOnce: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe
Automatic removal instructions for System Tool
Step 1. Reboot your computer in Safe mode with networking
Restart your computer.
After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.
Instead of Windows loading as normal, Windows Advanced Options menu appears similar to the one below.
Windows Advanced Options menu
When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.
Step 2. Remove SystemTool and any associated malware
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for System Tool infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove System Tool. MalwareBytes Anti-malware will now remove all of associated SystemTool files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Step 3. Reset HOSTS file
System Tool will change the Windows system HOSTS file so you need reset this file with the default version for your operating system.
Please download OTM by OldTimer from here and save it to desktop. Run OTM, copy, then paste the following text in “Paste Instructions for Items to be Moved” textarea (under the yellow bar):
:Commands
[resethosts]
Click the red Moveit! button. Close OTM.
SystemTool removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
System Tool creates the following files and folders
C:\Documents and Settings\All Users\Application Data\{RANDOM}
C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe.
SystemTool creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\{RANDOM}
Thanks a million. It worked to tee. I couldn’t get online so I had to download the Malwarebytes onto a flash drive from another computer to get started, and just followed your instructions. Thanks again.
System Tool popped up on one of my notebooks on Christmas; couldn’t do anything to fix it. Your site came up on Google and I gave it a try. After downloading the program to a USB stick and booting the notebook in SAFE mode, I ran the program and it worked perfectly. Thanks for the help!
christian, the rogue may change the Windows system HOSTS file, so you need reset it with the default version for your operating system.
So everyone had been attacked by SystemTool in that Christmas and every website I find on how to delete the virus suggests ONLY malwarebytes.. Making an educated guess and you could easily found who create this virus.. Am I being paranoid?
Thank you very much for the information, It really helped me to get rid of the %#$/&()#?) system tool, Thanks.
Whoever you are, you are my hero. Terrifying, awful, bewildering beast that has plagued me all night and you have saved me. Go well and thank you! x
Hi I got hit by system tool too. My computer won’t open in any safe mode thing, it just goes to a black screen afterwards. I’ve tried system restore but that doesn’t work either. No programs will run nor the internet. Could use your help for any new ideas….
Actually no need to reply to my last post. I tried system restore in another user account again and it worked this time around. Thanks to whoever’s comment I robbed that idea from. What a bunch of basterds that made this thing, and thanks to anyone who helps us computer idiots out of a jam.
YOU GUYZ R DA BEST
thank you very very very much…
Thank you so much, it’s good to have guides like these online!
This worked GREAT! You ROCK!
My computer will not boot in safe mode. I have got this system tool infection and nothing will run in normal mode. Neither will the .exe file in \allusers\application data be deleted – it says it’s in use. So without safe mode I am stuck – and it won’t go into safe mode. Any suggestions? Perhaps I should open a new topic in spyware removal forum?
thanx alot I got rid of that system tool don’t know how i got it can u tell me how can i get my pc save from that system tool thanx again u saved me
French Sun, Malwarebytes is a good and legitimate malware remover. You can use it for free to remove the rogue.
broigel and Jason, try the following:
Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Click Advanced button to open Proxy settings. Copy and paste the following text into “Do not use proxy server for addresses beginning with:”
Click OK to save Proxy settings, then Click OK to close Lan Settings and Click OK to close Internet Explorer settings.
Download HijackThis from here. Once Save dialog opens, you need first to rename hijackthis.exe to
Further click Save button to save it to desktop. If you are using the Firefox, then you need right click to the above link to open a Save dialog.
Run HijackThis. Click Scan button. Select entries that looks like:
Example:
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Reboot your computer.
Go to step 2 above.
Hi,
I downloaded malwarebytes and ran it under safe mode – it came up with two errors whicc I removed – after that I rebooted the computer in normal mode – but the system tool is still there.
Any suggestions on what I can do different to remove it?
system tool is gone but my pc is not starting normally I’m so fed up
i cant go to start safe mode.
i cant click on it..
oh and uhh
i cant download the malware
This thing latched onto my computer on January 2, 2011. What a way to start the new year! Thank GAWD we found your site and followed the instructions!!! Working great now….Thank you, thank you, THANK YOU!!!!!!!!!!!!
when i try to reboot in safe mode, it goes to the black screen and says “no boot device”. It seems my hard drive is kaput. should I still have hope?
i’m stuck with my computer its not working properly after removal of the virus it says something about hardware settings changes im so tense plz plz smbdy help me……………..
Worked perfectly, thanks, that thing fought me every step of the way. At one point disabled my internet connection, disabled spybot, couldnt bring up task manager. Once I was in safe mode, I nailed the bastard.
THAAAAAAAANNNKKKK YOOOOOUUUUUU VERYYYYYYY MUUUUUUCHHHH
NItin and rachel, try use HijackThis to remove this malware. Look my previous comment.
sania, what you mean “but my pc is not starting normally” ? Computer won`t boot in Normal mode ?
Afel, use HijackThis. See my answer to “broigel and Jason”.
superb Patrik.. from a very gracious UK customer.
Saved my ass big time.
Worked a treat in less than 20 minutes.