System Tool or SystemTool is a fake security program which is a clone of Security Tool. The program is classified as a rogue antispyware tool because detects numerous false infections and displays a lot of fake security alerts in order to scare you into thinking your computer in danger. It hopes that you will then purchase its full version. But you should know, System Tool is unable to detect or remove any viruses, trojans, worms nor will be protect you from legitimate future security threats. Thus, you need to remove this malware from your computer as soon as possible.
SystemTool is distributed through the use of malware that pretends to be flash updates, or even video codecs required to watch an online movie. Once started, it will configure itself to run automatically when Windows starts. Next, the rogue will perform a system scan and report numerous infections to make you think that your computer is infected with trojans, spyware and other malware. Then it will prompt you to pay for a full version of System Tool to remove these threats. Of course, all of these infections are fake and don’t actually exist on your computer. So you can safely ignore them.
While SystemTool is running, it blocks the ability to run any programs, including legitimate antivirus and antispyware applications. The following warning will be shown when you try to run any program:
Application cannot be executed. The file {file name} is infected.
Please activate your antivirus software.
More over, System Tool will display a lot of false security alerts and nag screens. Some of the alerts:
System Tool Warning
Intercepting program that may compromise your privacy and
harm your system have been detected on your PC.
Click here to remove them immediately with System Tool
System Tool
WARNING 23 infections found!!!
System Tool Warning
Some critical system files of your computer were modified by
malicious program. It may cause system instability and data
loss.
SystemTool will also replace your current Windows background with a fake security warning that states:
Warning!
Your’re in Danger!
Your Computer is infected with Spyware!
Of course, all of these warnings and alerts are a fake and like scan false results should be ignored!
If your computer is infected with SystemTool, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove System Tool and any associated malware from the system for free.
Symptoms in a HijackThis Log
O4 – HKCU\..\RunOnce: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe
Automatic removal instructions for System Tool
Step 1. Reboot your computer in Safe mode with networking
Restart your computer.
After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.
Instead of Windows loading as normal, Windows Advanced Options menu appears similar to the one below.
Windows Advanced Options menu
When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.
Step 2. Remove SystemTool and any associated malware
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for System Tool infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove System Tool. MalwareBytes Anti-malware will now remove all of associated SystemTool files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Step 3. Reset HOSTS file
System Tool will change the Windows system HOSTS file so you need reset this file with the default version for your operating system.
Please download OTM by OldTimer from here and save it to desktop. Run OTM, copy, then paste the following text in “Paste Instructions for Items to be Moved” textarea (under the yellow bar):
:Commands
[resethosts]
Click the red Moveit! button. Close OTM.
SystemTool removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
System Tool creates the following files and folders
C:\Documents and Settings\All Users\Application Data\{RANDOM}
C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe.
SystemTool creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\{RANDOM}
god dear.!. it workted! thnx
Thanks, but i can’t get my computer to start at all. Not in safe mode or otherwise.
I got this crap on me, and every time i boot and press F8, windows boots, how do i fix it?
hello!i have a pb. The thing is that i did everything i had but while i had to restart my computer i forgot to choose the option with default version for operatig system as u said!so i tried to redo the previous step with malwareb to provoke another occasio to choose the right option. But it doesn’t work. what im trying to say is that i ddint the file with the efault version for my operatig system. If by that you on the black screen i should have cosen the recommaded option instead of the one which said “start windows normally” or something like that. is it really that important i diddnt retasrt my laptop as u said? and if it is, how do i do now? can i still download OTM?
About system tool, i don’t see it aywhere aymmore, plus apparently there isn’t anythig infected anymore according to malwareb. Tell me if you don’t understand what im sayig cause english isn’t my native language!
Im waiting for you answer and instuctions, coach! 🙂
thanx in advance!
i used COMBFIX and it got ride of it.
Everything worked perfectly except the part with OTM. I put in the command but on the results side all that was said was:
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
I have vista, so I used the “run as administrator button” but it still said that. So far the computer seems fine, but just to be on the safe side, I posted this.
And thank you sooo much! Your help was really invaluable :D.
rachel, if you can`t boot your PC in any modes, then start a new topic in our Spyware removal forum. We will try another way to restore your PC.
Josh, try remove this malware in Normal mode. Follow the instructions in my answer to “broigel and Jason” – Comment by Patrik — January 1, 2011.
soraya, if no any signs of the rogue on your computer then anyway you need to run OTM with the script that i have published above.
Andrew, try the following steps to reset HOSTS file:
Run Malwarebytes Anti-malware. Open Tools tab. Under FileASSASSIN label click to Run Tool button. In the open window navigate to C->Windows->System32->Drivers->etc and select HOSTS file. Click Open button. Click YES to confirm. Close Malwarebytes Anti-malware.
Click Start, Run. Type notepad and press Enter. Notepad opens. Copy all the text below into Notepad.
Save this as HOSTS to your C->Windows->System32->Drivers->etc. (Remember to select Save as file type: All files in Notepad). Close Notepad.
Thank you sooooo much .. started to install it
This virus suddenly appeared on my computer. All the sypmtoms were as described in the introduction above. The 2 protection systems I have,MS defender and AVG would not run. I was getting ready to follow the suggestions above and entered the safe mode/networking(by repeatedly clicking F8 at computer beep during turn on) to check if I could use the internet explorer in that mode.After finding that I could,I shut off the computer and restarted it in the normal mode. To my surprise,all the weird stuff were gone. I immediately ran AVG (somehow it worked). It found and isolated 2 Trojan horses. After few hours,my computer is still running normally.
I do not know what fixed the problem(Virus committed suicide when it figured our it was being cornered?!!!) since the only thing I did was that I entered and left the safe mode. This may be worth trying for anyone else infected with this virus.
On a different subject, I wish there would be an international organization to go after the SOBs creating these viruses. If they can charge(credit card?) for their “good for nothing” fixes, it should not be too difficult to find them.
Thaank you so much for your help!!
it is explained well and it worked right away
thank you!!!! greets
Thank you so much for your hints. You saved my computer and my relationship! Thank you so much!
thanks so much
Hey, I found this forum on Google, thought I’d give this fix a try…
System Tool popped up on my computer this morning, idk why, but I am currently in Safe Mode with networking. I updated and ran the quick scan in Malwarbytes and it’s giving me this message:
The scan has been completed successfully. No malicious items were detected. A log has been saved to the logs folder.
WTF?! I have this crippling virus and it’s telling me my computer’s not infected?? What do I do?
thankyou very very much it worked pefectly thank god for people like you step by step it was awesome
Allie, try remove the rogue using HijackThis tool. Follow the instructions in my previous comment (Comment by Patrik — January 1, 2011: answer to broigel and Jason).
Thanks so very much. I am sooo relieved! Your instructions were wonderful. I think I was surfing way too fast or just not paying attention to what I was clicking on when this rogue (fake) virus landed. Glad I had two more computers in the house so that I could download your program onto a flash drive and tranfer over to my laptop.
Thankyou!!!
THANK YOU SO MUCH! perfeccttttt
thanks i could not have done it without your very much appreciated help
HOLY CRAP THANK YOU SO MUCH! you guys REALLY need to make this more noticeable on google i tried like 3 other things on being stop zilla you should really put more info that STOPzilla is a very very bad place to go because i called that place they gave me a “diagnoses” said oh you could crash at any moment and other bull crap in the end the guy’s like oh you should pay 209 dollars… and yeah i’m pretty sure that was actually the real company it was an 888 number and it was definitely a call center in india. anyway thanks for not ripping me off and helping successfully fixing my computer
Wow I know nothing about computers but this guide helped me remove the virus. I’m feeling incredibly pleased with myself. Thank you!
Hey thank you dear brother/sister.
May god bless you!
Bless YOU –You ANgel OF MERCY!!!!!!!! I will NOT be as dumb again to run these crazy unfamiliar programs. Again I thank u much!!! MUAHS!!!
thanks its so easy and it works….thanks guy…god bless you always…….
thanks a lot!!
Nice job with the instructions. Job well done Every thing is working fine
Thanks and all the best to you
I just wanna say thank you that systemtool crap scared the shit outta me i was so pissed i was about to throw this computer away and then i saw your website and it worked. THANKS YOURE AWESOME!!