System Tool
System Tool is a malicious software that may get inside the computer without your consent. Authors who made this fake tool aim on naïve computer users to steal money from them through deceptive means.
System Tool or also called as the SystemTool 2011 virus is another deadly and widely spread rogue security program. To penetrate a computer, this Trojan will take advantage of software and system vulnerabilities. It will expand contamination to as many computers that are linked via the Internet. When System Tool virus first hit the computer, some symptoms you may see includes browser redirects, homepage hijacking and a disabled anti-virus program. Moreover, your Internet browser homepage is pointed to fake online virus scanner web page where it will run a scan on your computer and give false findings. Later, the fake AV advises you to download a copy of System Tool. It also suggests the same as tool as the only solution to get rid of detected threats. User who is not clever enough to identify fake from real program may suffer from the doom of this rogue software and begin to run into annoyances including many pop-up alerts and warning notices. Similarly, it will attempt to modify the Windows registry that may initiate System Tool virus scan every time the computer starts.
Refrain yourself from visiting dubious web site to avoid this malware because some of it will pretend as security portal and some are presented as a multimedia pages. Whichever page you arrived, it will require visitor to download a required program to be able to proceed.
For someone who is unlucky to be infected with rogue security product, immediately obtain our suggested anti-malware solution as stated below. This will instantly remove System Tool and other hidden files on the system. Besides, you should only entrust solving cases like this to genuine security product.
Screen Shot Image:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Malware Behavior
System Tool virus will modify desktop wallpaper and set an image as the default, it will contain the following messages:
WARNING!
YOUR’RE IN DANGER!
YOUR COMPUTER IS INFECTED WITH SPYWARE!
ALL YOU DO WITH COMPUTER IS STORED FOREVER IN YOUR HARD DISK.
WHEN YOU VISIT SITES, SEND EMAILS… ALL YOUR ACTIONS ARE LOGGED. AND IT IS IMPOSSIBLE TO REMOVE THEM WITH STANDARD TOOLS. YOUR DATA IS STILL AVAILABLE FOR FORENSICS. AND IN SOME CASES
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\"[Random Letters and Numbers]" = "%SystemDrive%\Documents and Settings\All Users\Application Data\[Random Letters and Numbers]\[Random Letters and Numbers].exe"Associated Files and Folders:
%Temp%\[Random] %UserProfile%\Start Menu\Programs\System Tool 2011.lnk %UserProfile%\Start Menu\Programs\SystemTool2011.lnk %UserProfile%\Start Menu\Programs\System Tool\System Tool 2011.lnk %UserProfile%\Start Menu\Programs\System Tool\SystemTool2011.lnk %UserProfile%\Desktop\System Tool 2011.lnk %UserProfile%\Desktop\SystemTool2011.lnk %systemdrive%\Users\All Users\Application Data\oHaKo00902 %systemdrive%\Users\All Users\Application Data\oHaKo00902\oHaKo00902 %SystemDrive%\Documents and Settings\All Users\Application Data\[Random Letters and Numbers]\[Random Letters and Numbers].exe %SystemDrive%\Documents and Settings\All Users\Application Data\[Random Letters and Numbers]\[Random Letters and Numbers]
File Location for Windows Versions:
- %UserProfile% for Vista/7 user is C:\Users\<Current User> for Windows Vista/7, for Windows XP/2000 this is C:\Documents and Settings\<Current User>.
- %SystemDrive% refers to any drive including external removable devices.
- %Temp% refers to C:\Windows\Temp\.
How to Remove System Tool
Manual Removal Procedure
1. Press Ctrl+Alt+Del on keyboard to stop the process associated to "System Tool". When Windows Task Manager opens, go to Processes tab. Find and end this process.
(random characters).exe
2. You need to update your installed antivirus software. Please connect to the Internet and download the most recent database. This is a one-click process from your AV program’s console.
3. Thoroughly scan the computer and remove any threats found by your antivirus program. If delete option is not available, your best next choice is to quarantine the infected file. There is also a need to manually locate and delete malicious files. Please see the file section for items that are relevant to System Tool.
4. Next, you need to remove registry entries created by System Tool. Please refer to registry section to view entries related to the rogue program.
- (Windows 2000/XP) Go to Start > Run, type "regedit" on dialog box then press Enter on keyboard.
- (Windows Vista/7) Go to Start > Search Program and Files, type "regedit" and press Enter.
5. Exit registry editor when you are done.
6. Get rid of System Tool start-up entry by going to Start > Run, type msconfig on the "Open" dialog box. It will launch a new window containing System Configuration Utility. Click on the Startup tab and uncheck the following item.
(random characters).exe
System Tool Remover
In order to remove "System Tool" virus completely, you need to download and run Malwarebytes Anti-Malware. This is a free malware removal tool. If Trojan infection blocks the downloading of this program, get it using a clean computer. Rename the executable file before executing on the infected PC.
First thing you should try when infected by a virus is to apply System Restore (see how). It may rebuild any damaged or modified settings due to System Tool infection.
Removing valid Windows registry entries may result to system malfunction or software failure. Please back up your registry first before making any changes.
If you cannot browse the web because System Tool is blocking your access, please see this tip on how to repair your Internet access.
spain
Nov 11, 2010 @ 19:27:21
hi! i am spanish and i have a problem with the system tool,when i am goint to install the malwarebytes i can not as the system tool,what can i do? thanks
timothy courtnage
Nov 17, 2010 @ 23:32:36
I think these people who make these programs should be exposed and hunted down and allow the people who are poor that are unable to afford the high priced security to surf the web and these people who write this stuff well…I want five minutes with them…for all of the time that they have caused me.
tjykytkht
Dec 04, 2010 @ 03:35:16
damn these people have no lives hahaha but i downloaded norton power eraser and nothing happened, did system tool block it?
tjykytkht
Dec 04, 2010 @ 03:52:58
if i download Malwarebytes Anti-Malware to a clean the virus do i put it onto my flashdrive then install it on the infected system? thanks!
Stick
Dec 14, 2010 @ 16:08:07
SysTool-2011 crawled into my sister’s laptop w/ Vista this w/e (12-12-2010). Ended up booting into SAFE mode (F8), executed a “system restore” to about a week prior. Seemed to work. Her friend read an email from a common sender, and it was back!
Did sys.restore again, and installed AVAST + ran avast. seems OK now for the past 2 days.
Dbain
Dec 15, 2010 @ 14:50:42
To install Malwarebytes you need to start Windows in safe mode by pressing F8 while the starting before the windows loading screen appears. THen select start windows in Safe mode.
jj
Dec 16, 2010 @ 22:33:02
I got hit with System Tool 2010 virus on my Windows 7.
The way to get rid of it is shut down your PC. No programs will work anyway until you get rid of the virus.
Then restart Windows in safe mode, tapping F8 repeatedly to get to the log on screen.
At that point download freeware:
Malwarebytes
Security 360
Microsoft Security Essentials
Advanced SystemCare
Download all and run all. They will kill different aspects of the virus and other garbage on your system.
No single anti-virus program will get it all so run all of them.
That should kill Security Tool 2010 and anything else in your system.
Then schedule Microsoft Security Essentials to run at 4 AM every day, assuming you leave your computer on 24 / 7. The others you have to buy to use auto-scheduler function.
Oh yeah, make sure you download all the most recent updates before running the programs.
Also, if you can’t get Explorer to run on the infected machine download all programs onto a flash drive on another uninfected ones. Then plug into infected PC in safe mode, cut and paste .exe programs off flash drive to infected computer and run.
Charles
Dec 17, 2010 @ 11:51:43
All you have to do is enter the serial key to register “system tool” and follow the rest of the steps. The key is WNDS-S0DF5-GS5E0-FG14S-2DF8G. This is from rogueamp’s youtube video. I did this yesterday and it worked beautifully just when I had just about had it… Thank you rogueamp – you are the man
Chrissy
Dec 18, 2010 @ 12:59:01
I want to stress in bold an important comment within this help article. When you initiate the Malwarebytes download, choose to save to disk. Do not choose run immediately. Navigate to where you downloaded this program. Rename the program. I renamed mine “sillyAnimals.” Right-click, and choose to run as an admin. Now the program will install. :)
Charles
Dec 18, 2010 @ 22:55:09
Renaming anything is completely unnecessary. Just watch rogueamp’s youtube video on system tool and remove this stupid thing painlessly and easily with the serial key.
brandon
Dec 18, 2010 @ 22:57:52
system tool 2011 wont let me do anything!! cant download antivirus, cant even download it to a flash drive. getting so frustrated!!!
Bill
Dec 19, 2010 @ 18:16:13
You need to do exactly what Charles advises. It was the very simple quick cure for getting rid of the System Tool virus. Only took a couple minutes after waisting several hours on other recommended solutions. Thanks ever so much Charles!
ven
Dec 22, 2010 @ 05:07:41
can system tool 2011 uninstall by itself? i lately got it due to a link a clicked on fb. the other nite a google it n found out it was a fake antivirus n i deleted sum of the files but it wasnt completely uninstall.a few mins ago i decided to google it again n i was reading this article at dat moment my pc auto. shut down n when i restart it i didnt c any of the system tool pop ups n i can access all the programs on my pc. can u tell me wat is goin on here? btw when my pc restart a message pop up from microsoft windows saying ur windows has recovered from a serious error
saharabee
Dec 26, 2010 @ 21:30:50
I just got this yesterday Dec. 25. (What a great Xmas gift.) I could not use any of my regular tools to get rid of it (eg. Norton or Restore) as it is now diabolically configured to paralyze or shut down if you invoke even Control Panel or Windows Help or anything that might help you. Of course the ability to log on to the web and buy their supposed product (which they imply is a Windows product) is not impaired. I was finally able to locate the start-up and executable apps and rename them so they would not run, and then clean up. I believe this was a trojan set to fire up on XMas day (when people are harried and more likely to opt for the solution offered to them on a platter for a mere 20 bucks.) I wonder how many people they have scammed?
As a victim I am incensed. As a retired software engineer I am somewhat in awe. The executable is tiny but does all the right things to push the right psychological buttons and render you helpless.
Fran
Dec 27, 2010 @ 17:11:26
I got hit with this virus while visiting my parents and was so close to just throwing the PC out of the window. I read the comments and also did what Charles suggested and it worked. Thanks Charles and Rougeamp. You guys saved my sanity!
Charles said:
All you have to do is enter the serial key to register “system tool” and follow the rest of the steps. The key is WNDS-S0DF5-GS5E0-FG14S-2DF8G. This is from rogueamp’s youtube video. I did this yesterday and it worked beautifully just when I had just about had it… Thank you rogueamp – you are the man
.
E
Dec 28, 2010 @ 00:35:26
I got hit with this one last night. Do a hard shut down, with the power button, open in safe mode…DO NOT ADD THEIR SOFTWARE!!!! If you give them your info you WILL be in some serious trouble for having given out your personal info. I wouldn’t use the fix of the code listed above eithere, just allows the Trojan to stay there and do it’s dirty deeds. HARD SHUT DOWN WITH THE POWER BUTTON, AND DO A SYSTEM RESTORE, RE-INSTALL YOUR ANTI-VIRUS AND ALL ANTI VIRUS UPDATES…ALSO GO TO SYMANTEC’S ONLINE VIRUS SCAN.
joe
Dec 28, 2010 @ 15:21:13
dont enter the registration code! follow the instructions given by jj and it will work! id recommend doing it at least everyday for a few days because the virus has a habit of resurfacing. DONT ENTER THE REGISTRATION CODE IT WILL MAKE IT EVEN WORSE.
LadyT
Jan 01, 2011 @ 08:39:51
The quickest way to remove system tool virus is to go into your files and delete the one that doesn’t belong. Its kind of like a game…spot the folder that doesnt belong mixed with wheres waldo!. Here are three different methods to try.
1)First of all before you start in ‘safe mode’ see if theres an icon labeled ‘system tools’ on your desktop.
2)If so right click on it and select ‘go to file location’. It should take you straight to the ‘virus’ so you can delete it.
3)In order to delete the file you may have to rename it first.
4)Also make sure you delete the icon from your desktop.
______________________________________________________________________
Start your system in safe mode. To do this you restart & while booting up you tap the F8 key right before windows starts. A screen should come up where you can select ‘Safe Mode’. Once in safe mode…
1)Go to your start menu.
2)Then click on my computer.
3)Double click local disk C
4)Click users
5)Go to your folder (whatever your login name is) click it.
6)Click on AppData
7)There should be 3 folders there (local, locallow & roaming) or whatever.
8)Make sure you have your folders set up so that you can see the ‘date created’. How do you do this? Right click on the little space above your folders labeled (name, type, size, etc) right click here and make sure ‘date created’ has a check next to it.
9)Okay if your folders are set up like that. Click thru them until u see a ‘suspect’ folder name, such as ‘ieh338rhafb’ or something crazy like that. If you click on that folder it should have a ‘system tool’ app inside. Delete the entire folder! & make sure you delete it from the recycle bin.
10) If you’re having trouble locating the folder this is where your ‘date created’ heading comes in…you can actually look for all folders that were recently ‘created’, until you find the weird labeled suspect one ‘afljefjah’. If the ‘system tool’ pop-up started on 1/1/2010 @ around 2am as mine did, then I would look for folders created on 1/1/2010 @ around 2am.
_____________________________________________________________________
If it’s not found here my next suggestion would be to look more specifically in the temp folder for this ‘suspect’ folder. To get to your temp folder go to START and type in %temp% this should bring the folder up.
ph
Jan 01, 2011 @ 17:54:31
Lady T — followed your instructions and it’s still on my computer. Except now the folder is gone!
Now what???????
klb
Jan 03, 2011 @ 13:55:35
I followed the you tube video as advised by Charles, my computer is now sorted after many unnecessary hours spent doing safe starts etc. Thank you Charles
Charles
Jan 03, 2011 @ 19:55:50
I’m wondering if these people that recommend not “registering” system tool with the serial key actually work for system tool. Eithere that or they love doing things the hard way.
Chris
Jan 04, 2011 @ 01:31:10
This might help just removed this virus.If u boot up in safe mode with network download norton360 trial run full system scan, will quarantine fake av system tool 2011. use regedit and go to the one key at top of page and delete then you could restart Windows in normal mode.
John
Jan 05, 2011 @ 01:07:27
I did the registering of System Tool with the about serial key noted about. Thanks Charles! I was working on this for 1.5 days in safe mode. I
T
IT ACTUALLY WORKS!!!!!
justine j
Jan 05, 2011 @ 08:46:56
thanks jj.you saved me from this dark virus .
Ben
Jan 06, 2011 @ 10:08:14
I was in LUCK! I have TWO (2) accounts on my laptop with Windows7 and i could reboot and download Malware Bites (freeware)with the account that i never use! EASY as pie, all traces of System Tool 2011 are GONE, i even got rid of a virus that i found a long time ago with Spybot but never could get out.
Dave Moore
Jan 06, 2011 @ 14:09:50
I don’t recommend calling the help line offered by Stopzilla to those who are unable to download their free anti virus product. They mislead me into thinking that my system was totally corrupted and wanted me to pay for a technician to help me the problem, (as this was the only way). As well, they bad mouthed other products. I did not pay for their service and was able to get rid of the virus on my own with the help of a friend.
Kyle
Jan 06, 2011 @ 22:42:34
I entered my credit card info into System Tool choosing the 1 year $59.xx subscription option, rebooted the PC, and called my bank to cancel the card. I was subsequently charged $79.90 by “GETURSOFTWARE.COM”. GETURSOFTWARE.COM is a phony front website; it’s totally fake and it was registered by a third party in the Netherelands.
GETURSOFTWARE.COM Registrant:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note – All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Person
Jan 07, 2011 @ 03:48:41
The FBI needs to step it’s game up and track down all these virus makers, especially Stuxnet.
Laurence
Jan 07, 2011 @ 15:46:44
READ THIS!!
Don’t listen to half of these fixes, I would bet some of these people are actually involved in the System Tool virus in some way.
Anyway, all you have to do is hard turn off your PC (by holding down the power button)
Turn it back on.
Enter safe mode.
Search “system restore”.
Go back to the last date your computer saved itself at.
DONE!! The whole process takes like 3 minutes.. What a fail virus.
Lisa
Jan 08, 2011 @ 13:43:38
Laurence,
Just want you to know that the system restore does work, but when I ran the software advised by jj afterwards, just as a precaution, there were still dangerous files associated with this virus that had to be removed. And, each program found a different file or set of files. He/She knows what they are talking about. I suggest you take the extra step.
Lisa
Paul
Jan 11, 2011 @ 11:24:06
The you tube code didn’t work for me, said it was invalid. But putting my laptop into “safe mode with networking” (F8 key when starting up) and downloading malwarebytes and running it worked for me. The scan picked up 2 infections almost immediately but then took about 40 minites to scan the rest of my laptop before removing the system tool extortion bug. I could then update my microsoft security essentials and scan again.
Fingers vrossed.
Just need to hunt down the purpetraitors of thins thing and string them up by the goolies now.
Paul
Paul
Jan 11, 2011 @ 11:30:25
Charles said:
“I’m wondering if these people that recommend not “registering” system tool with the serial key actually work for system tool. Eithere that or they love doing things the hard way.”
I tried it several times but they must have caught on to it now and blocked the key code. These people work on the gullibility and fear factor of their victims, I don’t suppose they need to lay false trails in sites like this. I guess if only one person in a thousand pays up they’ll do pretty well. It really is criminal and the public needs protecting from these extortionists.
Paul
Sarah
Jan 13, 2011 @ 01:03:18
I started my Windows in safe mode with networking and from there did a system restore to a previous date, I restored it to a couple of weeks ago, just to be safe and because I am not sure when I got the virus or where from.
And it was gone from my laptop completeley, I then installed another virus software and did a full scan and nothing appeared.
Literally takes less than 5 minutes to remove the virus, and is successful and safe.
Colin Barrett
Jan 13, 2011 @ 05:32:23
Removal from my system was simple, since the program (foolishly) put a shortcut on my desktop allowing me to trace the program itself. It was in c:\DocumentsandSettings\AllUsers\ApplicationData, and on my system was named iNdFd06600.exe. I booted in Safe Mode with Networking (disabling the program), deleted both the program and a folder labeled iNdFd06600, emptied the recycle bin, rebooted in normal mode, deleted the shortcut and again emptied the recycle bin, and it was gone. Look for the shortcut and trace it back as I did, or just go to that directory and delete anything that looks odd.
Lance K
Jan 13, 2011 @ 10:57:10
Got it at midnight, came here about 2:30 after having almost all attempts locked down by the program, including failure to System Restore through Safe Mode, input Charles’ key, gone! All systems restored, no trace in two scans. I will inform later if it comes back.
David Grant-Wilkie
Jan 14, 2011 @ 12:12:51
Picked this little bugger up last night. Thanks for all the info. Will have a go at deleting it tonight. I would be wary of just entering the serial key as these buggers won’t want to let go anyone they’ve hooked. Entering the key may cure the problem for the moment but the virus may still be lurking in the system ready to reappear again in the future or to spread to other PCs. Run all the anti spyware programs you can find as well.
Toney
Jan 16, 2011 @ 04:17:18
Brandon in item 8 was dead on…it was very easy and completed immediately!
craige gleich
Jan 16, 2011 @ 19:07:44
Dear sir/madam,
i have atempted to contact you before. no answer
i purchased your tool 2011 and this has not fixed my fault as promiced.
i would like a refund for cost.
Regards
Craige Gleich
Doug
Jan 17, 2011 @ 14:19:25
Had this problem…Followed Charles advice above. restarted and it was gone.
DONALD CABINESS
Jan 17, 2011 @ 23:46:48
I had this problem also. worked hours trying to fix this problem. to the point I had to purchase your software. i need a re fund and I am going to report this to fedxeral athorities
Edwin
Jan 22, 2011 @ 09:42:54
I got this virus a few days ago. Nothing would open not even several antispyware and anti virus I had installed on my PC. Of course i knew the “alerts” were fake and all they wanted to do was get my money.
Check this out though… I reinstalled my OS and once I had the OS reinstalled and all my drivers updated I ran Malwarebytes Anti-Malware and it found the SystemTool 2001 still on my drive.
Pardon the expression but how the F did both
Trojan.FakeAlert and
Rogue.SystemTool
remain on my harddrive after a completely fresh installation of the OS??? Thats’ F-in wierd!!! I”m in the processof downloading a few of my favorite antispywares and cleaning it all up.
Dave
Jan 25, 2011 @ 16:44:42
Some good suggestions here. I am fixing this for a client, and personally was not going to try “registering” this nonsense, no matter how many people said it worked. Removing is the only sensible approach. Here’s what worked:
For Windows XP:
1 – Boot into Safe Mode with networking (hit F8 repeatedly while booting up). Download and run Malwarebytes (I had it on a thumb drive, and like others here discovered it would not work except in Safe Mode). It picked up 248 entries – Sheesh!). DO NOT LET MALWAREBYTES REBOOT YET – it will immediately started loading System Tool again
2 – Hit the Start button, Run, REGEDIT
You should see the very top key, which is “Runonce”. Under Runonce will be the offending key, so check it out and write down the randomly generated name of your version of this System Tool virus. In my case it was executing the following command at startup (Runonce): Documents and Settings\All Users\Application Data\bafLi11500\bafLi11500.exe
That tells you the name of your enemy. After making note of the name, right click and DELETE that key. Now while still in the Registry Editor, Click the EDIT pulldown, FIND (bafLi11500 in my case, yours will likely be different) DELETE and then FIND NEXT until you’ve found and DELETED all keys associated with it.
3 – Close Regedit and open up My Computer, navigate to that path above and delete the entire folder from your Documents and Settings (bafLi11500 in my case)
4 – Empty your Deleted Items, and reboot
5 – Try again to teach your client (or yourself) that nifty games and weatherebugs, etc. etc. should not be trusted.
Good luck.
tom
Jan 25, 2011 @ 23:57:34
Dave (42)
I tried the registration code from rogueamp but the code was invalid. so i tried it your way and i got the little bugger off. thanks alot.
I did have to use a round-about way to find those files but i tracked them down and killed it. whew. my accountant would have been pissed.
Jmal
Jan 28, 2011 @ 01:28:40
GUYS,MAKE SURE TO UPDATE UPDATE UPDATE MALWAREBYTES!!!! this is the fourth time i’ve gotten one of these, the third time i got it, i ran malwarebytes without updating, it found some infected files but did not fully remove it, this time the first thing i did was update, my malwarebytes found 5 infected objects, restarted and virus was gone, UPDATE UPDATE UPDATE!!!! malwarebytes updates like everyday! don’t ever think there isnt an update for malwarebytes.
Tsecub
Jan 28, 2011 @ 10:32:40
I was infected with system tool virus and I was going nuts trying everything I knew (which is not very much) to get rid of it when in my desperation I logged into this page and saw what Charles had to say as soon as I copy the serial number for system tool a new window appeared saying my registration was accepted by system tool 2011, and my problem was cleared THANK YOU Charles you must be a very smart fellow. for now I am still trying to eliminate every trace of it
So my appreciation and sincere thanks to you. I can not afford to buy the expensive protection software and rely mostly on the free programs available on the internet. so if you have other suggestions about how to survive this attacks please tell me my email is tsecub@hotmail.com and thank you again you saved my sanity
Kenneth Lieb
Jan 28, 2011 @ 21:38:16
Earlier this month I received the warning screen about virus. I decided to purchase your services to clean it. My account was debited $79.95 to Installthateasy.comBAKU date 01/09/11 7412929100900622165109. Shortly thereafter I found another debit to my account for $99.90 to Getursoftware.com BAKU date 01/10/11 7412939191000622604789.
What is the story here?
Nima Avesta
Feb 02, 2011 @ 11:51:31
Hello!
Earlier last month I received the warning screen on my desktop. I decided to purchase your servics to clean my PC. My account was debited $79.95 to Installthateasy.
For abut 3 weekes ago I have pay 79 usa dolars for by a life time antivirus from yours company,but stail I have not your antivirus program.
/Nima
I REMOVED SYSTEM TOOL!
Feb 03, 2011 @ 04:06:54
To remove this you should do this:
1) Restart your Windows
2) Boot it to safe mode by pressing f8 repetitively wgen booting
3) Choose safe mode with networking, hit enter
4) When logged on, go to malwarebytes.org
5) download free
6) choose one of the sites to download from
7) install
8) go to downloads program, click it, install it (2)
9) click run
10) click quick scan
11) when scan is done, will show you all the infected items. remove by clicking the button of removal.
12) go back to regular mode
13) remove program system tool 2011 virus to recycling bin once or twice when you are sure it is removed
14) go to recycling bin and empty it.
Andy T
Feb 06, 2011 @ 22:37:41
I paid 70.00 dollars for system tool 2011 because it fakely warned me of viruses and then put them in my computer its self i went through a hassle to uninstall and strongly think i should recieve a refund this is a malware and very misleading and falsely advertising system
Nhat
Feb 08, 2011 @ 01:35:51
Thanks Charles so much. I did by your way: enter activation code WNDS-S0DF5-GS5E0-FG14S-2DF8G . And now, my laptop works normally.
Varun
Feb 08, 2011 @ 16:04:11
Heyy, i ve registered system tool by entering the code WNDS-S0DF5-GS5E0-FG14S-2DF8G …but itz still in my pc….i wanna know if itz activated or de-activated…..please help me out…..
boatboy
Feb 09, 2011 @ 15:20:33
ran malwarebytes in safe mode and removed 30 infected objects from vista laptop with this infection.
seems okay now. another strike for malwarebytes! sophos is usually good too.
Khos
Feb 09, 2011 @ 20:21:04
Friends’s machine recently (9 Feb 2011) got hit by System Tool.
Runs Windows Vista Home.
Used following deletion;
#Reboot
#F8 Startup: Safe Mode w/Networking
#Installed MalwareBytes
#Full Scan
#Clean (Restart later)
#Located files linked to Registry (c:\Program Data\cBeDplk08514\..)
#Delete
#Located “$%&£@$&” files in c:\temp\
#Delete
#Located System Tool Registry Key
#Delete
#Reboot
Hallelujah!
TrickyLeg
Feb 10, 2011 @ 03:05:29
This virus removal works on virtually all Microsoft Windows OS:
1) Restart Windows in Safe Mode. (Hold F8 key while your booting, and use the arrow keys to select Safe Mode). This will protect you from starting any uneccesary programs while you maneuver around.
2) Go to the “Start Menu”, “All Programs”, and click “Startup”.
Here is what to look for in Startup-
Suspicious files names with lots of numbers and letters, that give no information about the content. Like this-
“C:\Temp\dsxEgfc808dsib\dsxEgfc808dsib.exe”- (That is the actual file name of the System Tools virus).
Also look for any files that you do not recognize, healthy system just contain files that you install and download, recognizable files. Google search the name of each entry to help determine if it seems legitimate or bogus. Especially look for anything with an extremely random name (such as dsxEgfc808dsib).
Delete suspicious files (send to recycle bin). You may or may not find anything here.
3) Next, hold down the “Windows” button and hit the “R” key to bring up the “Run” box. Type “regedit” to bring up the “Registry Editor”.
4) Maximize this window and notice there is 5 or more folders labelled “HKEY” something on the left side. Go to “HKEY_CURRENT_USER” then within that expand “Software”, then “Microsoft”, then “Windows”, then “CurrentVersion”, then click on “Run”.
After clicking on “Run”, some items should appear in the right pane of the screen. The first one will always be “(Default)”.
Check here again for suspicious files, again the example with me: “C:\Temp\dsxEgfc808dsib\dsxEgfc808dsib.exe” or something similar. This is definitely a bad sign, and this should be sent to the Recycle Bin.
An example of a normal file would look something like this: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”. Legitimate words, and identification.
5) Next, Go to the “Run Once” Folder, right under “Run” that you were just in, and check there for bad files.
NOTE!!! – There usually will only be 1 or maybe 2 registry entries in all of these places that will actually be suspicious. Don’t get too Delete-Happy!
6) Empty your Recycling Bin, Restart Windows in Normal Mode, and do a Victory Dance!!!
seriously mad man
Feb 11, 2011 @ 16:22:35
Well since I can find those guys through the cc purchase/cancellation I did, I’m going to take my next vacation to new Zealand and have a little beat down while I’m there. For all its worth, people who cause this much trouble to the public need to be found and sent to life in prison.
mohan
Feb 12, 2011 @ 06:55:30
i already have this system tool software but it loose i need 1 more link to download . i recendly buy this
Fix-Runll32-exe
Feb 15, 2011 @ 09:49:18
Wow,my problem has been solved by your method.thanks very much.
John
Feb 17, 2011 @ 16:41:25
@Khos (#53)
Excellent how-to
thank you tons!
took about 2 hrs but now basck 2 normal
Robert
Feb 18, 2011 @ 21:58:39
To suggest that this attack is best avoided by not browsing “illegitimate websites” is a misunderstanding of how rogue security tools such as this are distributed, and will give users who think they only go to “safe, reputable” websites a false sense of security.
There is no such thing as “safe web browsing” these days! The attackers use massive, automated tools to compromise legitimate web sites. Then they drive users to the compromised pages by building pages full of content ripped from the recent hot topics, breaking news etc, so that they get listed high up in search engine results. Victims then get exposed to these pages just because they happen to be googling about something popular, have clicked on a link to a legitimate site with a good reputation, and have no way of knowing it was actually an infected web page which will infect you with this malware as soon as you view the page.
So you can not avoid this just by “safe web browsing”. The way to protect against rogue scareware is:
1) Use the latest version of your web browser, and always install the latest security updates both from Microsoft and from Adobe for acrobat and flash. (This protects you against the exploits used to install the malware from the malicious web page.)
2) Keep your Anti-Virus / security suite up to date! Use a product with good proactive detection of new threats, backed up by run time behavior blocking, and web filtering with up to the minute web reputation updates.
3) Use the security features of the latest version of internet Explorer, or Firefoxes “noScript” plugin to block scripts by default. Only allow javascript on sites that you regularly visit and trust. That way, even if the first script on a hacked legitimate site still runs, noScript will still block the next script on the attackers site, stopping the installation of the malware.
Roger
Feb 20, 2011 @ 05:46:31
Using regedit in windows system32 just deleate the registry entry. It kills system tools. Then clean the system with the malwarebytes program.
Far
Feb 21, 2011 @ 05:35:23
Try the code mentioned above and get it installed. then use system restore under start- accessories and go back a couple of days.
Mo
Feb 23, 2011 @ 02:48:21
thanks JJ :)
Mike
Feb 24, 2011 @ 04:52:54
Try this on for size:
1- Boot in Safe Mode (tap f8 before windows loads)
2- Go to search, in wich you search for the following: *.exe
*might take some time in safe mode
3- Display files by “date modified” and you should see, amongst the younger files, a file (or more) like this: seddfm.exe (random letters) .
4- Right-Click and choose “delete”, confirm, reboot, voilà!
Lisamb41
Feb 24, 2011 @ 16:34:41
This system tool is a rogue virus, I just got it this am and the information on this website needs to be updated. It WILL NOT ALLOW you to hit control alt delete it tells you it’s infected with a virus. It even told me that mozilla and IE and adaware were infected with viruses. Also the idiots that programmed this so-called rogue virus can’t spell eithere the screen showed on my pc exactly like the one listed above however, the prick spelled your’re that way learn to spell before you pass out viruses morons. You need to do a full system restore to get rid of this virus, and the next time you fully restore it, download malwarebytes immediately, first hand. Thanks i hope these jerks get caught i’d love to slap em!
Emz
Feb 26, 2011 @ 21:37:28
Just wanted to say thanks for the comment by Charles in Dec 2010… this “system tool” virus somehow took over my laptop… but I did what Charles suggested… and (*fingers crossed*) it’s all working fine now! THANK U!!
Charles said:
All you have to do is enter the serial key to register “system tool” and follow the rest of the steps. The key is WNDS-S0DF5-GS5E0-FG14S-2DF8G. This is from rogueamp’s youtube video. I did this yesterday and it worked beautifully just when I had just about had it… Thank you rogueamp – you are the man
.
kevin
Feb 27, 2011 @ 06:26:49
I got it out by re starting computer,on re opening I went to my security and turned on firewall and malware settings that were off for some reason.
me
Feb 27, 2011 @ 16:01:43
whew i’m one of the victims of system tool just search how to remove it.. it takes me one hour to do this..
Bill H
Feb 27, 2011 @ 20:18:27
Wow. All the people who believe these random, and very similar “I put the code in and it worked!!!” posts are ridiculous. Why would you do it? Why would you pay for something that is so obviously fake?
Mally
Feb 27, 2011 @ 21:52:53
the codes are free Bill
Mark
Feb 27, 2011 @ 22:37:50
Just want to say thank you this was a great help.
helen
Feb 28, 2011 @ 09:36:51
just want to thank you all for your help put in the code and it worked
what a relief thanks
Richard A
Feb 28, 2011 @ 11:56:57
I put the code in and the warning signs disappeared. However this does not mean it is off your system. Make sure that once you have got your PC operational you then get all traces of the program removed. It is still in the background and could be taking your personal information with it
Diablo666
Feb 28, 2011 @ 17:51:49
A very friendly and helpful TMobile callcentre worker gave me this solution:
1, switch on your PC and force it to run in safe mode.
2, use system restore (in safe mode) to restore back to a date BEFORE this “System Tool” Spyware appeared.
3, allow Windows to reboot on itself.
Bingo, its gone!!
Hope this helps you all
alo
Mar 01, 2011 @ 09:41:53
it relli worked…thanxxxxx to alll:)
Hippo
Mar 02, 2011 @ 05:16:58
Have had 2 instances of this and I dont frequent dodgy sites. It has just been put up on adverts on genuine sites over here in the UK. They sneaked the code into an advertising server but have been stopped now. Nobody knows how much pc’s are infected. The advice on here seems about right although id say spybot search and destroy does the job just as well as malaware bytes.
General Soreness
Mar 02, 2011 @ 14:38:26
Thank YOu Fran,
I have spent 6 hrs on this. Could not get into safemode, so I was stuffed. You registration worked number and now I am able to download all the software to get rid of the little bugger,Fran YOU are the man, if you don’t mind me saying so !!
General Soreness
Mar 02, 2011 @ 14:41:49
Charles,
Actually you are the man… goodnight and thankyou.
maine
Mar 04, 2011 @ 02:39:37
how will i remove the system tool ? the task manager has been disabled by it. it’s so annoying. i can’t finish my works and projects. how did it get to my computer ..
thank you
JC IT Guru
Mar 04, 2011 @ 10:52:47
OK, the easiest way to get rid of this virus :
Turn off your PC / laptop whatever.
Restart it, hit the F8 key repeatedly while Windows is starting up.
Choose Run In Safe Mode With Networking.
Once your system is running open up a web page.
Go to google and type in malwarebytes. Download and install the free version of malwarebytes.
Run malwarebytes full system scan. Delete all viruses and trojans the program finds, which will be a lot with this system tool virus.
Restart Windows.
Fixed.
In response to others above, expensive antivirus software such as macafee, norton etc is a waste of time, once your licence is up those programs actually hinder your computer until you buy a new licence. Sneaky. If you ask me its these companies who are writing the viruses so they can sell there software to the masses.
Use Avast!Anti-virus, which is free, as an alternative and stop paying for something you don’t have to pay for.
Anca
Mar 05, 2011 @ 09:19:36
I entered the code and it also worked for me. But I still have a problem: the Malwarebytes Antimalware does not find any infected files. I also tried to search in registry but did not find anything with a strange name. It just seems to have disappeared and I don’t know what to do so I can be sure I really got rid of System Tool
louis
Mar 05, 2011 @ 17:56:43
whats the phone nummber to ur company
Steve
Mar 06, 2011 @ 15:35:59
I tried to follow the steps right away. I could not find what you told me to look for. Then again, I follow steps fairly well. I’m sure from reading your help people get rid of this problem is horrible for people out there to infect you a with a virus. Not a real virus, but when it interferes with your system all the time. I guess that is in essence a virus sure wish you could help me resolve this problem may I add the sure is a lot evil out there
will
Mar 06, 2011 @ 20:41:40
Some of these “so-called” removal techniques sound very fishy to me!! – The BEST & ONLY way to be sure of getting rid of the system tool virus is to reinstall your Windows operating system from scratch, using the recovery disk that came with your PC. Be aware that this course of action completely wipes your hard drive of all data!!! You should have back ups of your pictures, videos, documents etc. If you haven’t made back ups then you deserve to be hit with a virus! Anyhoo, boot from the recovery disk and follow the instructions. Once it has reinstalled Windows (it takes a couple of hours), you will have a PC in exactly the same condition as when you first proudly brought it home. You will however need to install your broadband, printers, etc with the CD’s you got from your provider.
There is a case for reinstalling Windows every so often anyway, to clear away all the hidden junk that accumulates.
Wayne
Mar 07, 2011 @ 12:56:41
Easiesty way to get into safe mode is to do the following. Whilst computer running pull out power cable. Restart and it will auto load into F8 options so you can select safe mode. For a laptop remember to emove the battery first and then pull the plug
magdalena
Mar 07, 2011 @ 18:45:47
no asepta mi targeta
irish to the core
Mar 07, 2011 @ 22:17:35
This can be removed in safe mode by running regedit.
The problem is it creates a random executable filename. You can find this name by gooing to Start – All Programs – System Tools. Right click on the actual shortcut and then Open File Location. That will give you the executable name. Write it down and then reboot to safe mode.
Remember when you run Regedit, you must be in safe mode as this rogue will try to protect itself by intercepting Regedit. It will tell you Regedit.exe is infected. Yeah, right. Just do it from safe mode and it will work.
In safe mode click start – run. In the run box type regedit.exe. Then go to HKeyCurrentUser – Software – Microsoft – Windows – CurrentVersion – RunOnce and remove the entry. If there is no entry for it there, try Run. I’d also check the same path in LocalMachine
anne
Mar 07, 2011 @ 22:27:57
i had system tool it said my security suite was infected i ran scans but all came up with no virus but system tool was still on my computer i then done system restore it seems ok now but is it still hiding in there somewhere and do i need to do anything else
Jess
Mar 09, 2011 @ 18:39:48
DO NOT enter the code that some of the people have posted. All this does is allow the program to stay on your system and collect information over time.
Also, DO NOT pay for the program (obviously). Giving away your personal information is never a good idea.
Follow some simple steps to get rid of the virus:
Shut down your PC
Work in “Safe Mode” (tapping F8 repeatedly during restart)
Begin a system restore from 1-2 weeks prior of obtaining the virus
If the virus appears to be missing, update your current virus protection program.
Avoid getting the virus again:
Stay away from unsafe sites
Do not open e-mails from senders you do not recognize
Do not follow links given by recognized senders unless told in person (some viruses can hi-jack an e-mail address and send massive amounts of e-mails to its contacts encouraging them to follow the links provided i.e. “Check out this video from last week’s party.
Happy Chappy
Mar 13, 2011 @ 22:36:25
Thanks charles, code worked great and also went to safe mode to delete the system tool which is located in c/documentsettings/allusers/application data and was called (random no’s and letters). The said folder was only 1kb in size too. Once rebooted no sign of system tool. Yippe ky a.
Steven
Mar 14, 2011 @ 02:28:26
Ok so I had this about a week ago.
It got to the point where it wouldnt even let me connect to the internet. So I deleted two things I recently saved to see if maybe it was those items that caused it and now my computer seems to be working fine.
Is it really gone?
Audrey
Mar 15, 2011 @ 03:46:15
As of march 2011, i cannot even start in safe mode. The virus somehow deleted a file and stopped windows from starting in safe mode. put in charles’ code and worked beautifully. System tool took off immediately. Did a malwarebytes afterwards to clean off any debris.
Nick
Mar 16, 2011 @ 23:20:02
I got the dreaded system tool last nite so today after work i decided to try to get it off my computer. I read almost all the comments on hear and this is what i did. First i went on another PC and downloaded spyware doctor saved on a disk,then i loaded it on to my infected laptop.then i shut laptop down restarted in safe mode (hit f8 when turning on).and instaled program then i shut it down and restarted once more and ran the spyware and did auto fix after it finished i shut it down once more and restarted. Then T threw away the desktop icon and went into programs and deleted it from there. Then I ran spybot search and destroy you can download for free. And all is well laptops working fine. No more virus.
Gabe
Mar 20, 2011 @ 08:08:35
Charles, my man! God bless you, bro! I spent like 4 hours trying every kind of ing method I reAd to delete this crap and yours was the only one to work right away. Thank you!
RAY
Mar 22, 2011 @ 21:41:51
Got the Systems Tools virus this morning. It locked up everything. It seems to have gotten smarter than it was in the previous comments as it wouldn’t allow most things to work even in “Safe” mode. Finally went to another machine and downloaded free “MALWAREBYTES” onto a memory stick. Then went back to infected system and started in safe mode again, but even in safe mode would not allow an install until I went back to the other clean computer and renamed the set up folder. Was finally able to install and then update the Malwarebytes program, ran a fast scan and in four minutes it had scanned, identified and removed the offending program plus a few more that had crept in unawares. Had tried a lot of the other recommendations on this page in the preceding four or five hours to no avail, as the virus was blocking everything. I wouldn’t be surprised if the perps aren’t following this comment blog and modifying their virus accordingly when they see someone has developed a work around.
Jennifer
Mar 22, 2011 @ 22:11:11
Hi, My name is Jennifer Ciszek. Does anyone know the number for System tools 2011. I was freaking out one night last week and decided to download the system . It was a major mistake to do. Besides charging me the 1997 they also charged me the 69.99 a total of 99.90. And I am a young women saving every penny for a place of my own. It made me sick to my stomach. They falsfided the add on the site and you could not remove the dot from above the 1997. I am really upset about it. It was a big mistake , i fell I have been taken advantge of. Please Help.
Paul
Mar 22, 2011 @ 23:32:02
Horrible virus, think i May have to get rid of avast!
How I got rid is:
1 restart into safe mode.
2 system restore.
Job Done!
John
Mar 23, 2011 @ 20:09:06
Jennifer – you HAVE been taken advantage of. There are any number of solutions in the posts above yours that will help you resolve this. Personally, I used Malwarebytes’ Anti-Malware to clear it up. As far as getting your money back – not going to happen. If you used a credit card, I would highly recommend cancelling it and getting a new number. There’s no customer service department you can call – these are criminals, and god knows where they’re located.
Learn from this. Don’t ever pay for anything online that you haven’t sought out yourself. If you’re not particularly computer-savvy, don’t be ashamed to ask for help before you take something like this on by yourself.
Ed
Mar 23, 2011 @ 21:27:52
Youtube code worked EXCEPT that it does not uninstall the fake antivirus! System restore is probably a better way to go…
conny bush
Mar 24, 2011 @ 13:35:11
thanks. i did everything
first of all i tried f8 but that dint work so i used the product key WNDS-S0DF5-GS5E0-FG14S-2DF8G which allowed me to restore my system. then downloaded malwarebytes(the free version) to delete all traces and now I’m free
Trigg
Mar 26, 2011 @ 22:17:42
Followed Charles advice and watched rogue’s YouTube clip and it worked perfect….code worked and it took 15 min to remove and 1hr to scan my PC after, how easy was that…Charles and Rogue, big thanks ?
sjtuk
Apr 09, 2011 @ 05:54:52
A friend of mine got this virus/trojan. The way i got it removed was re-boot the system.
Press and hold F8
Choose safemode (1st option)
Wait for windows to load
Login with your user name
If the System Tool icon is on the Desktop right click and select Properties – open file location
Delete all files in the folder and the shortcut icon on Desktop
Re-boot into Windows (normal bootup)
Then search/download a free tool called TweakNow
Install/Run this program and do a scan
Select Optimize to fix it
You should now have a clean system
sjtuk
claudia sims
Apr 10, 2011 @ 13:15:36
i bought in feb 2011 the progam…and i dont have the registration key…my pc its actin up again…i need help asap.
John
Apr 26, 2011 @ 00:43:36
@Will:
While I agree that a complete re-install of your OS is a very good thing to do once in a while, it should not be the first thing done in response to this, or any other malware. Also, telling people that haven’t recently backed-up their data that they “deserve to be hit with a virus” is a bit harsh. Not everyone has the time (or materials) to back up constantly.
For everyone: I also believe that System Tools is being modified (i.e. newer, tougher versions are being released) as time passes. But there are a few things you should and should not do.
DO:
1) back up all your files on a regular basis as a precaution against any malware attacks. With hard-drive docks (both USB and eSata versions) available, it’s quite easy to do these days.
2) Keep your AV programs up-to-date. Which ones you use is your preference. I like Malwarebytes, MS Security Essentials and Spybot-Search and Destroy. But you can roll with whatever suites you prefer IF YOU KEEP THEM UPDATED! On a side note, if you get certain “paid” suites that allow you to run your browser in “virtual mode” then if you get infected, you just instruct your AV to kill the VM and the bad code dies with the virtual framework.
3) Practice safe surfing methods. And by that I don’t what “kind” of sites you visit. I mean make sure your browser is up-to-date, that your firewall is active, that your AV is running it’s “browser scanning mode” (whatever your AV calls it) and scan every file you download with your AV BEFORE executing it, no matter how much you trust the source.
4) If infected, your best (and simplest) course of action is to re-boot in Safe Mode (F8 key for the vast majority of machines) then do a System Restore. (It should be offered as an option as you start Safe Mode.) After a System Restore, your machine should be clean, but make sure by running your AVs.
DON’T:
1) Panic or become depressed. No matter how tough the malware, there is usually a way to contain and get rid of it. If you are not having any success, just turn off your machine and walk away from it for awhile. It is amazing what it will do for your thought processes if you give yourself some time and come back at the problem later.
2) Actually click on anything malware “puts up” for you to “register, activate, etc.” This usually makes matter worse. Never do what the malware is trying to get you to do. Especially do NOT give out info over links/windows/fields put up by the malware. And, of course, don’t pay anything. As has been stated above by others, this is nothing more than a criminal “ransom” demand.
3) Assume the problem is over just because the malware has suddenly “shut up”. Always run full (not just quick, FULL) AV scans after you’ve re-started in safe mode and done a System Restore. Yes a restart with SR will usually get rid of the problem, but don’t take chances. Run full scans and make sure.
SystemTool
Jun 12, 2011 @ 02:28:50
We removed the virus from the web. You should all be safe.
Regards,
Lisa