Windows Tool

Updated: October 4, 2011 Rogue 4 Comments

Windows Tool, also called as the Windows Tool 2011 virus is another malicious program or popularly known as rogue application. This type of security threats usually spread by means of a Trojan that specifically penetrates a system by exploiting software vulnerabilities. Infected system will undergo severe annoyances including an excessive display of fake warning messages. Windows Tool will state that computer is experiencing trouble perpetuated by a virus and Trojan. This is just a mere speculation by the fake optimization program to deceive computer users and persuade them to buy the registered version of the program.   Additionally, Windows Tool virus will modify Internet browser settings that will make its home page to be set to a different and malicious web site as default home page Windows registry will go through modification in favor of Windows Tool virus so that it will run when the system starts.

To avoid this infected, it is significant to learn the ways and means how this malware slips into the system. Visiting web site that pretend as online diagnostic tool can download a copy of Windows Tool without your awareness. Other channels of infestation are fake multimedia web sites that require visitors to download a program to be able to watch online movies. If you are unlucky enough to catch the malware, immediately download an anti-malware application. This will automatically remove Windows Tool and other components hidden inside the system.

Screen Shot Image:

Alias: Windows Tool 2011

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Windows Tool Removal Procedures

Manual Removal:
1. Stop Windows Tool process by pressing Ctrl+Alt+Del. Windows Task Manager will open. Look for the following process:
(random characters).exe

2. Update your installed anti-virus program.
3. Run a full system scan and clean/delete all detected infected file(s). A manual removal of virus-related files should also be performed.
4. Edit Windows registry and delete Windows Tool entries as shown below. [how to edit registry]
5. Exit registry editor.
6. Remove Windows Tool start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. System Configuration Utility will open. Go to Startup tab and uncheck the following Startup item(s):
(random characters).exe

7. Click Apply and restart Windows.

Windows Tool Removal:
In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

Using Portable SuperAntiSpyware:
To thoroughly remove the virus, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be remove as well. Click here to download and run SAS Portable Scanner.

Technical Details and Additional Information:

Windows Tool will issue dozens of fake alert messages stating moderate to severe errors on the PC. Some of this warnings contains the following messages:

Critical Error!
Windows was unable to save all the data for the file \System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.

Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.

Low Disk Space
You are running very low disk space on Local Disk (C:).

Windows – No Disk
Exception Processing Message 0×0000013

System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.

If you attempt to fix errors on your computer as indicated above, the program will ask for activation of the full version.

Activation Reminder
Windows Tool Activation
Advanced module activation required to fix detected errors and performance issues. Please purchase Advanced Module license to activate this software and enable all features.

 

Malicious Files Added by Windows Tool:
%Temp%\[Random] %UserProfile%\Start Menu\Programs\Windows Tool 2011.lnk
%UserProfile%\Start Menu\Programs\SystemTool2011.lnk
%UserProfile%\Start Menu\Programs\Windows Tool\Windows Tool 2011.lnk
%UserProfile%\Start Menu\Programs\Windows Tool\WindowsTool2011.lnk
%UserProfile%\Desktop\Windows Tool 2011.lnk
%UserProfile%\Desktop\WindowsTool2011.lnk
%systemdrive%\Users\All Users\Application Data\oHaKo00902
%systemdrive%\Users\All Users\Application Data\oHaKo00902\oHaKo00902
%SystemDrive%\Documents and Settings\All Users\Application Data\[Random Letters and Numbers]\[Random Letters and Numbers].exe
%SystemDrive%\Documents and Settings\All Users\Application Data\[Random Letters and Numbers]\[Random Letters and Numbers]

File Location for Windows Versions:

  • %UserProfile% It is C:\Users\<Current User> for Windows Vista/7; for Windows XP/2000 this is C:\Documents and Settings\<Current User>.
  • %SystemDrive% refers to any drive including external removable devices.
  • %Temp% refers to C:\Windows\Temp\.

Windows Tool Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\RunOnce\”[Random Letters and Numbers]” = “%SystemDrive%\Documents and Settings\All Users\Application Data\[Random Letters and Numbers]\[Random Letters and Numbers].exe”

Alternative Removal Method for Windows Tool

Option 1 : Use Windows System Restore to return Windows to previous state

If Windows Tool enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Windows Tool infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.