System Tool or SystemTool is a fake security program which is a clone of Security Tool. The program is classified as a rogue antispyware tool because detects numerous false infections and displays a lot of fake security alerts in order to scare you into thinking your computer in danger. It hopes that you will then purchase its full version. But you should know, System Tool is unable to detect or remove any viruses, trojans, worms nor will be protect you from legitimate future security threats. Thus, you need to remove this malware from your computer as soon as possible.
SystemTool is distributed through the use of malware that pretends to be flash updates, or even video codecs required to watch an online movie. Once started, it will configure itself to run automatically when Windows starts. Next, the rogue will perform a system scan and report numerous infections to make you think that your computer is infected with trojans, spyware and other malware. Then it will prompt you to pay for a full version of System Tool to remove these threats. Of course, all of these infections are fake and don’t actually exist on your computer. So you can safely ignore them.
While SystemTool is running, it blocks the ability to run any programs, including legitimate antivirus and antispyware applications. The following warning will be shown when you try to run any program:
Application cannot be executed. The file {file name} is infected.
Please activate your antivirus software.
More over, System Tool will display a lot of false security alerts and nag screens. Some of the alerts:
System Tool Warning
Intercepting program that may compromise your privacy and
harm your system have been detected on your PC.
Click here to remove them immediately with System Tool
System Tool
WARNING 23 infections found!!!
System Tool Warning
Some critical system files of your computer were modified by
malicious program. It may cause system instability and data
loss.
SystemTool will also replace your current Windows background with a fake security warning that states:
Warning!
Your’re in Danger!
Your Computer is infected with Spyware!
Of course, all of these warnings and alerts are a fake and like scan false results should be ignored!
If your computer is infected with SystemTool, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove System Tool and any associated malware from the system for free.
Symptoms in a HijackThis Log
O4 – HKCU\..\RunOnce: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe
Automatic removal instructions for System Tool
Step 1. Reboot your computer in Safe mode with networking
Restart your computer.
After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.
Instead of Windows loading as normal, Windows Advanced Options menu appears similar to the one below.
Windows Advanced Options menu
When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.
Step 2. Remove SystemTool and any associated malware
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for System Tool infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove System Tool. MalwareBytes Anti-malware will now remove all of associated SystemTool files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Step 3. Reset HOSTS file
System Tool will change the Windows system HOSTS file so you need reset this file with the default version for your operating system.
Please download OTM by OldTimer from here and save it to desktop. Run OTM, copy, then paste the following text in “Paste Instructions for Items to be Moved” textarea (under the yellow bar):
:Commands
[resethosts]
Click the red Moveit! button. Close OTM.
SystemTool removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
System Tool creates the following files and folders
C:\Documents and Settings\All Users\Application Data\{RANDOM}
C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe.
SystemTool creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\{RANDOM}
Thanks! I got hit with that Systemtool thing and within an hour I was back to normal.
This just happened to me and I can’t even get into safe mode. It won’t even let me do that? any suggestions?
My computer won’t let me connect to the internet in safe mode to download malwarebytes??? What am I doing incorrectly?
By the way, when I boot up regular I have no problem connecting.
Wow, thank you. Your instruction saved my day. I did not get any problem to fix it as guided. Thanks!
It actually worked and I know nothing about this stuff! Thanks a million!
Shane, try the instructions that i have posted above (answer to broigel and Jason,omment by Patrik — January 1, 2011).
Brenton, you need to use “Safe mode with networking”
Patrik, even my Internet Explorer isn’t working. It opens and says Connecting… and then the tools menu only lets you click on “Compatibility Settings” and “Suggested Sites”. ????
I am currently using mozilla firefox.
I am on a company network and when I reboot it will not allow me in to the screen to go into safe mode. How can I get around this to get rid of the System Tool virus? Thx
Wonderful info, worked like a charm.
THANK YOU, THANK YOU!!!
What a relief! Thank you
my husband fell for this scam and ordered the full System tool program. Was supposed to be $59 and they drafted our bank acct for 79.90 and 8.63. Help??? I will use above info to remove but how do I get my money back?
Thanks for the help. With the combination of Malwarebytes and HijackThis, I was able to get rid of this mess. A couple of tips:
1. Be sure to download the updates for Malwarebytes before running it. I didn’t do that the first time, and I still had System Tool.
2. To be sure you can download the updates, use a wired connection to your router. I found that I could not get a wireless connection in safe mode, so that’s why I ran Malwarebytes the first time without the updates.
Thank you thank you thank you!! you saved my life and education!!!
you have no idea how much this means to me!
Works perfect!
Thx 🙂
Thank you,
I had no problem removing system tool folling the instructions provided.
woow thank you so much this was really helpful saved my day,one question though, what type of sites should we avoid allowing this to happen again?
It does work exactly as you recommended. Many thanks for your professional assistance. Best regards from Geneva, Switzerland.
many thanks for this – the steps worked & the system tool was removed quickly & easily. Many thanks for your help!
I just did it!
I spent all day trying to get rid of that freakin thing.
I have McAfee(piece of s…t) it let it thru.
I coudnt get my PC to the Safe mode until I hold the F8 key down right from the point of shutting down to start (my PC dont make any beeps when it starting up). Then I got to the Control Panel and click on Recovery. It works like a magic!
It restored my system to as February 24, didnt effect any of my documents and freakin thing is GONE!!!!!!!!!
I hope it will never come back!
I think the problem started when I downloaded Explorer 9, but I’m not sure.
Good luck to all of you!
P.S I run full scan for 2 hours with McAfee before I did “Recovery” – and it didnt detect anything!!! Is that something!
Just want to say a MASSIVE THANK YOU to Patrik for the advice! I have just had a mare of a Saturday night when my computer got infected with System Tool. Your Internet Explorer advice eventually worked and my laptop is (hopefully) fixed. If my friend Amie hadn’t found this advice on the net I dont know what I would have done. Thank you so so so much, I cant thank you enough!
Just got infected by System tool and removed it in under 10 minutes without using safe mode or downloading anything. Solution is simple: reboot your pc, and the very split second your desktop appears press Control+Alt+Delete to launch Task Manager. Under Processes you will see an application whose name is an incoherent string of letters and numbers appear, that is the System Tool virus. Highlight it, click End Process. Now you have all the time you need to find where the virus saved itself on your C:/ drive (usually it’s under program files, program data or in a temp folder) and kill it.
Note the virus normally prevents you from starting Task Manager. For the above to work you literally have to execute the commands I described in under 4 seconds which is the time it takes for the virus to launch itself. Within 3 seconds of having launched the virus will shut down Task Manager. It took me 3 tries to be quick enough!
Bloody awesome. Thanks heaps for your help. Well laid out and easy to follow – even for an absolute non-techie like my husband. Cheers all.
The MBAM scan says the system tool is gone but my computer is running so slowwww. What did I do wrong?
This is what I have, but my computer will not start in safe mode at all. Any suggestions? I have a recovery console option for start up.
thank you so much i have been going out of my mind with this nasty little virus thanks to this ite my pc is restored and all the iteunes music for my wedding is back instead of being infected an excellent site many thanks
Shelly, contact your credit card company and tell them what has happened.
I am having a real problem with this. All I get is a blank screen. On reboot I can get to f8 menu but even when choosing safe mode I get a blank screen. If I press ctrl alt and delete it seems to restart the computer and the whole process starts again ending with a big blank screen!
How can I remove the virus? Any help would be much appreciated. Thanks in advance
T