System Tool or SystemTool is a fake security program which is a clone of Security Tool. The program is classified as a rogue antispyware tool because detects numerous false infections and displays a lot of fake security alerts in order to scare you into thinking your computer in danger. It hopes that you will then purchase its full version. But you should know, System Tool is unable to detect or remove any viruses, trojans, worms nor will be protect you from legitimate future security threats. Thus, you need to remove this malware from your computer as soon as possible.
SystemTool is distributed through the use of malware that pretends to be flash updates, or even video codecs required to watch an online movie. Once started, it will configure itself to run automatically when Windows starts. Next, the rogue will perform a system scan and report numerous infections to make you think that your computer is infected with trojans, spyware and other malware. Then it will prompt you to pay for a full version of System Tool to remove these threats. Of course, all of these infections are fake and don’t actually exist on your computer. So you can safely ignore them.
While SystemTool is running, it blocks the ability to run any programs, including legitimate antivirus and antispyware applications. The following warning will be shown when you try to run any program:
Application cannot be executed. The file {file name} is infected.
Please activate your antivirus software.
More over, System Tool will display a lot of false security alerts and nag screens. Some of the alerts:
System Tool Warning
Intercepting program that may compromise your privacy and
harm your system have been detected on your PC.
Click here to remove them immediately with System Tool
System Tool
WARNING 23 infections found!!!
System Tool Warning
Some critical system files of your computer were modified by
malicious program. It may cause system instability and data
loss.
SystemTool will also replace your current Windows background with a fake security warning that states:
Warning!
Your’re in Danger!
Your Computer is infected with Spyware!
Of course, all of these warnings and alerts are a fake and like scan false results should be ignored!
If your computer is infected with SystemTool, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove System Tool and any associated malware from the system for free.
Symptoms in a HijackThis Log
O4 – HKCU\..\RunOnce: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe
Automatic removal instructions for System Tool
Step 1. Reboot your computer in Safe mode with networking
Restart your computer.
After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.
Instead of Windows loading as normal, Windows Advanced Options menu appears similar to the one below.
Windows Advanced Options menu
When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.
Step 2. Remove SystemTool and any associated malware
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for System Tool infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove System Tool. MalwareBytes Anti-malware will now remove all of associated SystemTool files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Step 3. Reset HOSTS file
System Tool will change the Windows system HOSTS file so you need reset this file with the default version for your operating system.
Please download OTM by OldTimer from here and save it to desktop. Run OTM, copy, then paste the following text in “Paste Instructions for Items to be Moved” textarea (under the yellow bar):
:Commands
[resethosts]
Click the red Moveit! button. Close OTM.
SystemTool removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
System Tool creates the following files and folders
C:\Documents and Settings\All Users\Application Data\{RANDOM}
C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe.
SystemTool creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\{RANDOM}
Wow! What a quick and easy fix! Had my laptop with the instructions from this site beside the infected desktop. Removed that nasty program without any trouble. Thanks a million!
aDownload Malwarebytes.
Sorry, I spelled malwarebytes wrong before… Day number 2, all seems fine!
I have followed instructions and installed/run MBAM and OTM and initially when I log-in my regular desktop background is back for about 5 seconds, then switches back to the system tool….HELP!
Tausend mal DANKE……………..!
Looks like it worked. Wasted $50 and all night on norton, didn’t fix it. Got makwarebytes, system tool is gone in 20 min. Thank you!!!
*malwarebytes
thanks, this process worked for me right away
Hello System tool showed up about a week ago, well maybe it was there earlier because my anti virus mysteriously shut off twice. Then it showed up screaming of infection. I ran my virus program and it showed nadda. A couple of days later my left click stopped working(may not be related) and the pc started shutting down on its own. Tonight it went bonkers, many many viruses and trojans reported by the “Rogue”. Phony desk top and anti virus would not open. THANKS Buddy! Hopefully it is OK time will tell with this bad little mutha.
My husband and I are not that computer savey, but when we got this malicious virus, we were determined to \win\. Thank you so very much for this website! We followed the directions (it took a couple of tries) and it worked perfectly!!! We have Vista ( which has been another awful mess) but all things are working smoothly! I agree with another comment above, someone needs to go after these bastards who think its ok to swindle people and cause major stress in their lives!!!
So everything went well I ran OTM and it worked, but my computer Host often crashes I get a window and a blue bar will pop up on it and quickly disapears then it will tell me my host has quit working then I wont be able to open any programs.. please help and redirects on the internet
Got this System Tool thing tonight and followed your instructions and I managed to get rid of it. Thanks so much! What I don’t understand is how come the anti-virus software I have (Sophos) didn’t stop it?
Help please – My son reported systems as above, and like a dutiful dad I’m trying to sort out for him, after taking the actions listed below I now get ‘Other user’ when booting up windows (Rather than the 2 users set up, myself and my son), and unable to logon.
Running Vista Home Premium
Actions taken: –
– Start up in Safe Mode with networking
– Run MalwareBytes following your instructions above, including running OTM to reset Hosts, run twice, found 3 rogue files and removed them
– Tried to download and install McAfee, Internet explorer ‘reported a problem’ and shut down!
– Run HijackThis, found 1 rogue file and removed
– Run Security 360, found nothing
– Run Advanced SystemCare, found nothing
– Searched Registry for RunOnce, found a number although all pointing towards Microsoft and couple towards Google, so didn’t delete as not sure exactly what I was looking for!
– Run MalwareBytes again and nothing reported now
– Tried to run Windows update, appeared to download Vista SP1, got to 100% of install process then hung (twice)
– Cannot turn on Windows Defender
– Tried to install AVG (Free version), but crashed towards end of install
Left machine running – Microsoft Security Essentials, found nothing, then as late I closed down laptop
Booted up this morning in both normal & Safe mode and just get ‘Other user’ logon, any help would be greatly appreciated, as only thing I can think of now is re-install!!
Thanks in advance
Angie`, ask for help in our Spyware removal forum.
My friend just got this problem of system tools on his windows 7. I’ve had a bit of experience in being infected and started the computer on safe mode with networking. Fortunately windows 7 had noticed the problem and a system restore window had popped out when the computer was restarted. I selected the option to restore the settings before anything bad had happened. It had restored the settings before any problems had started, and system tools was gone. It’s too soon to say if it really was gone, but i’m going to download the malaware and run it to make sure.
I have followed all the steps and it is still not removed.
To haig, trying to follow your directions here but step #5) Run “C:Windowssystem32egedt32.3xe” it can’t find this. Is this spelled correctly?
I’m not sure what else to do at this point.
Thank you so much for the invaluable instructions on here! If you can’t get the software to update, download the updated rules manually because it it caught something extra when I updated the rules.
It took two runs of Malwarebytes to get this malicious software off (one with old rules, one with new rules) and things are running smoothly again. I’m going to have to be careful with which sites I visit from now on.
All I can say, is this is the best set of instructions that I’ve ever read to help an accounting student solve a computer issue.
Thank you thank you thank you!
This was freaking awesome, I got rid of that freakingcrap virus and I can use my computer normally again thanks a lot!!!!!!
Thank god I have you guys 🙂 I got it and now its gone thanks a million! You are life savers 🙂
THANK YOU SO MUCH VERY MUCHHHHHHHH
I got this shit yesterday and couldn’t connect internet. I was very angryyyy. I had found your site and fixed it. It’s great!!!!!!!!
Safe mode with networking then install Malwarebytes Anti-Malware, launch, then update, scan and remove fakeware. Easy. This is how you get rid of all scareware imo.
THHAAAAAANNKKK YOU SOOO SO SO MUCH!!!! Everything worked with me!!!! PERFECT. Thanks for the description. Even the OTM worked well!!
Thank you for all your help.
thanks it’s so cool…GL
I did the process when I got it yesterday, it was gone and everything was running fast and functioning perfectly again, but today…..its back!! It came back while i was trying to open an attachment in my email, could it have possibly latched itself onto that? It came back even tho I have MC afee and malwarebytes running and scanning. Malwarebytes gets rid of it with stellar results but how do I KEEP IT AWAY FOREVER?!
The program fooled me to buy the software which to find out it is a fake.
I called to cancell my credit card right away.
Thx a lot!!!!!
When system tool appeared i was home alone so i almost bought it.
fortunately i had the idea to search for a way to delete it and discovered it was fake,
T.H.X
sorry, but i just can’t stop thanking you.
just 1 extra comment (:
god bless you, thanks!!!
i wonder how you feel making so much people relieved and happy without asking anything back, must be good !
Thank you so so much!!! Your instructions immediately remove the annoying spyware. You saved my laptop! I can’t thank enough 😀
thank you so much bro….
WOW!!!! I am a computer DUMMY and I followed the instructions and am now virus-free! Please post instructions for how to start safe mode for other dummies like me – I had to look that up separately. But, once I did, I followed your instructions and it worked perfectly. Very easy!! Thank you!!!!!!!