Follow

How to Remove System Tool and SystemTool Malware (Uninstall instructions)

DISCLAIMER: Please note, the following instructions are intended for Level365 technical staff and are provided for informational purposes only.  Please contact Level365 to schedule an engineer for removal of any spy-ware, malware or viruses.  We offer no guarantee that the following instructions will remove the offending files and could possibly make your computer inoperable unless completed by a Level365 support engineer.

System Tool or SystemTool is a fake security program which is a clone of Security Tool. The program is classified as a rogue antispyware tool because detects numerous false infections and displays fake security alerts in order to scare you into thinking your computer is in danger. It hopes that you will then purchase its full version. But you should know, System Tool is unable to detect or remove any viruses, trojans, worms nor will it protect you from legitimate future security threats. Thus, you need to remove this malware from your computer as soon as possible.

SystemTool is distributed through the use of malware that pretends to be flash updates, or even video codecs required to watch an online movie.  Once started, it will configure itself to run automatically when Windows starts. Next, the rogue will perform a system scan and report numerous infections to make you think that your computer is infected with trojans, spyware and other malware. Then it will prompt you to pay for a full version of System Tool to remove these threats. Of course, all of these infections are fake and don’t actually exist on your computer. So you can safely ignore them.

While SystemTool is running, it blocks the ability to run any programs, including legitimate antivirus and antispyware applications. The following warning will be shown when you try to run any program:

Application cannot be executed. The file {file name} is infected.
Please activate your antivirus software.

More over, System Tool will display a lot of false security alerts and nag screens. Some of the alerts:

System Tool Warning
Intercepting program that may compromise your privacy and
harm your system have been detected on your PC.
Click here to remove them immediately with System Tool

System Tool
WARNING 23 infections found!!!

System Tool Warning
Some critical system files of your computer were modified by
malicious program. It may cause system instability and data
loss.

SystemTool will also replace your current Windows background with a fake security warning that states:

Warning!
Your’re in Danger!
Your Computer is infected with Spyware!

Of course, all of these warnings and alerts are fake and like the false scan results should be ignored!

If your computer is infected with SystemTool, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove System Tool and any associated malware from the system for free.

Symptoms in a HijackThis Log

O4 – HKCU\..\RunOnce: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe

Automatic removal instructions for System Tool

Step 1. Reboot your computer in Safe mode with networking

Restart your computer.

After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.

Instead of Windows loading as normal, Windows Advanced Options menu appears.

When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.

Step 2. Remove SystemTool and any associated malware

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

malwarebytes-screenshot.png

Select Perform Quick Scan, then click Scan, it will start scanning your computer for System Tool infection. This procedure can take some time, so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

mbam_system_tool.jpg

Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove System Tool. MalwareBytes Anti-malware will now remove all of associated SystemTool files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.

Step 3. Reset HOSTS file

System Tool will change the Windows system HOSTS file so you need reset this file with the default version for your operating system.

Please download OTM by OldTimer from here and save it to desktop. (What is OTM?) Run OTM, copy, then paste the following text in “Paste Instructions for Items to be Moved” textarea (under the yellow bar):

:Commands
[resethosts]

Click the red Moveit! button. Close OTM.

System Tool creates the following files and folders

C:\Documents and Settings\All Users\Application Data\{RANDOM}
C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe.

SystemTool creates the following registry keys and values

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\{RANDOM}

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

  • Avatar
    Level365 Support Agent

    Here is some additional info relating to the "System Tool" fake anti-malware application.

Powered by Zendesk