System Tool 2011
System Tool 2011 Description
System Tool 2011 is a rogue anti-virus program that alters the user’s desktop, creates fake infection warnings and alters your Registry to run without your permission whenever Windows starts. You should never purchase System Tool 2011, since the rogue anti-virus application has no accurate information to give and no positive aspects to being kept on your computer. Removing System Tool 2011 by using an actual anti-malware program is the recommended solution and will stop the display of baseless warnings and alerts that are disconnected from your PC’s real state of integrity.System Tool 2011 is Not a Product Worth Paying Even a Penny For
System Tool 2011 infects PCs through the use of Trojans that falsely advertise infection removal features, malicious website that utilize drive-by download techniques and other dishonest methods. The unusual pink interface theme is identical to that of the original System Tool rogue anti-virus program, and System Tool 2011 also has strong ties to Security Tool, Live Security Platinum, System Security, Security Shield 2012, System Tool 2.20 and similar minor rogue anti-virus application permutations.
A fairly large array of error messages may be seen whenever System Tool 2011 is active, but these errors don’t indicate actual system problems – instead, System Tool 2011 is just trying to make you think that your PC is infected. Here are some of the disingenuous possibilities:
System Tool 2011 Warning
Your PC is infected with dangerous viruses. Activate anti-virus protection to prevent data loss and avoid the theft of your credit card details.
Click here to activate protection.
Warning: Your computer is infected
Windows has detected spyware infection!
Click this message to install the last update of Windows security software…
System Tool 2011 Warning
Intercepting programs that may compromise your private and harm your system have been detected on your PC.
Click here to remove them immediately with System Tool.
As frightening as all these desktop alerts are, the alteration System Tool 2011 makes to your wallpaper is even more terrifying – or amusing, depending on your viewpoint.
Protect Your PC from System Tool 2011!
The most significant danger in System Tool 2011 lies in its potential to shut down programs without your permission. System Tool 2011 may do this by using an error similar to this one as a semi-plausible excuse:
Warning!
Application cannot be executed. The file cmd.exe is infected.
Please activate your anti-virus software.
The only infection you need to be concerned about, though, is System Tool 2011 itself, as well as any Trojans and related infections that may have come with System Tool 2011. Proper control over your PC and full access to programs can’t be reattained until you’ve deleted System Tool 2011. Since lack of access to security and basic Windows software runs a notable risk of harming your computer over time, you should make removing System Tool 2011 your highest priority.
The removal of complex threats like System Tool 2011 is better off not attempted manually except as a final resort, since many kinds of malware will create unpleasant side effects if only partially deleted. The use of an updated anti-malware scanner will make it easier to delete System Tool 2011 without any unusual problems arising.
System Tool 2011 Automatic Detection Tool (Recommended)
Is your PC infected with System Tool 2011? To safely & quickly detect System Tool 2011, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect System Tool 2011
What happens if System Tool 2011 does not let you open SpyHunter or blocks the Internet?
Technical Details
Visual & GUI Characteristics
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read
the tutorials on how to find malware,
kill unwanted processes,
remove malicious DLLs and
delete other harmful files. Always be
sure to back up your PC before making any changes.
- The following files were created in the system:
More files
Additional Information
- The following messages's were detected:
# Message 1 WARNING!
YOUR'RE IN DANGER!
YOUR COMPUTER IS INFECTED WITH SPYWARE!
ALL YOU DO WITH COMPUTER IS STORED FOREVER IN YOUR HARD DISK.
WHEN YOU VISIT SITES, SEND EMAILS??? ALL YOUR ACTIONS ARE LOGGED. AND IT IS IMPOSSIBLE TO REMOVE THEM WITH STANDARD TOOLS. YOUR DATA IS STILL AVAILABLE FOR FORENSICS. AND IN SOME CASES
FOR YOUR BOSS, YOUR FRIENDS, YOUR WIFE, YOUR CHILDREN
Every site you or somebody or even something, like spyware, opened in your browsers,
will all the images and all the downloaded and maybe later removed movies or mp3 songs -
ARE STILL THERE and could break your life!
Posted: November 5, 2010 | By SpywareRemove
MoreThreat Level: 10/10
(No Ratings Yet)
Loading ...Rate this article:
Detection Count: 1,529
Magnificent! Your malware SpyHunter download actually worked. Tried it and was reluctant to registering by paying for it. Almost sounded like a scam but I took a change. Now I am malware free. Finally I boot my PC without those annoying pop-ups. many thanks.
Thanks for the warning about system tool. It’s gotten to the point that I’m more weary of these spyware warnings than I am about the spyware himselff. Thanks for this article.
Simply wish to say thanks for providing a fix to this malware. Spent full days trying to resolve this with McAfee but that suite failed to remove system tool. Thanks 1,000,000 and please carry on the enjoyable work.
I have a malware called ms tool removal on my system can anybody help on how to get it off
HOW CAN I GET MY MONEY BACK FROM THESE BASTARDS. I WANT TO FIND THEM AND CUT THEIR BALLS!!!
i have system tool and am on safe mode.i just deleted some wierd files in another language possibly russian or german. is it ok to go to normal mode?
WHen you are in safe mode, and then do a system restore, are you in danger of losing some of your files, programs, pictures, etc?
Thanks, I followed Alex’s suggestion from 2010-11-16 with Windows 7 and all gone.
Will now do a system scan? What is the best way to make sure I have deleted all asocciated files?
MdW
Thanks to everyone on this forum for sharing their experiences and offering such great advice! And esp Dr. Love who explained (up top) how to open and run the computer in “Safe Mode” — so that’s what the F8 key is for!
I did the Safety Mode–> System Restore fix, and it seemed to work.
At least, I could get back into the system again, and that damn System Tool thing hasn’t popped up again.
But I lost a morning of work messing around with this problem, so I went ahead and downloaded SpyHunter and bought it. These malware-rootkits-spyware things keep erupting. I want someone I can call next time
thanks again and good luck all!
Hi Guys, thank you for your help.
Simple way to solve this one using safe mode, Then I did system restore. Finally, the system tool was gone… this one very Helpful..
Kamprettssss spyware maker…..
Hi guys i got the virus today im running windows xp home and it wont let me go into safe mode the arrows wont move it. Is there any other way around this appreciate any help.regards Steve
i would like to thank you guys and girls for putting me right about safe mode god bless and nuts to the planks who mess about with our computers
It worked! First, I opened the safe mode. Then I did system restore. Finally, the system tool was gone. Thanks guys.
Peter are you still having trouble?
Did you empty recycle bin after deleting files?
Search file SEAPORT.EXE in Pretetch folder.Delete.It is Vir Tool:JS/Obfuscator.Then clen computer.
I got infected with system tool, I push F8 upon booting but I can’t get into safe mode. Please help me what to do..
Thanks guys, it was giving me the shits, then I googled it and realised it was a fake… I really appreciate it and now it’s gone. Joy
BAD NEWS SEQUEL – It has come back 3 times after being cleaned out! Maybe I am doing something wrong. I looked in the registry key RunOnce and the new name of the .exe file was in there. After noting the new name, I deleted the entry and searched the registry and c: drive for same instances and deleting everything seen. Each time on re-booting normally, the PC is OK for a while – an hour or so(?), and then the virus returns. It _appears_ to be unseen by MS Security Essential(MSSE), _and_ has the ability to render that program unable to function, i.e., turning it OFF and disabling being able to turn it on again. _Before_ my first infection I was doubtful about the original file so scanned it with MSSE, which did not find a problem. Is MSSE reliable?
All further good ideas to fix this problem would be welcome! Thanks in advance.
Thanks. Bill’s technique (2010-12-14 14:41:00 above) worked for me. The file name in my case was mJnAlKi18100.exe. I booted normally and looked immediately at the Task Manager watching for a task to appear, take lots of resources for a short time and disappear. I had to do this twice to get the name correctly. I then looked for this name in the registry with regedit (Find), and deleted the entries containing it. I aslo did a c: disk search looking for files with the same name in them. There were a couple, and deleted them. I re-booted after all this and the problem was cleared. Thanks Bill!!
Thanks for the tip , I did system restore in safe mode and It works .Anyone know what to do it keep it out ? I dont know where I did get it from as I was told I have a very good security in place ,guess not even it is the first serious one which did get through .Run superantiapyware but it did gave me a no problem answer . Does anyone know of a program to stop it coming back ???
I lost a day work for it and I thought it will be more so thanks again everyone for the advice
Whooo-ooo! This is the second time I’ve gotten this ninja of a trojan virus. The first time was back in 2010, and SAS (SUPERAntiSpyware, also known by my family as “The Big Guns) wiped it out. I got it again this afternoon, and SAS (fully updated) didn’t work, nor did any antivirus listed here. The program was unfindable in safe mode, or anywhere else for that matter. Finally I restored the system in a last ditch effort, It worked magic. System Tool is gone as far as I can tell, internet back, load-up normal. Running SAS to see if anything is left behind. Thanks all for the tips!
Hi, i’ve manged to get rid of teh background and popup, but ive looked through my files and theres abour 200 documents(viruses) about system tool. I can’t delete these, as it says i need the administrators permission. With these on my computer, i can’t do anything! Any help how to get rid of these?
My Brother-in-law was recently attacked with the System Tool 2011 Rogue/Virus/Trojan/Scareware. It literally took over his machine. He is running Windows XP Media Center with SP3 on an HP 3.2 Ghz machine, 1 GB of RAM and 250 GB hard drive. Even though he religiously backs up his system to a Seagate 2.0 TB external hard drive System Tool 2011 would NOT allow access to those backups in NORMAL or SAFE MODE. I found a little program called COMBOFIX ( http://www.bleepingcomputer.com/download/anti-virus/combofix) that is absolutely amazing. I had tried to use Ultimate Boot CD for Windows, Puppy Recovery for Linux, and several Portable Apps programs and NONE of them worked. Then I tried Combofix.exe. Download the program at the link above and save it to a flash drive. This is the process:
1. Boot your computer into SAFE MODE. This is best done by restarting the computer and as it begins to restart tap F8 until you see a boot sequence menu on your monitor. Use your arrow key to select Safe Mode with Networking and hit Enter. This is where you need to be in order to run Combofix.exe.
2. Copy Combofix.exe from the flash drive to your desktop.
3. Run Combofix.exe, it may say you need to change the file name in order to run it. If so, just click okay. If the program closes, double click it again and it will run without renaming.
4. Follow the onscreen prompts and DO NOT do anything until Combofix.exe tells you to do something. All actions required will be performed by Combofix.exe up to and including rebooting your computer.
5. Once the files etc. are removed Combofix.exe will generate a detailed report of what files, directories, and Registry Keys were removed or changed. This report is about 6-7 pages long and I recommend you print it out for future references.
6. After Combofix.exe completes ALL its actions it is highly recommended that you run a FULL SCAN of your system with your installed anti virus software.
7. When the anti virus scan is completed reboot your machine and you should be up and running again and System Tool 2011 is GONE.
This is the easiest way that I found to get rid of this piece of crabware.
Since I was using McAfee They provided me with a free tool called Stinger. Once I found out how to start in Safe mode I could run the program. It seems to have worked OK but there do seem to be some damaged files. I\’m still kicking myself that I got tricked (I think) into letting it in.
I got infected with system tool, I push F8 upon booting but I can’t get into safe mode. Help.
I too was just infected with this. I did as instructed and started up in safe mode, did a system restore and everything is now gone and my comp back to normal.
i could not do anything untill i went into safe mode this THING blocked everything i tried to do. You must start up in safe mode
Thanks for all the help. I’m running Windows 7 and I just got this virus about two hours ago.
I did a combination of a bunch of things and it worked. I think I’m in the clear. I tried removing the files listed, but that was unsuccessful. According to several posts here and elsewhere these viruses change within the course of days so sometimes the fix posted becomes obsolete. I tried a restore, that did not work. I tried downloading anti-malware, I could download it but it would not run. Basically, I found no .exe files where able to run period, not even Chrome because it was downloaded as an .exe. None of the 50 ways of accessing regedit worked for me. So I improvised.
The system tools was running from my lower tool bar and I was able to right click on it and pin it to my task bar. I right clicked again and it showed me the files location C:\ProgramData\kIlKaFj06300.
From there I attempted to delete the file, but could not because it was running. I googled exefix_windows7 (per on suggestion) and couldn’t download the damn zip for it. At this point I wanted to pull my hair out! But I got it fixed. My directions are below! Thanks to everyone because all the suggestions together helped me to conjure up my own fix!
System Tool Removal Fix for Dummies, Windows 7 (like myself)
Download Anti-Virus/Malware (I used Malwarebytes)
1)Run computer in safe mode by hold F8 while starting computer
2)Click Start Button
3)Search Programs and Files for Run
4)Run file name you found from taskbar (see above)
5)Right click, select delete
6) Delete from Recycle Bin to be sure (YOU ARE NOT DONE YET)
7)Restart Computer per usual
9) Follow instructions, remove and reboot (whole process took 5 mins!)
From Virus to none in 2hrs flat, would have been quicker if I knew what was doing at all!
Hope this works! Cheers!
Luc
I too was a sucker for this scam! It cleared out my bank account?? Any suggestions on what to do? Im not too good with computers when it comes to this sort of thing?
Just got infected by this System Tool virus and I totally panicked!!!! Luckily, I found this site and got loads of help. I\\\’ve got Windows Vista. As previously suggested, I restarted in Safe mode, ran a search of all files by date and sure enough…there it was! File name was dOnHcNm18100…got rid of all files/folders with this name and…viola! I\\\’m not really computer savvy so took me quite awhile…but I did eventually got rid of the virus. Thanks to all you helpful guys!
Thanks to everyone that gave advice. I ended up going into Safe Mode, Restore then re-boot. However I found that my system was very slow so, I went into: Start, Computer, C; Windows, found what was registered with the date and time that this evil thing appeared, and deleted the file, along with, coming back out, going into Programme Data folder and doing exactly the same, closed all, re-booted and, as far as I can gather, all is good again. Hope this helps. Sorry for not giving tecnical jargon but, I am a novice, to say the least. Good Luck everyone!!
My wife’s laptop got hit with this today. The only thing that worked for us was to boot in safe mode, open up the c drive and do the *.exe search for today’s date. We deleted the 2 files that we did not recognize and it worked like a champ. Thank you very much for your help. I would love to neck shoot these bas*ards.
Thanks everyone for the great advice! It helped immensely! So happy there are sites like this to help.
Hi, thanks for this, the start up in Safe Mode and System Restore option seems to have worked (fingers crossed). I tried Task Manager and to search for the files but couldn’t identify the file that was the problem.
I have been victimised by this load of shit of System tool 2011. Suddenly my computers was infected and shown massage on screen blocked. Then i have been forced to buy the System Tool 2011 to remove Mel ware and Spy ware from my computers. I purchase on line as massage suggested on screen and paid by credit cards worth of USD60.00. Now removing once it has not solve the problem and there is no software to run again in my computer. What waist of money and it this not a crime?
Our system restore was turned off unfortunately and we tried all of the above and most failed apart from:
>Start computer as normal and log onto main admin profile
>Hit Ctrl Alt Del IMMEDIATELY
>Click onto processess and note the top file that was hogging all the memory
DO THIS QUICKLY COS IT WILL SHUT DOWN TASK MANAGER ALMOST IMMEDIATELY
>Find that folder in My Computer>C>Documents and settings>All users>Application Data and rename it very quickly!!!
>Shitdown PC and restart hitting F8
>Select \”Last known good configuration\” and log on to main admin profile
>Go into My Computer>C>Documents and settings>All users>Application Data and delete the folder you renamed then empty your recycling bin straight away
We ran a load more checks from previous inputs above and it seems to have done the trick
Thanks to all those who posted on here – we\’d be lost without you! 8 )
You are good people – unlike the b**tards who write this kind of software in the first place!
Thanks again – and good luck to any other peeps who fall foul
Tried running system restore in safe mode and was unable to get it to run!! Any advice?
I got infected with System Tool yesterday, and have been panicking until I logged into this website (thanks to an IT friend who clued me in). System Restore did not work for me, either. So I logged onto Safe Mode, and could not find System Tool anything. But I did the *.exe search for the dates, and found jEnAiDi20402.exe, which did it!!!!! Thanks to all so much for your help!!!
fallon w is right on. His suggestion worked like a charm. I should point out that my wife’s version of System Tool 2011 did not show up in the task manager either as an application or a process. For Windows 7 users new to itsregedit, each subsequent
entry in his list is a subfolder of the entry before and you have to click or doubleclick on each one to get its subfolder list. At tjhe end of the line there were only two values listed in the right pane. The top one was a default value, which you recognize
by the time you get this far. System Tool was represented by a meaningless string of
letters and numbers and symbols on the second line. Use he view menu to delete it.
After I deleted the registry entry, I used System Restore to take the System back to a time before System Tool started annoying us, which also restarted my anti-virus and anti-spyware, and then updated Windows and the securityware (Windows Essentials in my wife’s case).
Good work! fallon w
I tried using SAFE MODE and when I select it comes back and I can only get in when I select other than safe moden
I am far from being a computer expert but I was able to get this virus off myself. I run Mcafee which didn’t pick it up and they have the cheek to try and charge you £60 to have it removed (so clearly they are aware of it…)!! I did a restart in safe mode –> Start –> Search (enter .exe) –> Advanced Search –>next I searched all files that ran the day of the infection…. there were a lot of “applicaton” files which looked really odd and had been installed during the day, so I deleted them all and emptied the recycle bin. Then re-started. Seems to be OK. I did note that on one of the other a/cs on this PC it wasn’t infected so wonder if there is a route in to fix that way….but I didn’t need to try…. Good luck all and hope you punks who invented this get a very bad virus yourselves.
Thanks so much!! Just a note, I tried deleting the rogue files and was not able to delete them until I ran my computer in safe mode. Also, there were seven letters and five numbers in my files.
I rebooted after deleting and using safe mode and all seems well now.
Thanks again!
I am still trying some of the above suggestions, my iolo System Mechanic Pro having failed to protect me!
It occurs to me that, according to some comments, a few people are following the links to pay for the removal program. The reports then say that if you have you should contact Visa or whoevers card was used. Theferore the credit card companies should be aware of this fraud and taking steps that do not assist it\’s perpetrators, but identifies the parties concerned and brings them to the attention of the authorities. Maybe we should all write to the various card services to complain and harass them into taking action?
OMG I have spent 2 hours on this and nothing works, I am seriously annoyed that this has happened. I have tried all of the above steps and nothing is working, I am doing something seriously wrong or is it suggested to perhaps try and install some anti-virus? I have even tried to download a new antivirus but it is being blocked, ctrl-dlt does not work either – it seems everything is blocked. I could scream I have so much to do and this is not what I need right now…..any help very gratefully appreciated.
Safe mode, system restore, full scan, job done, thanks guys
these people want stringing up i am a oap not very tenical minded was invaded with this [ system tool bug ] it really alarmed me just didnt know what to do i thought it was real wouldnt let me do anything on my pc but managed to type in help in google this site came up was so happy to find it was a bug im afraid i used spy hunter yes i paid but worth it besides i wouldnt no were to begin thx for all your help hope everyone gets on ok joan
I just got this virus, it wouldnt let me on internet or anything, i kept getting pop ups all the time !!! i though i had no choice but to buy it, which i did for $59 and now realise iv just been done !!! i have no idea how to get this virus off, am not that really bright on computers and you have probably noticed ! i take it there is no way to get your muny back ?? whoz account does it actualy go into !!!???
Safe mode then system recovery did the trick for me.
I was able to get to a DOS command prompt and to generate a complete file listing, with output sent to a text file. I was then able to open WordPerfect 5.1 and to search the text file for a new executable. I found a folder in Application Data with a gibberish name, and in that folder I found [same gibberish].exe, along with a small file whose name I can’t recall now . I typed the following:
md dump
move *.* dump
I moved the file rather than deleting it because I did not know for sure that it was the culprit. Sure enough, when I rebooted the problem was gone.
Getting to folders with long names in DOS is tricky. Here’s the sequence:
cd\docume~1\alluse~1\applic~1
I may have some mopping up to do but McAfee gave me a clean bill of health.
I’m against capital punishment but would make an exception for the people behind this.
system restore, in safe mode.Simple when you know how.Trick is, not to panic!
Used safe mode, (Tap F8 while booting up). Did a 24hr previous restore. Waiting for results of full PC check, but everything seems OK. Thankyou all so much.