Home Malware Programs Rogue Anti-Virus Programs System Tool 2011

System Tool 2011

Posted: November 5, 2010

Threat Metric

Threat Level: 10/10
Infected PCs: 611
First Seen: November 23, 2010
OS(es) Affected: Windows

ScreenshotSystem Tool 2011 is a rogue anti-virus program that alters the user's desktop, creates fake infection warnings and alters your Registry to run without your permission whenever Windows starts. You should never purchase System Tool 2011, since the rogue anti-virus application has no accurate information to give and no positive aspects to being kept on your computer. Removing System Tool 2011 by using an actual anti-malware program is the recommended solution and will stop the display of baseless warnings and alerts that are disconnected from your PC's real state of integrity.

System Tool 2011 is Not a Product Worth Paying Even a Penny For

System Tool 2011 infects PCs through the use of Trojans that falsely advertise infection removal features, malicious website that utilize drive-by download techniques and other dishonest methods. The unusual pink interface theme is identical to that of the original System Tool rogue anti-virus program, and System Tool 2011 also has strong ties to Security Tool, Live Security Platinum, System Security, Security Shield 2012, System Tool 2.20 and similar minor rogue anti-virus application permutations.

A fairly large array of error messages may be seen whenever System Tool 2011 is active, but these errors don't indicate actual system problems – instead, System Tool 2011 is just trying to make you think that your PC is infected. Here are some of the disingenuous possibilities:

System Tool 2011 Warning
Your PC is infected with dangerous viruses. Activate anti-virus protection to prevent data loss and avoid the theft of your credit card details.
Click here to activate protection.

Warning: Your computer is infected
Windows has detected spyware infection!
Click this message to install the last update of Windows security software...

System Tool 2011 Warning
Intercepting programs that may compromise your private and harm your system have been detected on your PC.
Click here to remove them immediately with System Tool.

As frightening as all these desktop alerts are, the alteration System Tool 2011 makes to your wallpaper is even more terrifying – or amusing, depending on your viewpoint. Your desktop image will be changed to an extremely threatening message related to theoretical spware infection. This message is, naturally, just as false as everything else System Tool 2011 tells you!

Protect Your PC from System Tool 2011!

The most significant danger in System Tool 2011 lies in its potential to shut down programs without your permission. System Tool 2011 may do this by using an error similar to this one as a semi-plausible excuse:

Application cannot be executed. The file cmd.exe is infected.
Please activate your anti-virus software.

The only infection you need to be concerned about, though, is System Tool 2011 itself, as well as any Trojans and related infections that may have come with System Tool 2011. Proper control over your PC and full access to programs can't be reattained until you've deleted System Tool 2011. Since lack of access to security and basic Windows software runs a notable risk of harming your computer over time, you should make removing System Tool 2011 your highest priority.

The removal of complex threats like System Tool 2011 is better off not attempted manually except as a final resort, since many kinds of malware will create unpleasant side effects if only partially deleted. The use of an updated anti-malware scanner will make it easier to delete System Tool 2011 without any unusual problems arising.


Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%ALLUSERSPROFILE%\jGfFk01843\jGfFk01843.exe File name: jGfFk01843.exe
Size: 466.43 KB (466432 bytes)
MD5: 17c95d6acb856861ac2ea9d7197a5f6d
Detection count: 90
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 23, 2010
%ALLUSERSPROFILE%\oEkGd01823\oEkGd01823.exe File name: oEkGd01823.exe
Size: 466.43 KB (466432 bytes)
MD5: a9df67451944fac5e815898136a3feca
Detection count: 84
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 23, 2010
%ALLUSERSPROFILE%\cNlGa01601\cNlGa01601.exe File name: cNlGa01601.exe
Size: 466.43 KB (466432 bytes)
MD5: 8e1360e188ca0903bd05b020019c1ebf
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 23, 2010
%ALLUSERSPROFILE%\Application Data\pFeFg01803\pFeFg01803.exe File name: pFeFg01803.exe
Size: 466.43 KB (466432 bytes)
MD5: 6d93341782a6bfaaa876d1e6717c0c38
Detection count: 75
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\pFeFg01803
Group: Malware file
Last Updated: November 23, 2010
%ALLUSERSPROFILE%\oOkFh01803\oOkFh01803.exe File name: oOkFh01803.exe
Size: 466.43 KB (466432 bytes)
MD5: 57bc5d15f9dd622abd67618106dda221
Detection count: 71
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 23, 2010
%ALLUSERSPROFILE%\oPjFm01804\oPjFm01804.exe File name: oPjFm01804.exe
Size: 466.43 KB (466432 bytes)
MD5: 6062d192e945a06be453f89aeb61df2f
Detection count: 65
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 23, 2010
%ALLUSERSPROFILE%\dPgKj01819\dPgKj01819.exe File name: dPgKj01819.exe
Size: 466.43 KB (466432 bytes)
MD5: 3fd34f8b116bb0d5c9267bab6963d9cd
Detection count: 62
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 23, 2010
%ALLUSERSPROFILE%\nNcKp01805\nNcKp01805.exe File name: nNcKp01805.exe
Size: 466.43 KB (466432 bytes)
MD5: 0e236b9b4e005318e1885eaccdf71c11
Detection count: 56
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 23, 2010
%ALLUSERSPROFILE%\fKiLp01804\fKiLp01804.exe File name: fKiLp01804.exe
Size: 466.43 KB (466432 bytes)
MD5: 7f82f17d5d9697e89b6ac6933c485295
Detection count: 53
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 23, 2010
%ALLUSERSPROFILE%\mIiCg01805\mIiCg01805.exe File name: mIiCg01805.exe
Size: 790.01 KB (790016 bytes)
MD5: 36a65271dfec4405e54f37c0ef371c13
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 23, 2010
%ALLUSERSPROFILE%\hCfMl01834\hCfMl01834.exe File name: hCfMl01834.exe
Size: 466.43 KB (466432 bytes)
MD5: 4c6b1ca8c32151c17b7c77ffa75e1c2c
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 23, 2010
%ALLUSERSPROFILE%\lDlMb03000\lDlMb03000.exe File name: lDlMb03000.exe
Size: 466.43 KB (466432 bytes)
MD5: e907ac83cf1141a59d678451b9051ab1
Detection count: 32
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 23, 2010
%ALLUSERSPROFILE%\nMgPj01803\nMgPj01803.exe File name: nMgPj01803.exe
Size: 466.43 KB (466432 bytes)
MD5: 2001362a06262efaa57232ef2adc6ce0
Detection count: 31
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 23, 2010
%ALLUSERSPROFILE%\jMcBh01803\jMcBh01803.exe File name: jMcBh01803.exe
Size: 466.43 KB (466432 bytes)
MD5: e8930375b355720b5047aca0db8e4c7e
Detection count: 20
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 23, 2010
%ALLUSERSPROFILE%\pIjCp03000\pIjCp03000.exe File name: pIjCp03000.exe
Size: 466.43 KB (466432 bytes)
MD5: 75fe6f4e4f0c6736a4889e9826ec74eb
Detection count: 10
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 23, 2010
%ALLUSERSPROFILE%\pAkBd01819\pAkBd01819.exe File name: pAkBd01819.exe
Size: 466.43 KB (466432 bytes)
MD5: 2d670614a7b41ab4a6ef0bbe4edc86ea
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 23, 2010
%ALLUSERSPROFILE%\Application Data\hOfPd01803\hOfPd01803.exe File name: hOfPd01803.exe
Size: 466.43 KB (466432 bytes)
MD5: 3edf7137e715bfc18adf70614cdbcd37
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\hOfPd01803
Group: Malware file
Last Updated: November 23, 2010
%ALLUSERSPROFILE%\oKdNa01829\oKdNa01829.exe File name: oKdNa01829.exe
Size: 466.43 KB (466432 bytes)
MD5: 746b737e810c1c1ae213a678c7e89bce
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 23, 2010
%ALLUSERSPROFILE%\aIgLa01819\aIgLa01819.exe File name: aIgLa01819.exe
Size: 466.43 KB (466432 bytes)
MD5: bc54352a5912eb7c614c21b4d82ecb2c
Detection count: 4
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 23, 2010
%ALLUSERSPROFILE%\oNhFm03000\oNhFm03000.exe File name: oNhFm03000.exe
Size: 466.43 KB (466432 bytes)
MD5: d0c9077e4ded4b0472afbf6541dcae5e
Detection count: 4
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 23, 2010
%ALLUSERSPROFILE%\kPcFe02900\kPcFe02900.exe File name: kPcFe02900.exe
Size: 466.43 KB (466432 bytes)
MD5: 881d0f50890bcfc3c533add492a471ff
Detection count: 1
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 23, 2010

More files

Additional Information

The following messages's were detected:
# Message


Every site you or somebody or even something, like spyware, opened in your browsers,
will all the images and all the downloaded and maybe later removed movies or mp3 songs -
ARE STILL THERE and could break your life!


  • Alex says:

    Ok Guys... this is what I found... easy way, run safe mode networking run malwarebytes that take off the first step from registry. Is not gone because his life is in the folder. on safe mode click start and make a search for system tools 2011. When the program appear right click and click, open file location is going to be c:\programfile\""""""". The name of the program for me was fluijp01803.exe go up a folder and delete that folder. fluijp01803 and reboot. and is gone!!!! This troubleshooter was on windows 7 professional by me. MCA

  • jeovanny says:

    how do i run my computer in safe mode??

  • Dr.Love says:

    Hammer the F8 key while booting up.

  • rk42 says:

    Different version of System Tool 2011: Found a shortcut on my desktop, nothing in registry.
    Used Microsoft MRT in Safe Mode with Command prompt - said it found nothing.
    Reboot normally - still there.
    Tried to use add/remove programs (WinXP), and got an error message that ST 2011 had already been removed, so said yes to remove it from the program list.
    Right click the properties of the shortcut and found out where it was located, rename the directory and reboot again.
    Clean: delete the directory
    Exect variations.
    Good luck.

  • David Rollin says:

    On my computer, System Tool had renamed itself : kEhIa03601.exe.

    The best to remove is to:
    1. restart in safe mode
    2. run -> regedit
    3. search for System Tool
    4. delete each file that regedit finds (registry and computer file) press F3 to seach next
    Good Luck!

  • Katie R says:

    I opened my computer in Safe Mode and was finally able to do a system restore. It seems to have solved the problem, I have searched and done multiple comprehensive spyware searches, and no System Tools 2011. People who make spyware should be shot, I despise their very very black souls, and they should find something better to do with their time, like volunteer in the community.

  • Jen says:

    also do a search on bIpNg06301.exe and delete those files.

  • Jennifer says:

    It worked!!! I was able to get rid of the system tool 2011 by following your instructions above. Thank you very much!!!

  • Doug says:


  • Bill says:

    My XP Pro was infected. I removed System Tool 2011 in the following manner. I started the computer in normal (not safe) mode. Right after I logged on, I hit ctrl-alt-delete and selected Task Manager. I guess I could do this because System Tool 2011 had not booted up yet. I watched the Processes and noticed that "aNiBk06501.exe" came up and started hogging all of the memory. Immediately after this (within 10 to 15 seconds) the Task Manager disappeared and the whole System Tool BS showed up. I shut down and restarted as before, following the same steps. As soon as I saw "aNiBk06501.exe", I right clicked it and hit "End Process". Now my computer started up fine. Using Search, I looked for files with the "aNiBk06501" string and in advanced I check "search hidden files". I found several items, selected all and deleted them. I did the same thing for "System Tool 2011", found a few more and deleted those too. I have rebooted and everything seems fine now. If you do this the file name may be different but you will see an .exe file that starts hogging all of the CPU and memory right before System Tool 2011 shows up; take will be your culprit. Good Luck.

  • cody says:

    says i needed permission to delete system tool. so i searched for system tool in regedit thing an i didnt find it. . blahh this thing is frustrating.

  • Wayne Vrooman says:

    My daughter did a system restore in safe mode and removed it. Worked 100%

  • Nate says:

    Rebooting in safe mode and performing a system recovery seemed to work. No traces of it. Fingers crossed. That thing is a real pain in the arse.

  • scott says:

    Thanks to all that have posted their insight - but what worked for me was to first follow RK42's directions:
    "Different version of System Tool 2011: Found a shortcut on my desktop, nothing in registry. Used Microsoft MRT in Safe Mode with Command prompt - said it found nothing. Reboot normally - still there. Tried to use add/remove programs (WinXP), and got an error message that ST 2011 had already been removed, so said yes to remove it from the program list. Right click the properties of the shortcut and found out where it was located, rename the directory and reboot again. Clean: delete the directory Exect variations. Good luck."

    Then, boot in safe mode then search for any *.EXE that was modified in the last few days. It returned a result that started with a j (don't recall the exact name - it was a bunch of letters) - but I recognized the icon for system tools 2011. I opened the containing folder, went up one level to the containing directory and deleted it. Done.

    Thanks to all for the information folks - all was very helpful!

    And I agree - the people that write these viscious programs should be prosecuted severely. This wasted 3 hours of my valuable time.

  • cvt says:

    Rebooted in safemode, searched for *.exe and restricted date range to last 24 hours. this isolated the folder very rapidly. Then followed instructions above about deleting the whole folder, and then searched again for system* restricted to last 24 hours. Deleted those. Seems to be ok now. I also think I got it from a myspace page - everything went to h e l l when i looked at a page there.
    thnks all.

  • Jennifer says:

    I right clicked it and went to properties there was a box that said target location C:\Documents and Settings\All Users\Application Data\mCoKd06308\mCoKd06308.exe I found the folder and deleted the contents and folder. Then I was able to delete the desktop icon and the program was gone from my program list. What a B!t@h

  • lewis says:

    Thanks everyone! I was able to remove this garbage from my laptop!

  • tbf says:

    My malware named itself gBeOf06308

  • will says:

    Did System recovery in safe mode this seemed to work thank you all

  • Jake says:

    System Restore from safe mode did the trick for me. I then ran several anti-virus programs, and all found nothing, except Ad-Aware said it found and removed a high-priority risk. All seems to be running properly again. I'd love to have a virus writer in my headlights on a country road....

    Thanks for all the good information here.

  • Gordon says:

    Not able to open safe mode networking. Advice?

  • Gordon says:

    When activating in safe mode, all I get is a list of "multi (0) disk (0) rdisk.(0)partition(1)WINDOWS\....type listing.

    What do I do now??

  • vic481 says:

    Mine was named igial06301. Best way to find it was to check recently modified .exe files. Had to start my computer by pressing F8 then starting in last know working config.. Havnt done a restore yet.. Thats next. Thank u so much everyone for the helpful tips.

  • Victoria says:

    I don't exactly know if it's fully gone from my computer but all I did was go onto another account and delete the infected one along with all it's files.

  • Krishna says:

    Thanks a lot to all. I am able to remove this garbage from my desktop by logging into safemode->repair option->system restore option. Safest and clenest way!..Thanks again..

  • John says:

    I searched all the "exe" files mentioned, nothing, I'm under Safe Mode with networking and I have even searched System Tool 2011 comes up with nothing.......

    With that said, I have yet to do the safe mode with comand prompt. How do I type that in? just type it in with the black box with a cursor? Gonna try it, see what happens!

  • mike says:

    That worked!!!! Thanks for this forum.

  • ven says:

    can system tool 2011 uninstall by itself? i lately got it due to a link a clicked on fb. the other nite a google it n found out it was a fake antivirus n i deleted sum of the files but it wasnt completely uninstall.a few mins ago i decided to google it again n i was reading this article at dat moment my pc auto. shut down n when i restart it i didnt c any of the system tool pop ups n i can access all the programs on my pc. can u tell me wat is goin on here? btw when my pc restart a message pop up from microsoft windows saying ur windows has recovered from a serious error

  • John says:

    Starting up in Safe Mode and doing the System Restore worked for me. This thing is hideous!

  • RY says:

    Even I had the same issue... Some link on FB infected my system too... Thanks a lot guys.... Alex and rk42... you made my day... This was very helpful and saved me a ton of time. More importantly these posts helped me calm down and relieved me from stress.... Just follow what Alex and rk42 said and it works!!!

  • Jordan says:

    I tryed it, but it dosn't work it keeps blocking everything...what do i do?

  • Caesar says:

    Thanks a mil. Deleted the executable, the directory, the registry key entry, the C:\\Windows\\Prefetch .pf entry, and the Start entry. All fine now.

  • alternateshadow300 says:

    This is BS. I cannot open Chrome AT ALL. This stupid System Tool refuses to let me, claiming it's infected.

  • Trent says:

    Okay, nevermind, I fixed it. Thanks a lot for the help, guys. Your removal tool is very, very reliable.

    I'm alternateshadow300 by the way...

  • Coni says:

    After i run windows in safe mode i couldn't find the random folder D:! but then i look at the direction at the properties of the "program" and TA-DA! my brother's problem is solved.

    Thank you A LOT for the help 🙂 it was useful 😀

  • Lenny21 says:

    System restore works for a couple of days but it comes back. To search for System Tool 2011 in the registry does not work for me. Also in the program folder nothing of System Tool 2011.
    It seems to change file names as soon it enters a pc. Antivir Firewall wasnt able to detect it either. I have no idea how to remove it. Dont know why these folks believe someone would buy their software? Rather a demo how firewall are still not save? Since I have several harddisks I switched to one which is still working. Not sure for how long this works? Just activated windows defender, not sure if this solves the problem?

  • Sam says:

    The file was named bGiK106300 and there was another named 0.853329230934185 both .exe files. Running Vista with two accounts only one was affected. Through the unaffected account did a search-Start button---start search--*.exe for files dated today. From the search results I simply righted clicked on the files and deleted them. Seems to have worked. So just paying it forward and hopefully the hackers will not use the info posted on this site to improve this garbage.

  • Kelly H says:

    So thankful for all the help! I was one stressed mama! Restarted in safe mode, did a system restore, and am now looking to download good spyware software. I am so relieved!

  • njg says:

    this crap got into my system from Skype--------a real pain in the ass---systemrestore seemed to work the best---hope theses slugs are tracked down quickly and are stomped on......

  • klh says:

    Thanks for the info.....I also did a search for all .exe files modified in the last 24 hours in safe mode, then deleted the system tools 2011, seems to have worked. Still running virus scan, but so far, so good. I could not get command prompt or task manager to find it- I have windows 7. I agree, these morons should be using their skills for something productive.

  • RobRob says:

    If anyone finds out the IP or any infor for the slimeballs who designed System Tools 2011, by all means contact me, as I have connections who will put a contract on the heads of these hackers.

  • Ckgold says:

    Thank u from the bottom of my heart for the system tool 2011 help

  • AB says:

    Im SUPER computer illiterate. Can anyone dumb it down for me on how to remove this? Thanks!

  • RichardJH says:

    I am running Vista and apparently got infected last night. I went into safe mode ran Mcafee, spy bot, superantispyware with no results. I downloadef a manual approach, but have no registry entries for system tool, nor any other suspicious entries under HLM/sotware/Microsfot/windows/currentuser/run

    This thng is hiding in safe mode, bu pops right back up in normal mode. Any other ideas?

  • Rob_F says:

    I have a client that just got this Spyware. It is a tough one to get rid of. I found that I could boot up into Safe mode. I cleaned the temp files but that did not work. I tried the previous things in this thread, but I did not have those reg keys.
    Here is the Fix, I found the .exe file in Windows Vista
    c:\Program Files\ProgramData\nLpHd06308\nLpHd06308.exe
    I renamed the file to from .exe to .rob rebooted and I am up. Now I can run Spy Bot and my AV and clean up the rest.

    I would bet the folder and file names will vary

    Happy Holidays


  • Dale says:

    Just removed this myself thanks to an above post...
    Windows XP...

    Reboot...tap F8.... Safe Mode
    Accessories ....System Tools.... System Restore
    Selected a date before infection...

    Note: I had to do it twice...

    Now.... how do we find the @#$%$'s that create this #$#%?

  • Eileen W says:

    Just used the info on this site to sort out my husbands computer. Rebooted in safe mode and used system restore. This seems to have done the trick.

    Many thanks. E.W

  • paul says:

    i have tried everything. I tried all the above ideas and each time including doinga search it tells me its infected even in safe mode it will not allow me to do anything please help the individual that created this is well you know bad things is too good for them

  • DJ says:

    MySpace gave this to me. Thanks, MySpace.

    The iteration I got was:


    Did a "find" in regedit ( in Safe Mode, of course) of system tool 2011 and it took me directly to the locations. Deleted everything, and so far, so good.

  • Fenaghflock says:

    Found Scott's contribution to be most helpful . A lot of the online help don't seem to appreciate that once this thing is on your system it allows you to do nothing without going into safe mode

  • Van says:

    None of this worked for me except logging on as a different user and stopping the process. Not even sure which one did it because I stopped 3 or 4 processes. Still haven't deleted anything because I cannot find the little sh*t. Any idea's on how to find it?

  • Tim says:

    I could not catch the name of the version of system tool 2011, but after following Bills instructions on how to remove it from my xp pro system it totally went away. just want to say thanks to System Remove and Bill for pulling my fat out of the fire. I was in between computer protection subscriptions when I contracted the bug but I\'m pretty sure I got it from an errant Email that I opened. just wanna say that if you don\'t keep some kind of protection on your computer while you are browsing or reading Email, you just may end up with this crappy problem too.

  • Joey says:

    Alright so I got this from myspace I did the system restore thing but I still have the thing as a shortcut on my start button I want it fully removed with out me having to restore my laptop back to the factory setting

  • Ravi M says:

    Very helpful....
    thanks to ALEX (MCA)
    cheers 🙂

  • Chris W says:

    Hi, I picked up system tool 2011 today, maybe from a facebook link. I'm quite surprised because I use AVG anti virus and PC tools firewall, both active and up to date. Its a nasty little sucker for sure! Searching google for removal ideas I saw a link to Malwarebytes, so followed that. Scanning with the latest update worked for me as far as I can see. I already had it installed - just the free version so on - demand not fully active. I also found, following one of the tips above that just opening task manager immediately after boot up seemede to stop the system tool 2011 loading, so at least gives some breathing space to try to sort it out!
    May the perpetrators rot in hell!

  • Fourunner says:

    To start Task Manager to see what EXE is hogging CPU in the Processes tab, you don't have to reboot. Go to the Start menu, Click Run, type in TASKMGR, then OK. Then you can do a file search (make sure you use the advance settings and "Show Hidden Files") for name of the offending EXE and delete all files associated with it. Then search for all files with "System Tools 2011" or "SystemTools2011" in the name and delete them. Clear the recycle bin before you reboot. This worked for me.

  • Al G says:

    The shortcut was on the desktop, the program was listed in the add/remove programs, and afterwards was also listed in programs. I started in 'safe mode' and 'restored' from there. I could afford to use a date 6 days earlier. I had to reinstall a program. Thanks to everyone who commented.

  • Alex says:

    Thanks everyone, especially Bill for his comment on 2010-12-14 14:41:00. Worked for me though the malicious .exe in the Processes was different (yet identifiable if one can quickly figure it out). I stopped the process, let the system start normally and then restarted using the Sys Restore. It worked. Now I'll clean the system up.
    Those who make money by spreading the virus - I hope that their "income" would not help them. Quite opposite.

  • Rebekah says:

    OMG! I payed for it! is there of getting your money back from this fake garbage?

  • sean says:

    I tried everything system tool 2011 is not going from my computer.. Any help would be appreciated

  • Anna says:

    My keyboard..mouse..and internet have been disabled. What do I do now?

  • Mopar says:

    After finding the folder that "System Tool" was running from, it was called aOcCo01804 located in C;Program Data, I logged on the computer using my wife's user account, (it only seemed to affect the one user account not the entire computer) found the folder that "System Tool" was running from and deleted the entire folder. Ran 'regedit' in the search bar and did a registry search for the same name and deleted all data in the 2 folders that showed up in the search then deleted the folders. Rebooted and followed up with a full virus/malware/spyware scan, everything was good.

  • newie says:

    I was sooo in luck!!! I have Windows7 and 2 accounts on my laptop. On the account i never use i could simply download Malware Bites (freeware) after a reboot and it got rid of all my malware ALSO System Tool 2011 LOL, soooo easy.
    So always have an extra account that you dont use to work on.
    I even got rid off a virus that i couldn't get away with Spybot.

  • Bob says:

    My daughter had similar virus, She had the Think Point/Hotfix virus.
    I stopped it by shutting it down in Task Manager then installing the free version of Super Anti-Spyware. After install I ran it and took that and over 800 other malware and virus programs out. Maybe it work on System Tool virus too. My friend has this virus on his laptop and once I get the offending progrm to shutdown I'll try removing it.

  • Will o Wisp says:

    There are quite a few variants of this type Scamware around. Generally if you can get into Safe mode (tap the f8 key as the system starts up) RIGHT click the shortcut and look for the location of the file which kicks it off, A system restore might clear it but.... they often write the stuff into the 'restore point' and restoring will only bring it back. Any Spyware removal tool Antimalware Malware bytes Spyhunter etc, if you can get on the internet then download one of these tools. Install one of these update it and run it in safe mode. The general thing is to remove the file(s) which the scamware runs from and then try and clean the system up. Yep this is an IT pros view on it. Have fun!

  • martin says:

    Reboot in safemode only when your system comes up simply restore to an earlier time system tool 2011 is no more

  • Kim says:

    You lifesavers! The file was jIcFn0i826.exe. I used safeboot and system restore. The restore did not omplete but I used the retry a different dae option and it worked. I hope this is of help to someone.

  • Jeannie C says:

    Posts have been so helpful....thank you! Was able to restore in safe mode and took care of the virus.

  • VinnieB3 says:

    HIstory file shows following IP Address for these jerk-offs:

  • allison says:

    If you just purchased System Tool 2011 and within minutes realized it was a virus, then installed Norton 360 software, will it remove this horrible virus or will you still need to remove it manually in Safe Mode? This is what I did today, as soon as i bought it I couldn't open the icon and realized there was a problem so I looked up System Restore 2011 online and saw right away how its a malware virus. I called the bank within minutes then went to these people's supposedly legit web site (which the bank gave me and threatened to press charges/file complaint etc. if they didn't refund my money to online customer service rep, I got a response saying they'd cancel my "order". I downloaded norton 360 and it said 112 tracking cookies found and removed. Does this mean its gone or do i need to find it and get it off because its tough to detect? Thanks.....

  • slr says:

    Thank you also to RK42! This dumb virus changes its name; it was eljMf08200.exe on my computer. I restarted my pc in Safe Mode w/Networking. Went to Windows Explorer, did a search on System Tool 2011 and that .exe file. When I found the files, I renamed them, shut down, and powered up normally. Once I could tell my computer was running as it should, I deleted the files and folders. I didn't need another account like Mopar did. Oh yea, I couldn't open Task Manager; should've read Fourunner's comment. This is one nasty virus. As far as these lazy bums, what goes around, comes around...eventually.

  • tim says:

    this was one nasty little bugger. it completely hijacked my system and walked right past the ca software that was supposed to be protecting my computer. I found a way on another site to get rid of it. on another computer, download a small free antispyware app called HiJackThis.exe. put it on a thumb drive. rename it explorer.exe. move it onto the desktop of the infected pc. run it and do a system only scan. the list created by this scan will have all the normal things that run on startup. but it will also have a "run" or "run once" line that will end in an .exe file with a name made of just random letters and numbers. mine was olkpj08200.exe. when you find it, put a check mark on it and click "fix checked" button. This should give you back control of your system so that you can find that file and delete it. mine was located in c:\documents and settings\all users\application data\olkpj08200. (the application data directory was hidden)

  • michael b. camp says:


  • John L says:

    It was amazing how safe mode and system restore did the trick in less than five minutes. Thanks everyone for your research and time

  • Kai says:

    HELP! system tool wont let me open command prompt or task manager. I dont know what do do. Also it is blocking my acess to documents and settings.

  • Darby says:

    Thanks so much for help!

  • Loretta says:

    What worked for me was going to safe mode and doing the system recovery. I then checked to see if it was all gone and it luckily was! Thank you all for your help! Without this site I would have fallen for their trick!

  • david says:

    what you need to to is just get in SAFE MODE open shortcut "system tool 2011" with right click. click "open file location" or "find target" and delete everything in that folder it helped me and working 100% its workiiiiiiiiiiing

  • Twinney says:

    Great work everybody in beating cyber terrorists!!!! I actually had an icon on my desktop. I clicked on properties. Opened the file location the tried to delete. That didn\'t work. Then simply changed the file name - anything will do - Restarted the laptop, went back into the file location through the dektop icon and deleted out of there and the reycycle bin. Hey presto! it appears to work

    Good Luck

  • Lynne says:

    Safe Mode then system restore worked brilliantly, Thank you

  • wraith73 says:

    My nephew had been a bit too 'adventurous' on his laptop. Teenage boys!! System Restore did absolutely nothing for me. Had to scrub everything manually, in Safe Mode, using a few other suggestions above. Thanks to all that put their 2 cents in. The laptop appears to be clean & shiny (touch wood). SpyHunter can't find anything now, except for some spyware cookies from web sites my nephew's been to, that I don't think his mother would want to know about. I'll let her know tomorrow 😉

  • lajnuz says:

    Hey, i have removed it once but it still comes back, please help!

  • Happy chappy says:

    THANK YOU! I nearly had a mild heart attack when I realized I had a virus. I rebooted, pressed F8 to enter safe mode, ran a .exe search for today's date and up it popped clear as day... I then deleted it and restarted... A message from windows popped up saying the system has recovered from a vital error (no thanks to Microsoft) and all seems ok so far.... I think I want a Mac!

    Thanks again!!!

  • AHHHHHH!!! says:

    Will system restore delete everything on my computer??? I don't want to lose all my pictures, and videos and stuff !!! This thing sucks!

  • sadaf says:


  • virus hater says:

    guys dont know how i did it but the system tool 2011 icon was there but there was no record of it in my entire pc i rebooted and the icon was gone so all i did was shut down and i opened safe mode i restored to about 5 days erlier from today and i cant find it anywere and i pretty sure its gone because before it would let me open the ALT CTRL DEL menu so im pretty sure its gone

  • ive says:


  • sheelitah says:

    Thanks for all the suggestions. Safe mode and system restore worked for me too. My teenage son also got it on the computer at his school. This virus is really malicious!

  • Lynn says:

    I did the restore and it came back. called around to some computer repair shops. they are telling me the only way to get rid of this system tool thing is to reload the operating system.

    I have total protection from Mac Afee. that didn\'t catch it. even after I did the restore. still didn\'t catch it. and today I got on the computer and it was back.

    Any suggestions?

  • steve says:

    rk42 has the easiest solution - thanks

  • Dibith says:

    My system was totally highjacked. Couldnt do a thing. I booted off a Ubuntu live CD and browsed the program file folders, found nothing unusual. Then I browsed the program data folders and found an exe. file dated the day I got the virus and it being a exe file in a data folder was suspicious . I deleted it booted into windows and everything is fine. But thankyou all for the info.

  • omid says:

    thanks alex. It works

  • Michael says:

    I've found that you also need to check the Hosts file and the DNS Server settings. Disable System Restore, reboot and re-enable

  • lace says:

    okay so i have tried all of the above and still need help i can\'t find the source of this, and to top it off a report of this got saved on to my computer i found that and was able to get rid of it but i cannot seem to fix this can any one help please. Please break it down in very simple terms for someone like me to even understand, thanks, i have tried going in safe mode and trying to find it ive ran my spybot and nothing comes up. But everytime i reboot this system tools comes back up again
    please please help!

  • GordonJ says:

    This page has a selection of registration numbers. I clicked on the register button on the system tool 2011 screen, entered one of the numbers and it went away.

    Then I ran virus and malware checkers to make sure it was really gone. Finished off with a registry checker as well.

  • denise says:


  • Frank says:

    I actually had the same version of this spamware as RK42. I was able to remove it by deleting the files, and system tools no longer boots up. Unfortunately my wifi is unable to connect, it detects my network but ends up giving me a connection error after a while. Please help.

  • Jeff says:

    I booted up PC holding f8 button went into safe mode waited for prompts found system restore, read what it says I clicked no then went into restore, went back a month and continued. System tool 2011 is now gone thanks for the help the I was stuck and tried lots of things, but this worked.

  • Phil says:

    To deny you access to the Internet these type of viruses play with you internet connection settings. Give this a try.

    1) Open the Control Panel
    2) Open Internet Options.
    3) Now click on the Connections tab.
    4) Click the Advanced button.
    5) Uncheck the checkbox in the Proxy Server area.

  • Rob says:

    To the first post, THANK YOU.

  • Sean says:

    Have XP pro...steps outlined by Bill in above posted on 12-14-2010 worked great in my case....ctl-alt/del at start up, look for exe file hogging most of the memory (in my case the file name was not the same as the one Bill mentioned) but it was obvious which one it was. Hit end process. Rebooted, system tool no longer appeared. Still had to do a search for all files with \".exe\" that were modified within the last week, under advanced options I also checked search for hidden files. One file did appear with the system tool icon next to it. I right clicked and hit delete. Did another search and everything is working normally. Thanks Bill!

  • Richard says:

    My solution was to boot to safe mode,

    My trick to identify the random name was to right click on the system tools icon and go to properties, volia, here is the random name.

    Then followed instructions for files and registry key removal. Followed up with scan with multiple anti-malware tools.

  • GregP says:

    Tried everything and eventually downloaded Spyhunter4. Worth every cent !! Bashed the bastard "System Tool" to death, lol

  • Alejandro Cook says:

    Thank You.
    F8/System Restore to a erlier configuration. This procedure fixes a lot of problems.

  • Kimberly says:

    Went into safe mode-networking and started up my malware program...quarantine and deleted!

  • hjf says:

    I used system restore and, based on some comments datred Dec 2010 about it coming back, I have my fingers crosses. 🙂

    Thanks to this forum.

  • temptingfate says:

    Ok, Im not real sure on what to do here. I have a feeling I'm screwed. I have tried all of the above. Im running XP and everytime i try something it says it can not execute what ever im trying to do because its infected....it even said that for microsoft word. HELP!!!!!!

  • temptingfate says:

    Thanks so much!!! was almost in tears lol

  • Supertech says:

    Quickest and easiest fix is to do a system restore in safe mode back before the issue appeared. Other methods I have had for this problem are to get into safe mode and run something like Malwarebytes to get rid of it and I have also had to try to kill it by killing the service on startup to make sure it doesn't start to begin with, then go through and manually delete the files associated with it.

  • pat says:

    System Restore Worked Thanks so much!!!!!

  • Cactus says:

    Safe start, system restore worked for me! Thanks heaps. Hope they get the bums!!!

  • Moriah says:

    I am far from being a computer expert but I was able to get this crappy virus off myself. I tried to do a restore but the virus wiped out all restore dates prior to when it got in. Next I did a restart in safe mode --> Start --> Search (enter .exe) --> Advanced Search -->next I searched all files that ran prior to the night it was infected (make sure to check the hidden files box) -->BAM!!! The POS virus popped up. It had the blue & yellow "X" icon and stuck out like a sore thumb. I deleted it, plus all other files run since then and then emptied the Trash Bin. Did a Restart and I'm good to go! Thank you so much for this forum!
    Geek Squad wanted to charge me $200 to clean it up!

  • Leo says:

    Safe mode and System Restore to a month back did it for me. Lets hope it does not come back! Thank you all!

  • fallon w says:

    I definatly deleted my myspace account and the next thing i kno is i have system tool popping up telling me i had a virus. I instantly knew it was a virus and googled it. My virus system tool was called kbncpl106511. This is how i removed it.. i started my computer in safemode with networking (altho i didnt have to network) then i went to start then clicked run.. in the field i typed regedit and clicked ok. the program popped up and i clicked CURRENT USER then SOFTWARE then MICROSOFT WINDOWS then CURRENT VERSION the RUN ONCE and there it was!!! i deleted it! again my was called kbncpl106511.. i was unsure at first because it had more than five letters like everyone was saying theirs had but i knew it had to be the virus. HOPE I HELPED!!! and thank u guys for helping me!

  • Waqas Ali says:


  • Waqas Ali says:

    hi guys bill is right repeat his act

  • Jordan says:

    Awesome "victim" community on this site. I was able to figure out "same mode" (never heard of it until today) and followed someone's advice who said a system restore might do the trick. Restored back to 2/7/11, a week before the System Tool hit and all seems to be OK.

  • lauren says:

    Did anyone actually \\\"pay and downloaded this virus.\\\" I am trying to remember what info they asked for.....obviously credit card number, name, adress, but did they ask for DOB and/or SS# ? anyone know this info please let me know

  • Kate says:

    Couldn\'t work out to get rid of the virus and decided that as I would have to pay a computer expert to fix it for me I just as well buy the System Tool!! I thought my daughters boyfriend had checked it out on his computer and found nothing about it! But after I had paid System Tool I googled it and warnings about it everywhere and how to get rid of it - the boyfriend is not in my good books!! So yes they now have my credit card details and name and address but not date of birth. Do I still need to delete stuff from my computer or now that I have downloaded System Tool am I safe! Should I change my credit card details - which would be a pain but.....

  • Buck says:

    and the wind cried Moriah! worked like a charm.

  • Gill says:

    Got this sh**tty virus on hubby\'s laptop, he uses it for work and it would have been a nightmare to lose his data, thanks to all who posted, have hopfully restored to a safe date using Bill\'s advice and others, have run cc cleaner and microsoft security and can find no trace left so fingers crossed. Thanks again to all who posted from both of us

  • John M says:

    I tried downloading your program, but everytime it said my admin prevents me from loading this type of software. Well, I this is a personal PC and, therefore, I am the admin. Unfortunately, I have no idea why it would prevent me from running your software. Any ideas?


  • Gully says:

    This is the best solution. Please note, I did not any programs named "System Tools", However,there were other various non-descript names and file names which I deleted.

  • Greg A. says:

    Dell Win XP SP3

    All great solutions, but I believe the malware beasts are reading all the blogs! My recent (2/21/11 and later) exposure to System Tools removal is the following:

    System Restore is disabled

    F8 gets into the Safe Mode screens, but starting in safe mode has been disabled. Blue screen comes up stating that the computer has stopped in order to protect itself.

    Cannot start any program with an .exe extension, get a message saying *.exe is infected, use our anti virus software.

    Cannot create a new owner to trick the machine. User accounts will not open.

    The inability of using any program prevents the use of anti virus programs / scanners

    An attempt to salvage the Outlook Express address book on the infected computer could not be accomplished, because OE could not be started.

    I was going to try Fallon W.'s REGEDIT solution, but REGEDIT will not run because it's an .exe application. It ran a day or so ago, so not sure what's up. I have disconnected the computer from the 'net to prevent further intrusions.

    Got the documents off this computer and scanned the drive they went onto.

    On and on --- I'm about a heart beat away of the reformat.

  • Greg A. says:

    I solved it!!! And I will NOT be putting it out here on the blogs. Too many prying eyes from the malware miscreants. Suffice it to say I used a combination of solutions from this blog and others and learned more about the internal workings of computers than a professional photographer needs to know.

  • michael says:

    You guys saved my life! I now know a new way to get rid of a computer virus. I used to just download free AVG software, but now I don't have to restart the computer a thousand times just for it to let me onto the internet. Thank you again!

  • Mike says:

    You guys are so bright! I took the easy route and down loaded SpyHunter and let it do the search it found SystemTool 2011 and several other spywares. Yes you have to buy the full version, but for some one like me (10 thumbs and an old brain) very worth it. It cleaned out a total of 35 unwanted intrusive spywares. I have used Spybot and malwarebytes on a regular basis but these files were not picked up, my PC is now working at full steam.
    As I bought the full copy I also down loadeded into my laptop, it cleaned that up it is now ultra quick.
    Remember if you buy the full version and do not want to renew every 6 months cancel the auto subscription there is a link on the confirmation email!!

  • andy says:

    Hello there

    I got system 2011 on a family member's pc. I removed the files associated, but now I can't get an ip address on my network card.
    I removed the windows networking components and rebooted, still with the same problems.

    Any ideas?

  • AP says:

    Guys, safe mode and system restore worked. Thanks to all the helpful ppl above. Was in a bit of a panic!

  • yusuf says:

    Thanks guys.....you safe my life..!
    I just infected System Tool 2011 an hour ago and they ask for some money....
    I run safe mode and restore my system, it's 100% work...... and free...

  • yusuf says:

    thank you guy.....run safe mode and restore system....100% work.....free

  • flatliner says:

    This download was great, instructions were very clear - just go to safe mode right away and save yourself some time... worked like a charm. Thanks gang!!

  • K says:

    I'm not saying how I did it (we don't want them writing a better program!), but I tried many of the funtions on here, and one of them worked! You can beat it! Curse all those men/women who write evil code. I manually did it myself by the way. No paying Best Buy $200 🙂

  • Ady says:

    Used safe mode, (Tap F8 while booting up). Did a 24hr previous restore. Waiting for results of full PC check, but everything seems OK. Thankyou all so much.

  • gideon says:

    system restore, in safe mode.Simple when you know how.Trick is, not to panic!

  • Norma says:

    I was able to get to a DOS command prompt and to generate a complete file listing, with output sent to a text file. I was then able to open WordPerfect 5.1 and to search the text file for a new executable. I found a folder in Application Data with a gibberish name, and in that folder I found [same gibberish].exe, along with a small file whose name I can't recall now . I typed the following:

    md dump
    move *.* dump

    I moved the file rather than deleting it because I did not know for sure that it was the culprit. Sure enough, when I rebooted the problem was gone.

    Getting to folders with long names in DOS is tricky. Here's the sequence:


    I may have some mopping up to do but McAfee gave me a clean bill of health.

    I'm against capital punishment but would make an exception for the people behind this.

  • Dallas says:

    Safe mode then system recovery did the trick for me.

  • Jo says:

    I just got this virus, it wouldnt let me on internet or anything, i kept getting pop ups all the time !!! i though i had no choice but to buy it, which i did for $59 and now realise iv just been done !!! i have no idea how to get this virus off, am not that really bright on computers and you have probably noticed ! i take it there is no way to get your muny back ?? whoz account does it actualy go into !!!???

  • joan says:

    these people want stringing up i am a oap not very tenical minded was invaded with this [ system tool bug ] it really alarmed me just didnt know what to do i thought it was real wouldnt let me do anything on my pc but managed to type in help in google this site came up was so happy to find it was a bug im afraid i used spy hunter yes i paid but worth it besides i wouldnt no were to begin thx for all your help hope everyone gets on ok joan

  • Colin says:

    Safe mode, system restore, full scan, job done, thanks guys

  • Matt says:

    OMG I have spent 2 hours on this and nothing works, I am seriously annoyed that this has happened. I have tried all of the above steps and nothing is working, I am doing something seriously wrong or is it suggested to perhaps try and install some anti-virus? I have even tried to download a new antivirus but it is being blocked, ctrl-dlt does not work either - it seems everything is blocked. I could scream I have so much to do and this is not what I need right now.....any help very gratefully appreciated.

  • Tim says:

    I am still trying some of the above suggestions, my iolo System Mechanic Pro having failed to protect me!
    It occurs to me that, according to some comments, a few people are following the links to pay for the removal program. The reports then say that if you have you should contact Visa or whoevers card was used. Theferore the credit card companies should be aware of this fraud and taking steps that do not assist it\'s perpetrators, but identifies the parties concerned and brings them to the attention of the authorities. Maybe we should all write to the various card services to complain and harass them into taking action?

  • Sandy says:

    Thanks so much!! Just a note, I tried deleting the rogue files and was not able to delete them until I ran my computer in safe mode. Also, there were seven letters and five numbers in my files.

    I rebooted after deleting and using safe mode and all seems well now.

    Thanks again!

  • Angus says:

    I am far from being a computer expert but I was able to get this virus off myself. I run Mcafee which didn't pick it up and they have the cheek to try and charge you £60 to have it removed (so clearly they are aware of it...)!! I did a restart in safe mode --> Start --> Search (enter .exe) --> Advanced Search -->next I searched all files that ran the day of the infection.... there were a lot of "applicaton" files which looked really odd and had been installed during the day, so I deleted them all and emptied the recycle bin. Then re-started. Seems to be OK. I did note that on one of the other a/cs on this PC it wasn't infected so wonder if there is a route in to fix that way....but I didn't need to try.... Good luck all and hope you punks who invented this get a very bad virus yourselves.

  • Jerry says: says:

    I tried using SAFE MODE and when I select it comes back and I can only get in when I select other than safe moden

  • rayt says:

    fallon w is right on. His suggestion worked like a charm. I should point out that my wife's version of System Tool 2011 did not show up in the task manager either as an application or a process. For Windows 7 users new to itsregedit, each subsequent
    entry in his list is a subfolder of the entry before and you have to click or doubleclick on each one to get its subfolder list. At tjhe end of the line there were only two values listed in the right pane. The top one was a default value, which you recognize
    by the time you get this far. System Tool was represented by a meaningless string of
    letters and numbers and symbols on the second line. Use he view menu to delete it.

    After I deleted the registry entry, I used System Restore to take the System back to a time before System Tool started annoying us, which also restarted my anti-virus and anti-spyware, and then updated Windows and the securityware (Windows Essentials in my wife's case).

    Good work! fallon w

  • babs says:

    I got infected with System Tool yesterday, and have been panicking until I logged into this website (thanks to an IT friend who clued me in). System Restore did not work for me, either. So I logged onto Safe Mode, and could not find System Tool anything. But I did the *.exe search for the dates, and found jEnAiDi20402.exe, which did it!!!!! Thanks to all so much for your help!!!

  • k12r88f says:

    Tried running system restore in safe mode and was unable to get it to run!! Any advice?

  • Sean says:

    Our system restore was turned off unfortunately and we tried all of the above and most failed apart from:
    >Start computer as normal and log onto main admin profile
    >Hit Ctrl Alt Del IMMEDIATELY
    >Click onto processess and note the top file that was hogging all the memory
    >Find that folder in My Computer>C>Documents and settings>All users>Application Data and rename it very quickly!!!
    >Shitdown PC and restart hitting F8
    >Select \"Last known good configuration\" and log on to main admin profile
    >Go into My Computer>C>Documents and settings>All users>Application Data and delete the folder you renamed then empty your recycling bin straight away

    We ran a load more checks from previous inputs above and it seems to have done the trick

    Thanks to all those who posted on here - we\'d be lost without you! 8 )
    You are good people - unlike the b**tards who write this kind of software in the first place!

    Thanks again - and good luck to any other peeps who fall foul

  • Ram says:

    I have been victimised by this load of shit of System tool 2011. Suddenly my computers was infected and shown massage on screen blocked. Then i have been forced to buy the System Tool 2011 to remove Mel ware and Spy ware from my computers. I purchase on line as massage suggested on screen and paid by credit cards worth of USD60.00. Now removing once it has not solve the problem and there is no software to run again in my computer. What waist of money and it this not a crime?

  • AG says:

    Hi, thanks for this, the start up in Safe Mode and System Restore option seems to have worked (fingers crossed). I tried Task Manager and to search for the files but couldn't identify the file that was the problem.

  • Stacy says:

    Thanks everyone for the great advice! It helped immensely! So happy there are sites like this to help.

  • RLB says:

    My wife's laptop got hit with this today. The only thing that worked for us was to boot in safe mode, open up the c drive and do the *.exe search for today's date. We deleted the 2 files that we did not recognize and it worked like a champ. Thank you very much for your help. I would love to neck shoot these bas*ards.

  • PaddyW says:

    Thanks to everyone that gave advice. I ended up going into Safe Mode, Restore then re-boot. However I found that my system was very slow so, I went into: Start, Computer, C; Windows, found what was registered with the date and time that this evil thing appeared, and deleted the file, along with, coming back out, going into Programme Data folder and doing exactly the same, closed all, re-booted and, as far as I can gather, all is good again. Hope this helps. Sorry for not giving tecnical jargon but, I am a novice, to say the least. Good Luck everyone!!

  • Jane says:

    Just got infected by this System Tool virus and I totally panicked!!!! Luckily, I found this site and got loads of help. I\\\'ve got Windows Vista. As previously suggested, I restarted in Safe mode, ran a search of all files by date and sure enough...there it was! File name was dOnHcNm18100...got rid of all files/folders with this name and...viola! I\\\'m not really computer savvy so took me quite awhile...but I did eventually got rid of the virus. Thanks to all you helpful guys! 🙂

  • K2A says:

    I too was a sucker for this scam! It cleared out my bank account?? Any suggestions on what to do? Im not too good with computers when it comes to this sort of thing?

  • LucyLuvYou says:

    Thanks for all the help. I'm running Windows 7 and I just got this virus about two hours ago.

    I did a combination of a bunch of things and it worked. I think I'm in the clear. I tried removing the files listed, but that was unsuccessful. According to several posts here and elsewhere these viruses change within the course of days so sometimes the fix posted becomes obsolete. I tried a restore, that did not work. I tried downloading anti-malware, I could download it but it would not run. Basically, I found no .exe files where able to run period, not even Chrome because it was downloaded as an .exe. None of the 50 ways of accessing regedit worked for me. So I improvised.

    The system tools was running from my lower tool bar and I was able to right click on it and pin it to my task bar. I right clicked again and it showed me the files location C:\ProgramData\kIlKaFj06300.

    From there I attempted to delete the file, but could not because it was running. I googled exefix_windows7 (per on suggestion) and couldn't download the damn zip for it. At this point I wanted to pull my hair out! But I got it fixed. My directions are below! Thanks to everyone because all the suggestions together helped me to conjure up my own fix!

    System Tool Removal Fix for Dummies, Windows 7 (like myself)
    1)Run computer in safe mode by hold F8 while starting computer
    2)Click Start Button
    3)Search Programs and Files for Run
    4)Run file name you found from taskbar (see above)
    5)Right click, select delete
    6) Delete from Recycle Bin to be sure (YOU ARE NOT DONE YET)
    7)Restart Computer per usual
    8) Download Anti-Virus/Malware (I used Malwarebytes)
    9) Follow instructions, remove and reboot (whole process took 5 mins!)

    From Virus to none in 2hrs flat, would have been quicker if I knew what was doing at all!

    Hope this works! Cheers!


  • diamond says:

    I too was just infected with this. I did as instructed and started up in safe mode, did a system restore and everything is now gone and my comp back to normal.
    i could not do anything untill i went into safe mode this THING blocked everything i tried to do. You must start up in safe mode

  • Jack says:

    I got infected with system tool, I push F8 upon booting but I can't get into safe mode. Help.

  • Bill Hut says:

    Since I was using McAfee They provided me with a free tool called Stinger. Once I found out how to start in Safe mode I could run the program. It seems to have worked OK but there do seem to be some damaged files. I\'m still kicking myself that I got tricked (I think) into letting it in.

  • good2go7 says:

    My Brother-in-law was recently attacked with the System Tool 2011 Rogue/Virus/Trojan/Scareware. It literally took over his machine. He is running Windows XP Media Center with SP3 on an HP 3.2 Ghz machine, 1 GB of RAM and 250 GB hard drive. Even though he religiously backs up his system to a Seagate 2.0 TB external hard drive System Tool 2011 would NOT allow access to those backups in NORMAL or SAFE MODE. I found a little program called COMBOFIX ( http://www.bleepingcomputer.com/download/anti-virus/combofix) that is absolutely amazing. I had tried to use Ultimate Boot CD for Windows, Puppy Recovery for Linux, and several Portable Apps programs and NONE of them worked. Then I tried Combofix.exe. Download the program at the link above and save it to a flash drive. This is the process:

    1. Boot your computer into SAFE MODE. This is best done by restarting the computer and as it begins to restart tap F8 until you see a boot sequence menu on your monitor. Use your arrow key to select Safe Mode with Networking and hit Enter. This is where you need to be in order to run Combofix.exe.
    2. Copy Combofix.exe from the flash drive to your desktop.
    3. Run Combofix.exe, it may say you need to change the file name in order to run it. If so, just click okay. If the program closes, double click it again and it will run without renaming.
    4. Follow the onscreen prompts and DO NOT do anything until Combofix.exe tells you to do something. All actions required will be performed by Combofix.exe up to and including rebooting your computer.
    5. Once the files etc. are removed Combofix.exe will generate a detailed report of what files, directories, and Registry Keys were removed or changed. This report is about 6-7 pages long and I recommend you print it out for future references.
    6. After Combofix.exe completes ALL its actions it is highly recommended that you run a FULL SCAN of your system with your installed anti virus software.
    7. When the anti virus scan is completed reboot your machine and you should be up and running again and System Tool 2011 is GONE.

    This is the easiest way that I found to get rid of this piece of crabware.

  • Manisha says:

    Hi, i've manged to get rid of teh background and popup, but ive looked through my files and theres abour 200 documents(viruses) about system tool. I can't delete these, as it says i need the administrators permission. With these on my computer, i can't do anything! Any help how to get rid of these?

  • Robert says:

    Whooo-ooo! This is the second time I've gotten this ninja of a trojan virus. The first time was back in 2010, and SAS (SUPERAntiSpyware, also known by my family as "The Big Guns) wiped it out. I got it again this afternoon, and SAS (fully updated) didn't work, nor did any antivirus listed here. The program was unfindable in safe mode, or anywhere else for that matter. Finally I restored the system in a last ditch effort, It worked magic. System Tool is gone as far as I can tell, internet back, load-up normal. Running SAS to see if anything is left behind. Thanks all for the tips!

  • Michel says:

    Thanks for the tip , I did system restore in safe mode and It works .Anyone know what to do it keep it out ? I dont know where I did get it from as I was told I have a very good security in place ,guess not even it is the first serious one which did get through .Run superantiapyware but it did gave me a no problem answer . Does anyone know of a program to stop it coming back ???
    I lost a day work for it and I thought it will be more so thanks again everyone for the advice

  • Peter says:

    Thanks. Bill's technique (2010-12-14 14:41:00 above) worked for me. The file name in my case was mJnAlKi18100.exe. I booted normally and looked immediately at the Task Manager watching for a task to appear, take lots of resources for a short time and disappear. I had to do this twice to get the name correctly. I then looked for this name in the registry with regedit (Find), and deleted the entries containing it. I aslo did a c: disk search looking for files with the same name in them. There were a couple, and deleted them. I re-booted after all this and the problem was cleared. Thanks Bill!!

  • Peter says:

    BAD NEWS SEQUEL - It has come back 3 times after being cleaned out! Maybe I am doing something wrong. I looked in the registry key RunOnce and the new name of the .exe file was in there. After noting the new name, I deleted the entry and searched the registry and c: drive for same instances and deleting everything seen. Each time on re-booting normally, the PC is OK for a while - an hour or so(?), and then the virus returns. It _appears_ to be unseen by MS Security Essential(MSSE), _and_ has the ability to render that program unable to function, i.e., turning it OFF and disabling being able to turn it on again. _Before_ my first infection I was doubtful about the original file so scanned it with MSSE, which did not find a problem. Is MSSE reliable?

    All further good ideas to fix this problem would be welcome! Thanks in advance.

  • Bob says:

    Thanks guys, it was giving me the shits, then I googled it and realised it was a fake... I really appreciate it and now it's gone. Joy

  • GRACE says:

    I got infected with system tool, I push F8 upon booting but I can't get into safe mode. Please help me what to do..

  • Urmas says:

    Search file SEAPORT.EXE in Pretetch folder.Delete.It is Vir Tool:JS/Obfuscator.Then clen computer.

  • Fred says:

    Peter are you still having trouble?

    Did you empty recycle bin after deleting files?

  • Tanya says:

    It worked! First, I opened the safe mode. Then I did system restore. Finally, the system tool was gone. Thanks guys.

  • mark says:

    i would like to thank you guys and girls for putting me right about safe mode god bless and nuts to the planks who mess about with our computers

  • starcruisen says:

    Hi guys i got the virus today im running windows xp home and it wont let me go into safe mode the arrows wont move it. Is there any other way around this appreciate any help.regards Steve

  • Hasan says:

    Hi Guys, thank you for your help.

    Simple way to solve this one using safe mode, Then I did system restore. Finally, the system tool was gone... this one very Helpful..

    Kamprettssss spyware maker.....

  • DMac says:

    Thanks to everyone on this forum for sharing their experiences and offering such great advice! And esp Dr. Love who explained (up top) how to open and run the computer in "Safe Mode" -- so that's what the F8 key is for!
    I did the Safety Mode--> System Restore fix, and it seemed to work.
    At least, I could get back into the system again, and that damn System Tool thing hasn't popped up again.
    But I lost a morning of work messing around with this problem, so I went ahead and downloaded SpyHunter and bought it. These malware-rootkits-spyware things keep erupting. I want someone I can call next time 😉

    thanks again and good luck all!

  • MdW007 says:

    Thanks, I followed Alex's suggestion from 2010-11-16 with Windows 7 and all gone.

    Will now do a system scan? What is the best way to make sure I have deleted all asocciated files?


  • timj says:

    WHen you are in safe mode, and then do a system restore, are you in danger of losing some of your files, programs, pictures, etc?

  • stefano11@live.com.au says:

    i have system tool and am on safe mode.i just deleted some wierd files in another language possibly russian or german. is it ok to go to normal mode?

  • Pedro says:


  • robert says:

    I have a malware called ms tool removal on my system can anybody help on how to get it off

  • frederick md says:

    Simply wish to say thanks for providing a fix to this malware. Spent full days trying to resolve this with McAfee but that suite failed to remove system tool. Thanks 1,000,000 and please carry on the enjoyable work.

  • Neeson Blart says:

    Magnificent! Your malware SpyHunter download actually worked. Tried it and was reluctant to registering by paying for it. Almost sounded like a scam but I took a change. Now I am malware free. Finally I boot my PC without those annoying pop-ups. many thanks.