System Tool 2011

This page is all about malware known as System Tool 2011. Also included is step-by-step removal guide as well as tips to protect your computer against this type of harmful threat.

System Tool 2011 with an alias SystemTool is a virus that made to look like a legitimate anti-virus program but in reality it was a piece of fake application or commonly known as rogue security software. It will arrive on computers as a recommended virus removal tool from fake online virus scanner web sites. If executed, instead of getting rid of what we thought as system threats, victims will experienced a more disturb computer operation. Continuous pop-up alerts will be displayed accompanied by a promotion to get the licensed version of System Tool 2011. Some Windows functionalities will be rendered unusable like task manager, registry editor and control panel. This was intended to prevent users from removing System Tool 2011 manually. 

When finding it hard to remove System Tool 2011, some will resort into purchasing the registered version of this useless software. By doing so, victims will be redirected to an online payment processing web site where credit card information will be requested. Providing these details may cause excessive charges to credit card for other unknown transactions certainly behind user’s awareness. Instead of obtaining this potentially unwanted program, you might instead consider getting free version of an effective anti-malware program that was known for its ability to take out malicious programs from the infected machine.

TypeRogue
Sub-TypeFakeAV
AliasesSystem Tool
OS AffectedWindows

What are the Symptoms of System Tool 2011 Infection?

System Tool 2011 Image

Rogue programs are tend to deceive computer users by issuing fake warning messages that will pretend as legitimate Windows alerts. Some of these are:

System Tool Warning
Intercepting programs that may compromise your private and harm your system have been detected on your PC.
Click here to remove them immediately with System Tool.

Security Monitor: WARNING!
Attention: System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need to update your current security software.
CLick Yes to download official intrusion detection system (IDS software).

Warning: Your computer is infected
Windows has detected spyware infection!
Click this message to install the last update of Windows security software…

A modification will be made to desktop and instead of a wall paper, it will placed a fake warning sign stating that:

Warning!
Your’re in Danger!
Your Computer is infected with Spyware!

system-tool-warning

The malware will run with the process:
[random].exe

Malicious files created by System Tool are the following:
c:\Documents and Settings\All Users\Application Data\(random)\
c:\Documents and Settings\All Users\Application Data\(random)\c:\Documents and Settings\All Users\Application Data\(random)\

System Tool 2011 will create the following registry entries:
KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “(random)”

Follow these Procedures to Remove System Tool 2011

Procedure 1 : Run antivirus scan under Safe Mode with Networking

Procedure 2 : Scan the computer with anti-malware program to complete the removal of System Tool 2011

Procedure 3 : Use Fake Antivirus scanner and removal tool to make sure that no more remnants of

Procedure 1: Scan Computer in Safe Mode Using Installed Anti-virus Program

1. First, we will try to remove System Tool 2011 by running a virus scan under Safe Mode with Networking. To perform this task, please complete these procedures.

Start in Safe Mode with Networking (Windows XP/Vista/7 Instruction)

- Please restart the computer and just before Windows start, press F8 on your keyboard repeatedly. You will be presented with Advanced Options Menu.
- From the selections, choose Safe Mode with Networking. Please use keyboard's arrow up/down to navigate between selections and press Enter to proceed.

win7-safemode

Start Windows 8 in Safe Mode with Networking

- Please restart the computer and as soon as it begins to start, please press Shift+F8 keys.
- Instead of seeing Advance Boot Options, Windows 8 will display Recovery Mode. Continue with the given steps until you reach Safe Mode function.
- Click on 'See advanced repair options'.

win8-recovery

- Then, click on Troubleshoot.
- Next, please select Advanced options.
- On the next window, please choose Windows Startup Settings.
- Lastly, click on Restart button. Windows 8 will now restart and boot into Advanced Boot Option wherein you can run the system in Safe Mode with Networking.

win8-safemode

2. Open your installed anti-virus programs and update it to the most recent version by automatically downloading necessary updates.

3. Thoroughly scan the computer and remove all identified threats. Do not restart or turn off the computer after the scan process. You still need to run another scan. Please follow the next procedure.

Procedure 2: Scan and remove System Tool 2011 files with MalwareBytes Anti-Malware

To remove System Tool 2011, download Malwarebytes Anti-Malware by clicking on the button below. This tool is effective in getting rid of Trojans, viruses and malware.

Download System Tool 2011 Removel Tool

1. After downloading, please install the program using the default settings.
2. At the end of the installation, please make sure that it will download necessary updates.
3. Once update has completed. The tool will launch.
4. Thoroughly scan the computer and remove all threats detected by this anti-malware program.

Procedure 3: Run TrendMicro's Anti-Threat Toolkit (ATTK) to check and delete any remnants of System Tool 2011.

As an added help to remove System Tool 2011, you can scan the computer with Anti-Threat Toolkit. This software is provided and distributed by TrendMicro. Follow this procedure to run a scan with this tool.

1. Download the package by clicking on the button below. This will launch a new browser window that contains further details about the tool.

FakeAVRemover Download Link

2. Save the file to a location on your hard drive.
3. Browse for the location of the file and double-click to run. If you are using Windows Vista or Windows 7, right-click on extracted file attk_far_gui.exe and click on Run as Administrator.

Run FakeAVRemover

4. When program launch, it will run a command prompt to initialize, prepare components, and update the program.
5. Next it will open the graphical user interface (GUI) of Anti-Threat Toolkit.

FakeAVRemover GUI

6. Click on Scan Now. This operation will scan all System Tool 2011 files and processes in your computer and display a list of result for possible Fake Antivirus program and malware that needs to be removed.

FakeAVRemover Scan

7. Tick all items that are detected by the program, and then click Clean. The tool will start removing System Tool 2011 components from the computer.
8. If it asked you to restart Windows, please do so.

Protect your PC from System Tool 2011 or Similar Attack

Turn On Safe Browsing Features

Internet Explorer - Activate SmartScreen Filter

Internet Explorer versions 8 and 9 has this feature called SmartScreen Filter. It helps detect phishing web sites and protect you from downloading malicious files online. To turn on SmartScreen Filter, follow these steps:

1. Please open Internet Explorer.
2. On top menu, select Tools (IE 9). For IE 8, please look for Safety menu.
3. Select SmartScreen Filter from the drop-down list and click on Turn on SmartScreen Filter.

IE SmartScreen Filter

4. Please restart Internet Explorer.

Google Chrome's Enable Phishing and Malware Protection

With Google Chrome's Phishing and Malware Detection feature, you will have lesser risks browsing the web. It will display a warning when the site you are trying to visit is suspicious. To enable Phishing and Malware Protection, please do these steps:

1. Open Google Chrome.
2. Click on the Customize and control Google Chrome (3-Bars Icon) located on top right corner of the browser.
3. Select Settings from the drop-down list.
4. Once on the settings page, click on Show advanced settings... at the bottom of the page to see the rest of the Chrome setup.
5. Locate Privacy section and mark 'Enable phishing and malware protection'.

Chrome Security Settings

6. Please restart Google Chrome. New settings keep your browser safe while surfing the web.

Mozilla Firefox - Block Attack Sites and Web Forgeries

Phishing and Malware Protection is a built-in feature on Firefox version 3 or later. It warns you when a page you are trying to visit contains phishing content or an attack site designed to drop threats on the computer. To help you keep safe while browsing the Internet using Firefox, please follow this guide:

1. Open Mozilla Firefox browser.
2. On top menu, click on Tools. Then select Options from the list.
3. Select Security and put a check mark on the following items:

  • Warn me when sites try to install add-ons
  • Block reported attack sites
  • Block reported web forgeries

Firefox Security Settings

Remove System Tool 2011 & Protect Your Computer Now!

Get Protection
30 Day Trial

191 Responses to“System Tool 2011”

  1. Remove-System Tool
    October 23, 2010 at 7:11 am #

    thank you for your great information, after followed all instruction, now I am free from System Tool…

  2. blackout
    November 4, 2010 at 2:03 am #

    I can’t seem to find those registry entries, and MalwareBytes not showing me any infections. I tried scanning many times in safe mode, and I can’t run it in normal mode. I also tried using rkill, but rogue is blocking it. Any suggestions?

  3. blackout
    November 4, 2010 at 2:04 am #

    I forgot to mention that I am using Windows 7 64bit if that means anything.

  4. James
    November 8, 2010 at 4:00 am #

    Okay, so I’m running windows 7, and those registries don’t exist, none of those files are there, I’ve run 3 spyware, 6 malware, and 2 virus programs. cleaned with each 3 times, and now none are popping up with anything new. BUT, every time i run in normal mode, the same thing happens again. I. NEED. HELP. driving me insane. i recently got rid of security tool about a month ago with the above methods, but now system tool came on. and if it matters to anyone, i never downloaded anything. they automatically downloaded themselves without me knowing.

  5. madpersonbcsystemtool
    November 8, 2010 at 6:18 am #

    I have the same problem with blackout I ran malware and its not showing anything and also I have windows 7.

  6. JustGotLucky
    November 12, 2010 at 1:47 am #

    Hey for those using this page…I had to load windows in safe mode, find the shortcut on the desktop and then RIGHT click on the Shortcut go to Properties and look for the directory and EXE file name. mine started with dPhP* then I went into the registry (REGEDIT) and searched for that string and I found a bunch of things. Then I looked for the same string in my files and deleted all of them. Then I ran anti-virus and now I am free!

  7. jeannette
    November 15, 2010 at 4:57 am #

    This has locked my system, i can’t open any of the anti virus programs i have Avast, MalwareByte I cant open system in safe it just locks up and does nothing. Microsoft (anti virus) and hijack this won’t open either. Any suggestions?

  8. System Tool Hater
    November 18, 2010 at 10:08 pm #

    How I removed System Tool virus… My wife had it on a laptop running Windows Vista.

    I found that it kept shutting down all applications, Internet and worst of all Task Manager. Malwarebytes could not locate it – but found other stuff :-)

    Sometimes this virus has a random 8 digit number .exe file – but the version on my wife’s computer did not have an 8 digit name. It had a name made of letters and digits that looked randomly generated. It is not completely random…

    I found that if I logged out and back in I had just enough time to launch Task Manager before it was shut down – I could see some odd names in there. But I didn’t have time to read them all. Screen grabs did not work because System Tool stops you launching MS Paint. SO – I took a photo of the screen!

    I could read a weird name and that it was described as ‘System Tool’. BINGO!

    The name looks like “fdumjw01803.exe” for example… What I have found out is that the ’01803.exe’ part is a constant. It is mentioned elsewhere online as a virus.

    Restart your computer in Safe mode (pressing F8 on start-up). And when all up and running search for ‘ *01803.exe ‘ (dont use ‘). Use advanced search – search ‘Everywhere’ and make sure you include hidden and system files.

    You will find the .exe file and also a PreFetch (pf) file with the same name in a folder of the same name.

    If you right click you can choose ‘Open file location’ and then you can see where they are. You can delete them.

    I changed their name by adding a dirty word to the file name (in case other apps are calling them) and moved them to the desktop. I rebooted and all was well Then I deleted the files.

    Hope that works for you folks!

  9. howard g klemme
    November 21, 2010 at 4:37 pm #

    I just subscribed and did not complete the down load and have received no email or activation code. What do I do?

  10. Chris
    November 23, 2010 at 2:02 am #

    This virus hard to get rid of but once I located it, it was easy. What you need to know is the date the incident occurred or as close as you can recall. Go to your control panel then access your uninstall feature. Look for the most recent install. It will be titled something non-suspicious. Simply remove it then restart your computer. You do not need to buy anything to get rid of it. If you removed something by accident that you recently installed, you may lose that, just remove the last thing that was installed on your computer, because I’m certain you couldn’t install anything once that virus was there. Its very simple. Hope that helps.

  11. Chris
    November 23, 2010 at 2:05 am #

    DO NOT PURCHASE THAT PROGRAM. Its a scam. It may disappear initially, but when you restart your computer it will probably reappear. Just follow instructions above and you can easily eliminate it.

  12. Eric
    November 24, 2010 at 7:17 am #

    But I cannot uninstall system tool 2011 using your method.

    It said: an error occur when uninstall system tool2011

  13. scott wicks
    November 25, 2010 at 5:28 am #

    followed your instructions, didn’t do anything for me. Still have system tools 2011.

  14. banjowaza
    December 1, 2010 at 5:57 am #

    Another solution. Restart your computer in safe mode, press F8 when you reboot system. Then, look for the System Tool shortcut either on your desktop or search for it from your dos command. From Start, click run and type cmd. Then from c:\, type dir “System Tool” /s. This will recursively search for any file name with System Tool. Once you find that file, open it up with an explorer window. It will most likely be a shortcut to the actually executable. Right click on the short cut and view the properties to get the actual path to the executable. Now… copy this path. From the command line delete this path by typing del and pasting the path. Since this file is hidden you won’t see it if you try to navigate to it… But you will notice that after deleting it the first time you will get no error messages, indicating the operating system successfully deleted the file. If you attempt to del that file again you will get an error message…something like file not found. So, once the executable is removed you can restart your computer in normal mode and you system should start up without all the malware/virus crap. I would suggest updating your existing anti virus software and running a clean sweep of the entire file system at this point. Regrettably there may be lingering registry key entries pointing to the deleted executable, but since it is no longer there it is not a threat.

  15. Rich
    December 3, 2010 at 10:14 pm #

    Had this prob my self so did a friend all I did was reboot in safe mode then right click on system tool 2011 click properties then copy the file name it was fpli1823 in my case paste it in search make sure you advance the search to see hidden files so it can locate the crap then delete it then clear your Recycle bin I use ccleaner an run a registry check with it also an that’s all folks it’s easy but if you tried deleting the short cuts an start bar launch you might have a harder time locating the file another way to get rid of files a duff you don’t like on your system Is s download-able disk boot magic this is like Linux operating system that you load in your boot sorry for any mistakes on this text my thumbs are fat an I’m using my new phone

  16. Atiq Ur Rehman
    December 4, 2010 at 6:56 pm #

    Hi Everyone

    System tool is a crap thing it comes again and again. It gets you very angry. You feel like breaking your desktop or laptop. So here is the solution which for me. As get this problem, go to start right click on the file and check the location, where it is located. When you fine the location and you don’t find the folder or the file then it might me hidden. Do check the hidden folder and file. After it is done, restart your PC and free f8 for safe mode. Get into the safe mode and get to the same folder or file and delete. Restart your PC in normal mode. It is done. Thank you.

  17. chad
    December 6, 2010 at 1:50 am #

    i am running window XP, don’t see any of those files in my registry…i need help…at my wits end

  18. Marc
    December 8, 2010 at 9:51 pm #

    People, this crap known as rogue or ransom ware is a multi million or multi billion dollar business. It is like someone raping your daughter and making you pay for them to stop. I urge everyone who has fallen victim to put these scum bags away for the next ten to twenty years by contacting the FBI and filing a complaint in the IC3 division.

  19. preeti
    December 9, 2010 at 6:41 pm #

    System tool hater – you worked wonders for my life. Thanks for saving my computer. I was up for a trash.

  20. Matthew
    December 12, 2010 at 5:49 pm #

    I recently had this virus, big of a pest as it repeatedly pops up saying “your computer is infected” or “This may happen if you do not protect your PC” etc.

    It also prevented me from accessing anything that would remove it such as my anti-virus software.

    A simple solution to this, I found, is to simply restart your PC in safe mode, and then perform a system restore (Found in control panel). Pick a date that you know the virus was not around on, and then complete the system restore. Once this is done your PC should be fine and dandy (Mine was).

    Hope this helps any of you with this problem, it’s a real pain :)

  21. Phill
    December 13, 2010 at 8:12 am #

    system tool hater, YOU ARE THE MAN!!!! worked like a charm, next time your in Boston I owe you a beer.

  22. Gwen
    December 13, 2010 at 5:06 pm #

    I was so glad to read these comments as I had my own battle with System Tool 2011, and I’m pretty savvy and have no idea how it gained access. It shut down all Administrative functions and even my ability to use my printer (hard wired).

    I did not have to pay for any removal program, and none of the specifics in this article applied. I was only able to identify and remove it by signing on to the computer as a Guest. The core name of the file (on my computer, at least) was: hOfCn06301 in various combinations.

    I used Safe Mode, and ultimately had to do a System Restore because something I removed affected Internet graphics. I also removed McAfee (which had not protected) and installed AVG. There was one last issue, and AVG immediately recognized and quarantined the virus (for free…)

    Good luck!

  23. Nigel Walsh
    December 13, 2010 at 5:22 pm #

    How to remove System Tool 2011 from XP and XP Pro

    Start up in safe mode (Press F8 on keyboard as soon as you turn on the computer)

    This will allow you access to run system restore
    Restore system to previous date

    This did the trick for me.

  24. Ron
    December 13, 2010 at 7:09 pm #

    This virus hit my computer and held as hostage I paid the subscription fee and the scan found no virus or spyware> Has any one experienced any fraudulent Bank charges .I call immediately and ask for a refund and was told I would receive it in 5 days. Any help?

  25. Tool Hater II
    December 14, 2010 at 5:35 am #

    See System Hater comments. Mine showed up as gGoAp06301.exe. Once I searched and deleted it, it was fixed.

  26. Ithy
    December 14, 2010 at 5:54 am #

    I got pretty lucky against this virus
    was able to start in safe mode and realized it put a shortcut on my desktop and was able to follow it to the program. last time I got a similar virus like this I was able to stop it with task manager before it would start but this time I was unable too.
    but for those running XP professional try finding it in safe mode at this location – “C:\Documents and Settings\All Users\Application Data\kIbJm06301\kIbJm06301.exe”
    if it is just delete the containing folder and your done.

  27. Michael
    December 14, 2010 at 6:13 am #

    Yes, what Matthew did (the system restore) I did also.

    I was hit with this bug around midnight of Dec. 14th (as in, less than hour before I was hit, it was Dec. 13th). But less than an hour after I was infected, it was gone.

    I have Windows VISTA.

    I put my computer into safe mode, went to start, and searched “system restore.” After I opened System Restore, I was then offered three restore points, going back as far as Dec. 10th. Any of these restore points should have worked (because System Restore worked in the first place!), but I was cautious and clicked “show restore points older than 5 days old.”

    I picked the oldest restore point I could, November 18th. Once the system restore was done, I was virus free.

    Pros of using this method: it worked for me; NONE of my Word Documents were lost (even ones I wrote on Dec. 13th)

    Cons: my system is 1 month worth of updates behind; everything I’ve downloaded since the 18th of November is gone (most noticeably, ManyCam and Skype)

    NOTE: Before I did this, I researched if system restoring to a previous point could remove viruses from computers. I couldn’t find much information on this topic, but the one reliable source I did find, which answered this question directly, said (paraphrasing) “no, because the virus can make copies of itself onto multiple restore points.”

    As you can see, I tried anyways, and it worked. But WHY did it work? Maybe it’s because I chose a restore point so far back that the virus (which had only infected my computed 20 minutes prior) did not have time to copy itself onto this restore point.

    I don’t know, I’m no computer pro.

    I HOPE THIS HELPS!

  28. Zelda
    December 14, 2010 at 10:27 am #

    After trying a lot of complicated maneuvers to remove the System Tool virus from my Vista-run desktop, the system restore in safe mode finally did the trick. Thanks to all the posters on this forum for their advice and help!

  29. ed mason
    December 15, 2010 at 1:53 am #

    None of the prescribed remedies worked for me. Here’s what did; I searched for the System Tools 2011 folders, found them and deleted them. Of course the files they deposited were still causing all kinds of trouble. I then ran a search on my C: drive for all .exe files. I sorted those files by date and deleted all the files that had been created since I got the Systems Tools 2011 virus. That fixed it. I had to do these searches and deletions using F8 Safe Mode. They are changing file names so that spy doctor software and others don’t work. Hope this helps. It sure is a rotten virus.

  30. Ed
    December 15, 2010 at 2:09 am #

    I had the same experience with Windows 7. System Tool 2011 page showed up on desktop and shortcut appeared for System Too l2011. I right clicked on the desktop for properties, found location as C:\ProgramData\oMhGp06301\oMhGp06301.exe and shortcut location as c:\Users\Ed\Desktop\SystemTool2011.lnk and creation time of 12/14/ 7:38 PM. I deleted the shortcut, tried to restart my PC in safe mode but was unable to. When it restarted the same screens began to appear. I was able to locate the oMhGp06301.exe running in the services directory and stopped it, and then deleted the folder C:\ProgramData\oMhGp06301, (it was hidden so I did have to show it). PC seems to be running OK now.

  31. troy
    December 15, 2010 at 6:15 am #

    I tried all the other ways above matthew #23 none of them worked and were very confusing, system restore took less than a minute and system tool was gone follow matthew #23 directions and you’ll be home free!!!

  32. dre man 8823
    December 15, 2010 at 6:57 am #

    Thank you so much system tool hater! Worked GREAT! You’re the man!

  33. WTF
    December 15, 2010 at 4:04 pm #

    I used the free malwarebytes to remove system tool 2011 and it worked. Then the next day my Internet wouldn’t work in the browser. I am connected and I’m on the Internet through messenger. Whats Up?

  34. Joel
    December 15, 2010 at 6:10 pm #

    @Ron

    Have that credit card frozen immediately. It’s a rogue virus meaning it is acting as a virus scanner wherein all actuality it IS a virus itself.

    You need to reboot your computer into safe mode. Then follow any above instructions for removal. First priority….get that card frozen.

  35. Steele
    December 16, 2010 at 5:30 pm #

    I figured out a way to remove it but you guys might not like it, first you need to have a guest account, log into it and go to the control panel and create a new admin account then delete the old account with the virus and it well be gone hope this helped.

  36. Dee
    December 17, 2010 at 12:10 am #

    Atiq ur rehman , thanks for the help it worked for me, i restarted it and the screen was back to normal with no pop-ups…seemed almost too simple, i hope its completely gone.

    I right clicked the shortcut in safe mode and deleted the files. restored in original mode and cleared my recycle bin…that’s it. should i be worried it might come bacK? Also, what spyware do you recommend? Is AVG pretty good? I saw someone recommend that as well here… OK.

  37. phantompiratex
    December 17, 2010 at 3:21 am #

    I received a laptop from a client with this on it. I couldn’t catch it with task manager but as i was searching for the files listed here the antivirus detected a Trojan, i immediately started a thorough scan and it picked up all the files listed and quarantined them. Her anti-virus software was a free version of Avast. I followed up with a scan by Malwarebytes which detected no further infections. The laptop was windows 7 64 bit. Hope this helps

  38. Andrea
    December 17, 2010 at 2:24 pm #

    System restore works for Vista. I am also a careful browser, and was shocked when this heinous piece of work showed up. The only thing that I had been doing differently was I was visiting Myspace for the first time, so I suspect that site carries the virus.

  39. jesse cole
    December 17, 2010 at 4:40 pm #

    “pAgNk06301.exe” is a crucial file to look for and get rid of. Look for pAgNk06301 in the REGEDIT as well. That is the only way I got rid of System Tools 2011.

  40. trinbean
    December 17, 2010 at 6:24 pm #

    I had the same virus drove me insane! My IT support just wanted to wipe it clean because malware bytes didn’t work. BUT I FIXED IT!! Start-up in safe mode and go through the system files by date! Its kinda rude because they do put Microsoft’s name in there to hide it. Mine didn’t look like the one’s posted here but kinda like aEcBh069305 and there was another .. but delete them both. It was almost too easy. If you don’t know how to search for the files go to the start menu, the system tools folder and the system tools in the folder, DONT OPEN IT, but right click the system tools button and look at properties it will show you the location, target location, and where to find it.

  41. Deb
    December 18, 2010 at 1:03 am #

    Thank you Atiq Ur Rehman!

  42. moi
    December 18, 2010 at 6:34 pm #

    I couldn’t find those registry files either, but I was able to find the AppData files by just listing the stuff in that folder in Date Modified order. The most recent batch (I found three files) of files downloaded, all with the same date and within the same minutes, would be them, and delete them with extreme prejudice.

    Get the file path to where the shortcut on the desktop leads to, and delete that whole folder and its contents. If you use Windows DO ALL OF THIS IN SAFE MODE. How to start your computer in safe mode: restart your computer, and as soon as you see something on the screen start tapping F8. Select Safe Mode and continue start-up. Clean up your system as instructed, run a full system scan of your computer with a good antivirus program then restart your computer normally.

    You should load up fine after that (I did), and if you couldn’t do a system scan in safe mode then do one now. You should be okay after that.

    Full disclosure: I am not a computer tech, just someone who had this problem myself.

  43. butk1939
    December 18, 2010 at 7:36 pm #

    Reading these comments, I can’t believe some of you paid the money. The problem is that when you morons pay these disgusting Internet pirates the money…it makes it profitable which means they will CONTINUE to spread this filth through the Internet and damage other computers.

  44. Jeroen
    December 18, 2010 at 8:16 pm #

    My PC got infected with System tools 20 min. ago, read the regedit tips in here, but I found that using the system restore point worked just fine and it saves you a lot of trouble. I restored my PC to the recovery point it made yesterday so I’m not forced to update the hell out of every program again. I’m system tools free at the moment!

  45. AJ
    December 19, 2010 at 5:13 am #

    Just going to write, “Thanks!”
    I was going to throw my computer against the wall….but after reading this…all seems OK.
    I found the files through the properties shortcut on my desktop –> did an advanced search of the name –> deleted all traces–> revolted and seems ok.
    By the way, I did not have any system restore points, but I will make one now.

  46. ash
    December 20, 2010 at 6:55 pm #

    I had this crappy virus, easy to remove, simply by going into safe mode, then restoring your com to an earlier time, then update your antivirus, then run a full system scan, this done it for me.

  47. Marina
    December 21, 2010 at 12:53 am #

    I payed for system tool 2011 and I got the lifetime so I ended up paying $79.95 is their any way to get my money back and it has caused my laptop to get infected I got it to block any viruses and I did not recover an email I got the code before it re-started my computer but I didn’t get the chance to print it.

  48. gabby
    December 21, 2010 at 4:34 am #

    parents downloaded this virus somehow on their PC. tried to fix but the virus refused to let me open system restore or any other function. I restarted in safe mode (f8) was going to try the manual deletion but decided to be lazy and restore to an earlier date. Update my virus software and any other updates needed. (i restored about a month back versus an earlier date in case i missed any other spam attack) Worked like a charm. if i hadn’t of seen this info online for safe mood deletion id have told them to take it like a champ and buy a new PC. thanks for the all the help!

  49. Juleskis
    December 21, 2010 at 8:14 am #

    I was finally able to get rid of the virus by going to safe mode and restoring my computer to an earlier date! Thanks so much for all of the comments. So far so good…hope it doesn’t pop up again tomorrow.

  50. dillan
    December 21, 2010 at 3:03 pm #

    Looks like this little system tools program has updated it self and it is now blocking my access to open any program (taskmgr msconfig sybot system restore….everything except for firefox) but it is smart enough to block stuff with that so the browser simply freezes

  51. dillan
    December 21, 2010 at 6:16 pm #

    marina you might want to call your credit card company and put a freeze on that account and ask for them to cancel the charges if its not to late since you just got scammed….if you bought the “system tools” then you just gave them your credit card info and other info, not to mention you may have given them legal authorization to bill your credit card for the agreed upon price at least….

  52. simon
    December 22, 2010 at 12:57 am #

    Thank you so so much “MATTHEW” #23. I had “system tools 2011″ on my laptop 2 hours ago
    looked up lots of ways to get rid of it, many of them very complicated. Then I found your way
    10 min later and now everything is back to normal. I cant thank you enough. You have made
    my day.

  53. ven
    December 22, 2010 at 4:40 am #

    can system tool 2011 uninstall by itself? I lately got it due to a link a clicked on FaceBook. The other night a google it n found out it was a fake antivirus and I deleted sum of the files but it wasn’t completely uninstall. A few minutes ago I decided to google it again and I was reading this article at that moment my PC auto. shut down and when I restart it I didn’t see any of the system tool pop ups and I can access all the programs on my PC. can you tell me what is going on here? BTW, when my PC restart, a message pop up from Microsoft Windows saying your Windows has recovered from a serious error.

  54. help
    December 25, 2010 at 2:22 am #

    Every time I run my HP mini 210 in safe mode it freezes. What do I do now?

  55. Joe
    December 25, 2010 at 6:16 am #

    I had this, and I found a separate way around it. I couldn’t get malware to locate it and I didn’t wanna mess with my registry just yet. So I actually found the file under ProgramData folder and it had a random named folder like DNDR blah blah blah. I went in there, found the corresponding .exe file and went into its properties. I proceeded to go into each of its permissions, under each user listed and choose “deny” on all. Then I rebooted, it did not come up. I went back into the permissions and allowed every user to be able to delete it. Also, I checked the regedit areas and the appdata (and appdata/temp) and found none of those changes that were listed above after I went through my process. It didn’t take me long to do, I didn’t have to go through a restore, just a restart.

    Good luck to each of you.

  56. Nissan
    December 25, 2010 at 6:21 am #

    For the processes, instead of looking for a random process, look for runonce.exe
    it’s much easier and doesn’t make you heart pound looking for an unknown process.

  57. Jesper
    December 25, 2010 at 9:33 pm #

    Thank you Matthew (23). It was the best Christmas gift this year.

  58. valerie
    December 26, 2010 at 12:25 am #

    Just got infected earlier today….system restore worked for me…it’s the easiest thing to do.

  59. Miriam
    December 26, 2010 at 9:43 am #

    I got the virus around an hour ago. I was freaking out since it is obvious that it’s all a scam. I was able to save my computer by following Michael #31, thanks so much. Also, I agree with Andrea #43 because I started to get the virus after clicking on a link leading to Myspace. I hadn’t been there in ages, so I also suspect the site carries it.

  60. Gah
    December 26, 2010 at 12:10 pm #

    Randomly happened to me. I did what Matthew posted. Simple way of removing this 'System Tools'.

  61. Ronald King
    December 26, 2010 at 4:34 pm #

    I had it Twice the best thing to do is system restore always back up your system weekly and when or if you get this Virus just restore to a previous date.I was on Myspace surfing twice and both times the same Virus hit my computer,Don’t ever pay for the removal of this virus just follow what everyone is saying, Before this virus it was called anti virus 2010 so it looked like a legit program, Now its called System Tool 2011. Always report the info to the proper Law Enforcement this is extortion what there doing and wanting money to restore there virus.

  62. Jackie
    December 26, 2010 at 5:27 pm #

    Hi I also did the system restore and my computer seems to have got back to normal, my question is that is there any chance system tool 2011 is still on the PC, as in would any of the files still exist?

  63. Humph
    December 26, 2010 at 6:34 pm #

    I got locked out of my machine by this virus too. For some reason, I couldn’t get into safe mode too. So, i tried Joe’s solution (#62, 25th Dec), and it worked just as he outlined – without having to go into safe mode, or anything complicated. Registry, and all other areas appear clean. I’m now seriously thinking of moving from McAfee, to AVG based on comments here.
    Thanks, Joe

  64. Great White North
    December 26, 2010 at 6:37 pm #

    Thank you! Followed the automatic removal method, worked perfectly! Happy Holidays to all!

  65. Kacie
    December 26, 2010 at 9:08 pm #

    I want to personally thank Ed for saving me 2 weeks of my life and over $200!

    I awoke this morning to find this nasty bugger on my computer. Merry Christmas, right? After countless hours of running virus programs in Safe Mode, I took my heavy tower over to the Geek Squad who told me it would take them 2 WEEKS to fix it in-house, at a base cost of $211.00 (if there were no hardware damage). I decided to give it one more try before shelling out the cash. I had to run over to my work computer to find this forum and print off the instructions.

    Sadly, my system restore didn’t work (there were no existing restore points), and I couldn’t find any of the registries listed above. What DID work for me was just what Ed Mason said -I started the comp in Safe Mode and did a search of all .exe files that were created since the virus showed up. Sure enough, the very first thing on the list was the offender, which was: pMiMk08200.exe. I deleted it and restarted my computer normally. System Tool 2011 was gone! THANK YOU! The effects of any remnants of the bug that may be buried in my registry haven’t shown up yet (hopefully there aren’t any).

    Hopefully, for those of you who aren’t finding remedies any other way, this will work. Good luck to you!

  66. Ellen
    December 26, 2010 at 10:52 pm #

    We are trying to download the anti-virus software you directed us to but it’s asking for $24.95 – is that right?

  67. Jennifer
    December 27, 2010 at 4:44 am #

    Restore worked for us. Son got virus off facebook last night. Restored to a random date last month. It is the easiest way to get rid of it!

  68. mark
    December 27, 2010 at 4:56 am #

    Start in safe mode, complete a system restore. Done.

  69. Jiewei
    December 27, 2010 at 7:52 am #

    Running windows vista and got it. Blocking me from doing anything.

    Restarted in safe mode and deleted the executable.

    Restarted the computer and the problem was gone.

  70. Joe
    December 27, 2010 at 7:32 pm #

    I have tried system restore but this virus will not let it open. It says the “application cannot be executed.” I also cannot get the computer to start in safe mode. At one point do you press F8? Would appreciate any help!

  71. Bailey
    December 28, 2010 at 4:25 am #

    I followed the steps from: Matthew #23 > Michael #31.
    I restored the computer back to 7 November 2010, the virus was received a few days back. The virus is gone, thank you for the help!

  72. kZ
    December 28, 2010 at 6:53 pm #

    Thank you soo much. This really helped.

  73. stephen ottridge
    December 28, 2010 at 7:39 pm #

    My son cleared the virus using SAFE mode and Malware. Somehow my Anti-Virus from TELUS was not enabled. I think I got it from Canada’s Globe and mail website. I still have a System Tool icon in list of programs. Can I just Delete that.

    PS I have never been to Myspace

  74. vida
    December 29, 2010 at 8:02 am #

    Thank you to matthew #23 and Michael #31.
    I restored my computer back to November 6 2010 and it is gone! It was the worst virus ever.
    Thank you again.

  75. wkoelbel
    December 29, 2010 at 4:26 pm #

    I fixed System Tool with looking at for all *.exe, found it by date: in that case
    mOnCg09000.exe

    Thanks to all writers in this help Forum.
    from Germany

  76. hugo
    December 31, 2010 at 1:30 am #

    Mathew 23, you are the man! Thanks alot.

  77. Christine
    December 31, 2010 at 3:29 pm #

    I just got this virus after visiting Myspace. I haven’t been on there in a long time and you can bet I won’t be going back again. It hijacked my computer and I had to go on another computer to search how to get rid of it. I couldn’t find the entries in the registry so I did the system restore method and now I’m back up and running. Thank you Matthew #23 for suggesting that. I also am shocked that people actually paid the money. How gullible can you be?

  78. vin
    December 31, 2010 at 3:33 pm #

    joe #78 I’m running XP pro and what worked for me was I just did a search 4 file modified the day the icon in my system tray showed its ugly little head (it was a combination lock) found a folder named Jo58ac (don’t remember exact name) or any one that looks suspicious. opened containing folder from search it was in docs/all user windows/data/ anyway was able to delete one of two files, but the file that looked like the combo lock wouldn’t i renamed it sick. then restarted my comp. and searched again then deleted the entire folder from the search window.

  79. System tool hater lover
    December 31, 2010 at 10:59 pm #

    Thank you so much system tool hater! Didn’t quite work the same because that number you had as a constant wasn’t a constant. But i did open the task manager really quick before it closed everything and took a quick picture and found a weird file named jnjgc06300.exe. went into safe mode found the containing folder, renamed them, and deleted them and went back to normal mode and everything was fine!

  80. ralph
    January 1, 2011 at 2:16 am #

    Actually the malware is resides in c:\documents and settings\all users\application Data\[Folder name with weired name]\foldername.exe.

  81. broknsk8bored
    January 1, 2011 at 3:31 pm #

    You don’t have to do all that mess that was said at the top and you definitely don’t have to spend money cause I didn’t and the only anti-virus I have was free (PCtools) and when you have done what I’m bout to tell you, run a scan but make sure you try to restore first. restore didn’t work for me and neither did task manager when I ctrl, alt, delete cause the virus blocked it and almost everything else. I’m running windows 7 by the way but its simple, go to start, then computer, then to your hard drive look in “ProgramData”, you will see a folder with a weird name, mine was “bAiLf06300″ click and drag it to desktop to create a shortcut. restart PC in safe mode then open the folder you moved, delete the files, should be 2, send to recycle, do the same with the shortcut, then empty recycling bin and restart PC normally and its done. you didn’t have to buy malware or anything. by the way it took me like 4 to 5 hrs to figure this out and it only takes 10 minutes to do it if you follow my directions. After I deleted the virus, I did a restore to get it back on my PC so I could go back through it, step by step, writing it down so that I may help someone else with the same problem, cause no one wants to buy more anti-virus crap when you already paid for one that works, it is nor spend 5 hrs looking through files trying to find way in a needle stack.

  82. system tool2011 AGH!!!
    January 1, 2011 at 7:38 pm #

    System Tool Hater – I cannot thank you enough! I followed your instructions and got rid of that dang system tool 2011. May you have the best year ever! Yippee!

  83. Nicole
    January 2, 2011 at 2:17 am #

    Most definitely got this virus from Myspace. I did what someone suggested…the system restore. It worked. Now I’m performing a full scan on my computer with Microsoft security essentials. I think I’m in the clear thanks to everyone on this board.

  84. David
    January 2, 2011 at 8:29 am #

    After 4 days with this mess, I ran my Windows Vista Laptop in Safe Mode w/ Networking. I deleted my whole TEMP folder and ran/ updated at least 4 of my virus scanners.

  85. OzzMan
    January 2, 2011 at 10:28 am #

    THANK YOU SO MUCH web site and Matthew!

    My computer is running great now. All I did was click on the start button, then click on all programs, then accessories, then system tools, then system restore. While on system restore, I clicked on a date before I got the virus and restored my computer. Deleting the virus and taking my stress away. :D

    Also special thanks to my cousin that helped me find this web site and kept my hopes up when I thought no hope was left.

  86. nonperson
    January 3, 2011 at 1:24 am #

    I was able to remove this by starting in safe mode and running system restore. It worked. I thought my computer was done.

  87. CHADH
    January 3, 2011 at 5:02 am #

    I have tried everything.. Start in safe mode and it just shuts down while starting but sometimes it starts but after awhile it shuts down. In normal mode shuts down after awhile. I hate this thing, I’ve searched and searched. I just want to give up. It’s my company laptop but now it wont let me log into company server and have IT remote in. I’m offshore on a rig in middle gulf of Mexico. I tried system tool haters and I cant find file.

  88. kwok
    January 3, 2011 at 8:02 am #

    Pretty annoying malware! Took me hours to get rid of. All I did at the end was just go into safe mode then restored my computer to a later date. Worked like a charm and much more simple than doing it manually.

  89. VT
    January 3, 2011 at 11:43 am #

    I followed the manual method but was not able to get the registry files mentioned. Then I tried the automatic method. I got the anti Malware from somewhere and tried to run it on my machine. It didn’t work even after changing the file name as mentioned in the procedure 2.

    I logged in safe mode and tried running the anti malware through there. It worked!! Then restarted the system in normal mode.

  90. Liam McArthur
    January 3, 2011 at 2:33 pm #

    I noticed this on my Dads user account this morning, a simpler way to remove it is the following:

    Log in to the computer using a different account that doesn’t automatically start up ‘System Tools 2011′

    Search your system for “System Tools”, when you find the application, right click it and open the file directory – delete all the contents from this location.

    Done!

    Worked for me but I recommend following the cleanup process also as shown above.

  91. Emily
    January 3, 2011 at 4:50 pm #

    To get rid of this virus, I logged onto my computer though a different account because on ours we have like three of them but only use one, the one that got infected. through the other account, I completely deleted the infected account. the virus is gone now. I just wish I didn’t have to delete the other account, but nothing else seemed to be working.

  92. Afterscore
    January 4, 2011 at 1:29 am #

    One thing a lot of people haven’t realised yet is that the string of numbers/letters that the virus associates itself with is completely RANDOM.

    Don’t bother searching for a string of characters that someone else has found because the chances are that yours are different.

    Personally I found that by doing a simple Search check for System Tool 2011 came up with the .exe executable file and right clicking -> Open File Location took me straight to where the virus was. Deleted the folder and all is well.

    Running Malwarebytes for a double check but I haven’t had any problems so far.

  93. Andy
    January 4, 2011 at 9:03 am #

    I was able to remove it using broknsk8bored’s (#89) method. Very simple. Thank you so much

  94. Stats1203
    January 4, 2011 at 1:53 pm #

    I also started in safe mode by hitting F8 as soon as the computer came on and then chose the option to restore my system to an earlier date. I just chose the date before I got infected. Now it appears I’m System Tools free and I’m operating as normal. Thank you to im-infected and to everyone on this thread for all the tips! I thought my computer was done for and was actually planning on budgeting for a new one in the new year. Thank God I decided to do a little research. I also ran a virus can with my REAL anti-virus software and it came up with nothing.

  95. Brandon
    January 5, 2011 at 7:26 pm #

    Nothing is working for me. I’ve been trying to start in safe mode, but it’s not working. Hitting F8 is just starting it manually. When I try to switch to safe mode, it goes to a blue screen, and I have to do a cold boot. Searching the .exe files has not worked either because none are showing to have been created on January 3 (when I was infected). And no system tools are showing in the search files either. I’ve done all I can think of or have read on this site. Anything I’m missing?

  96. april
    January 5, 2011 at 10:57 pm #

    I did this also and now I know its a joke does anyone know a phone number I can call this place I was charged $59.95 for this and I want a refund but have not gotten the number

  97. david
    January 6, 2011 at 10:01 am #

    Hi guys…I was so in luck…I have Windows7 and 2 (TWO) accounts on my laptop, 1 with a code that I always use and got this malware on, and another that I never use.
    I could easily reboot and work on the account I never use and download Malwarebytes there!
    After an hour it got rid of all malware, also 1 I had found with Spybot and never got out!
    System Tools 2011 disabled everything, also my Avira, but now no trace of it anymore.

  98. jim
    January 6, 2011 at 3:38 pm #

    System restore seems to be working for me, for now. Couldn’t open any virus software or download anything.

  99. Matt #2- This Worked
    January 7, 2011 at 8:00 am #

    Thank you Matthew (23)!

    F8 immediately upon start up (just kept tapping it), next I selected ‘Safe Mode with Networking,’ then I followed the option to System Restore and picked a date way before the problem.

    TIP: Different operating systems may require you to hit a different key when starting it up. F8 worked for me, and I still have XP.

    May all who are troubled find help. I pray God blesses you all.

  100. Sean
    January 7, 2011 at 1:20 pm #

    So, I just got this and got rid of it in 5 minutes. I was unable to get into safe mode, so I started by taking brokensk8bored’s advice and found the file under program data and moved the file to my desktop. I then restarted and the instant my desktop screen showed up I immediately clicked the file and sent it to the recycle bin before the virus had time to start up. Emptied recycle bin, ran virus scan, rebooted, DONE! All without even having to use safe mode or system restore. Hope this helps anyone who can’t get into safe mode as I was unable to.

  101. Krump
    January 7, 2011 at 9:56 pm #

    Nice work Nigel Walsh – I tried a few of the suggestions listed but a system restore in safe mode worked. Thanks.

  102. MooMwAN EmPIRe
    January 8, 2011 at 1:44 am #

    Virus tried to takeover by disabling all applications with the program named nlpjc09000 not 5648541024 also with the label system tool 2011!! check for the sempalong virus as that had coincidentally installed and opened itself 10 minutes previously to the system tool 2011 virus.

  103. JustDarryl
    January 8, 2011 at 1:56 am #

    Friend brought me a Laptop running Vista Home Premium with the System Control Manager version of this monster.

    I got it removed by the following:

    Boot safe mode command prompt.

    deleted Program Files\System Control Manager directory and all of its contents using the dos commands for deleting files and removing directories. (Google is your friend here)
    ran regedit and searched “system Control” and removed 2 or 3 entries (can’t remember exactly)
    reboot in safe mode and damn thing still there BUT I could get to task manager now.
    I searched for “*01803.exe” and came up empty. What I ended up finding was a file called Protector.exe in the %user%\roaming directory. I renamed it something else, ran regedit again searching for “protector.exe” and removed 2 entries (deleted values, not keys) and rebooted… Gone.

    I ran AVG 9 free and no results. I then installed Malwarebytes’ MBAM and it found the renamed file and what was left of its nasty trail of headache and removed it.

    I realize that this is not exactly the “system tool” version I encountered. But I found this site searching for my problem and it helped me get it solved. I figured that my information might help someone else in the same boat.

  104. Kevin C
    January 8, 2011 at 7:01 pm #

    I tried downloading a lot of different spyware removal tools, and System Tool 2011 wouldn’t let any of the programs run. I couldn’t access system restore either, so I rebooted the system, went into safe mode THEN did a system restore.

    If you have system restore turned on, you can get rid of this nuisance easily.

  105. Dave Connell
    January 13, 2011 at 2:36 am #

    Used System Restore and it worked like a champ! Thanks to all who contributed to this post.

  106. jackylyn
    January 13, 2011 at 5:09 pm #

    I have a system tools and I don’t know where it from ‘I’m shocked when the system tool is already install on my computer and start scanning…’how can I remove it ‘when the (msconfig is infected because of system tool and the regedit is also infected. I can’t go to safe mode. How can I remove this viruses on my computer?

  107. Colleen Fishbaugh
    January 14, 2011 at 4:39 am #

    Your site popped up on my computer saying it was about to crash. I panicked and bought and downloaded your program. I had my computer tech out and he said I didn’t need it. He deleted it. I want a refund on my credit card. It was not ethical of you to take advantage of my situation.

  108. Umesh
    January 16, 2011 at 4:37 pm #

    Boss this is really good.

    It helps me to remove system tool virus 2011. I got something different and useful stuff.

    I will look forward to get solutions for another problems in future.

    Thank you for great help.

  109. Mel
    January 18, 2011 at 4:36 am #

    My brother has this on his Netbook. It does not have F8. I can’t get into safe mode. Next time I see him I will check to see if has another account we can use, but anyone have any ideas about getting into safe mode?

  110. Brian
    January 18, 2011 at 4:30 pm #

    Thanks for the help….I found that just going to system restore while in safe mode removes it also…

  111. samuel
    January 19, 2011 at 1:20 am #

    Thank you so much for all the tips! Tried everything then did a search for .exe files ind safe mode and found the buggers after ripping my hair for the last 4 hours

    My System Tool had the following name mJaNj05313.

  112. Brook Monroe
    January 19, 2011 at 3:18 am #

    Big tip for saving Windows 7 systems from System Tool 2011 – don’t run in your admin account. Create a second user (you will still be able to install software you want using the admin password), and when ST 2011 strikes, log over to the admin account and kill the process (which will have a really weird exe name with letter-number-letter groupings as described). Then run your antivirus software from the admin account, and clean up the registry as needed.

    I just killed the ST 2011 program by hand using the admin account.

    It PAYS to set up an admin account.

  113. Jim
    January 23, 2011 at 1:04 am #

    1. Reboot in “Safe Mode”
    2. System Restore
    3. Done

  114. Georg-e
    January 23, 2011 at 1:47 am #

    Okay, So get rid of your system tool 2011 like this:

    1: Restart your computer, as soon as it turns on, Press F8.
    2: When all the options show up, press enter/return on Repair your computer.
    3: Wait for that to load.
    4: When that has loaded, Click on System Restore.
    5: After you clicked on your most preferred restore point, it will do the rest itself, and your PC/Laptop will be OK!

    I hope I have helped some of you!

    (PS: I am running a 32-bit Windows Vista)

  115. Tommy
    January 23, 2011 at 8:59 pm #

    My screen is blank and pressed F8 and there is no potion for repair computer.

  116. Joe Shmo
    January 23, 2011 at 9:50 pm #

    Here is a tip when a virus program won’t let you run Malwarebytes. Instead, I run a program called George. Yes “George”. You will have to protect yourself by creating George when your system is clean, or on another machine and then bringing it to the infected one. You create George by taking a good copy of Malwarebytes and changing its name. BUT, you can’t just change the name of the .exe. You must change the INTERNAL name. To do that, take a good copy of Malwarebytes and open it with a tool like Hexedit. You will find the actual name of the executable somewhere close to the front of the code. For MWB it may look something like this: mbam….Malwarebytes’ Anti-Malware… etc. (The dots represent hex 00 which is important. Use the editor to change that name to something other than mbam…. I used George (replacing two of the 00). You get 8 characters and as long as you don’t disturb the POSITION of mbam within the executable, it will still run. The good part is, the virus program won’t recognize it as mbam and let it run. This is not for the faint of heart or slow of wit, but as long as you’re working with a COPY of mbam, you can’t hurt much.

  117. Jarek
    January 24, 2011 at 8:00 am #

    It works. But I had to use the software. The first solution with deleting registry entries failed (I couldn’t find such). But the malware software worked and now my computer is free!
    Thank you very much.

  118. Joe
    January 24, 2011 at 8:24 pm #

    I have Vista 32 and i just did a system restore for the day before…the other methods were impossible due to they hid the files a different way, then i rebooted after restore and did a complete search and scan…did good!

  119. george eddde jorey
    January 24, 2011 at 11:13 pm #

    hello I have this morning purchased your system, and I lost the info page which I should have printed, would you kindly forward that page to me, I think it had our reg. number on it.
    Regards Eddie Jorey

  120. Nancy
    January 25, 2011 at 4:52 pm #

    Jim and Georg-e…Thank you so much for the information. It made getting rid of it so easy although I was nervous at first, but the step by step directions were great to follow.

    My daughter’s computer was hit while doing research on Veterinarians. I am just wondering how she got it.

    Thanks again!

  121. Nancy
    January 25, 2011 at 5:25 pm #

    P.S. It is more extensive than was reported…it also gets your credit card number and uses it fraudulently. It looks just like Window’s Defender and since I could not load any other anti-virus software, I thought I was buying the full version of Window’s Defender. Thankfully, after some research, I quickly cancelled my card and any fraudulent charges were removed. If you gave a credit card number, check your accounts!

  122. kenilworth
    January 30, 2011 at 12:21 am #

    Matthew #23 your a star….. system restore worked a treat.

  123. stosh
    January 30, 2011 at 3:56 pm #

    Got to give these guys credit for a good scam. this one was a pain. like stated above try and restart in safe mode. hit enter and restore your system to an earlier date.

  124. Simon
    January 31, 2011 at 8:48 am #

    Thanks alot, really appreciate the information.
    Was 2 seconds from buying this…

  125. Finch
    February 2, 2011 at 2:35 pm #

    Such weak virus programming these days…I rebooted and ran it in safe mode and then pulled a system restore to yesterday morning. Problem solved.

  126. Dennis
    February 2, 2011 at 4:44 pm #

    I had a tough time getting rid of this garbage. The virus would load almost immediately after a reboot making System restore or malware removal software useless. Safe Mode would only get to crvsc.sys before freezing so that wasn’t a possibility. However, as some of you have listed, holding F8 upon reboot for safe mode worked. (not sure why it didn’t previously) I was able to successfully restore my registry to an earlier date and it worked like a charm.

  127. Tom Beckett
    February 3, 2011 at 8:06 pm #

    I am running Windows Vista on a Dell Laptop. I just got the malware Tools 2011 on this computer. It is blocking me from the Internet and also it is not allowing McAfee to run. I found the malware in the Registry, but the delete function is not highlighted and therefore cannot delete. I tried to restore and blocked that as well. Any other ideas on how to get rid of this?

  128. DUONG TRUONG
    February 4, 2011 at 1:24 am #

    I just call police to investigate this web. Because After they collect the money they let me know the Internet protected was on and I saw the system tool and scan working but right now I did not see it again and I try to call for assistance or customer service but I did not see any thing to contact.

  129. Eric
    February 4, 2011 at 1:53 am #

    I was infected with System Tool 2011 January 27, 2011. Like everyone else I was shut out from all programs on my computer. I was going to have my hard drive wiped and windows reinstalled but was short of funds to do so. I had disconnected my tower and decided today, February 3, 2011 to reconnect everything to see if there was something else I could think of to try. Imagine my surprise when System Tool 2011 did not reappear. I am at a loss as to why it’s gone but I can access everything I could prior to infection. I’m currently running Malwarebytes and Avira Antivirus and have deleted everything that was installed on the 27th. Could it be this virus only lasts for a week and then disables itself? Seems too easy to me. I’m running Vista and my only recovery would be about 6 months old.

  130. ZZrock
    February 5, 2011 at 3:59 pm #

    I got the bloody virus 3 days ago. All my attempts to maneuver to task bar, control panel, download virus removal tools were to no avail. The following morning at work I was searching the net for help when I happened upon this site. I printed the instructions for removal and not only did the instructions print but also the comments left by others cursed with this hideous pile of 0s & 1s. I’m running Windows 7 on a Dell Studio 17. My fix was reboot in safe mode by pressing F8 repeatedly while booting up and going into safe mode, then system restore to the day before I was infected. It was then that I was freed from the clutches of System Tool 2011!

  131. Craig
    February 6, 2011 at 12:12 am #

    I used the solution bnajowaza came up with and it worked well. Thank you for your assistance. I am running Windows 7.

  132. Dan
    February 6, 2011 at 8:31 pm #

    I get a lot of viruses, and my laptop currently has this one. I cannot do a system restore, and I am unable to open Malawarebytes. I don’t know what else to do, I have tried using Rkill but it does little to help. I went and individually deleted the files as mentioned in other posts. What else can I do?

  133. tinyzor
    February 8, 2011 at 5:47 pm #

    SIMPLE METHOD TO GET RID OF SYSTEM TOOL VIRUS: when the virus shuts down all the programs u will still be able to see 2 icons on the bar next tot the watch that will continue to pop a message that your PC is still contaminated press the small key that looks like a small wrench then a window will open that lets u select if u want the program to pop up that message this doesn’t matter what u need to see is the name of the program that will be a few random letters and 5 numbers ex: awdasd14700.exe then u go to search and use advanced search and look for *14700.exe after u find it u see the location ex: d:\program data\system tools the folder will most likely be hidden, after this restart go into safe mode go to that folder and delete the 2 programs in the folder there will be a .exe and another one GL :)

  134. bianca p
    February 8, 2011 at 6:54 pm #

    I just downloaded system tool removal – it prompted me to remove my anti virus Avast. Is this an anti virus program? If not what do I use for anti-virus?

  135. GTS
    February 10, 2011 at 5:02 am #

    This damn System Tool blocked my every effort to purge it including booting in Safe Mode but I found a way to get rid of it that’s simple and worked well. Do a file search; select advanced search and be sure to include hidden files. Search for all executable files (*.exe) modified within the day or week since the problem first occurred. Look for files that are like 8 random numbers or letters. You can’t delete it yet, but make a note of the string of numbers and letters then right-click to Rename it and move it to your desktop. Now restart. Next delete that file on your desktop and do another search for other files with the same string of letters and numbers to delete them too.

  136. Ivyblade
    February 12, 2011 at 11:13 am #

    With the help of a good tech-savvy friend, and this webpage+user comments, I was able to rid my life of the curse of system tool. I followed the advice of searching for recently modified files, locating a random number letter combination .exe file, and deleting it from all locations. All is well so far, thanks for the great helpful information here!

  137. February 12, 2011 at 7:29 pm #

    @bianca, it is a worst virus. System Tool is a fake program do not use it and do not remove your avast antivirus. you should download malware bytes or superantispyware or follow the manual removal steps instructed on this page.

  138. IHateSystemToolVirus
    February 13, 2011 at 11:12 pm #

    If you’ve been infected with the System Tool virus thing as described, this is what you do to manually solve this problem; no downloads required, no strings attached.

    Regardless of the version of your computer (Vista or whatever), restart your computer, then upon start-up, press “F8″ repeatedly so that your computer will show you a screen where you can select with the “Arrow Keys” to run your computer.

    Okay, at there, just select “Safe Mode” or “Safe Mode with Networking” (shouldn’t matter which), then log onto your computer.

    Now when you’re on your desktop in Safe Mode, click “Start”, type in “regedit” in the search option and open it up.

    After you’ve opened it, follow these folder-paths:

    HKEY_CURRENT_USER -> Software -> Microsoft -> Windows -> CurrentVersion -> RunOnce.

    Okay, you’re here. Now NORMALLY you should see only a single “(Default)” file in this folder, however, since you’re infected with this blasted System Tool virus, there will be 2 files instead of just the “(Default)” with Data being “(value not set)”.

    This is the important part.

    Delete the random file with name possibly like “34DSIGDGssdf” or whatever; I repeat, just DELETE that, and leave the only thing in the RunOnce folder to be the “(Default)” file.

    Now, restart your computer again and let it run normally, and once you hit desktop again, that mother beeping virus should be completely gone and never bother you again (as long as you don’t get infected again of course).

    If you want to make sure, just run whatever Anti-Virus software you have and do a scan or something, of course I doubt it’ll find anything since it was originally useless against this virus anyways.

    Hope this clears things up!

  139. GTS fan
    February 14, 2011 at 4:18 am #

    Thanks for this GTS, for some reason my computer wouldn’t start in safe mode and pretty much every other options I had tried up to now didn’t work.

    I got System Tool on my computer by looking up images through google images which was really strange but my computer had been acting strange the past week so it could of been something else.

    Appreciate the help.

  140. Jimmy
    February 15, 2011 at 5:35 am #

    I don’t understand how people do this in safe mode. I have this stupid system tool crap and every time i go in safe mode I cant locate it. I performed malware anti in safe mode and it cleared 2 infections but when I went back to normal mode System Tool was still there! Cant access anything in normal mode, nothing will open!

    ANY SUGGESTIONS, PLEASE HELP!!

  141. AB
    February 18, 2011 at 1:49 am #

    I used “system restore” set it for a few days before the problem started. Worked perfect. 3 minute fix.

  142. Saoirse
    February 19, 2011 at 1:58 am #

    For System Tools 2011- click on THEIR registration and here’s the product key, WNDS-S0DF5-GSSE0-FG145-2DF8G and it’s ZEROS not the letter “o”, so put in their key ,let the phony viruses be eradicated and then use your malware remover to get rid of it and check that your Internet setting is not via proxy and that’s IT. done.

  143. Saoirse
    February 19, 2011 at 2:01 am #

    There is NO dash hyphen at the beginning of WNDS—etc—-went crazy trying to go through file after file looking for this garbage—-do it, it WORKS !

  144. William2012
    February 19, 2011 at 10:45 pm #

    ATTENTION ALL WHO CANNOT LOAD IN SAFE MODE: Follow brokensk8bored ‘s instructions -i.e. doing the following:

    1) In normal mode, search on the computer for “Programdata” and open it.
    2) You will see a really strange titled file. Mine had a bunch of numbers and letters – and was labeled as created on the day my virus came. This file sticks out amongst the rest of files in programdata.
    3) Highlight and move that file to the desktop. Remember where it is on the desktop.
    4) RESTART your computer. As soon as your desktop loads – and the virus is not active – move the file you had on the desktop to the recycle bin as quickly as possible.
    5) Empty recycle bin.
    6) Enjoy life now that the Security Tool is removed. Scan your computer with a reputable security scanner.

  145. mike
    February 20, 2011 at 4:00 am #

    Yeah system tool is an annoying one but it can be disabled.
    If you have windows 7 (this should work on other Ops also) check your start up list to verify that you see something like this lJdBgPb08250.exe (that is the exact name of the system tool bitch that had leached onto my machine.)

    now keep track of the exact file name you find (write it down or something, the first letter on the file I have listed above is a lower case L)

    now go to my computer and type in a search for it for the entire C drive. It should pop up after a while. When it does it will probably tell you that it is in this directory c:\program\data
    don’t bother to look for it in there the directory will be hidden just delete the damn thing.
    after that just run a free registry repair program like glary utilities (free version) after all you did not pay to have that thing on your computer so why pay to remove it, that would be non-american. (someones making ALLOT of money off that thing, they should be locked up in Cuba and really tortured)

    The utilities program will spot the now castrated support files and remove them as unneeded crap and broken links.

    you don’t really have do the registry thing right away, just deleting that one file will give you immediate relief and return your PC back to you. It will give control of your PC back to you so you can download or search for your own final cleanup program.

    That thing really is not technically a virus and follows the rules of other programs, it may bend them a bit but if you screw up the main application and the rest of it is nothing and can’t function correctly.

    This is Cybermonkey in MN signing off
    Good luck. now go kill the system tool bitch.

  146. Mike
    February 21, 2011 at 10:44 pm #

    I did leave one thing out in my post above that I forgot. One thing you may have to do before following my instructions on the previous post above would be to go in and disable the start up list. The start up list contains all the applications that you want to automatically open after windows comes up. I did not have to do this in my case but I have seen enough posts from people in other places that I felt I should bring this up. When System Tool gets onto your computer it automatically inserts itself into your start up list. That is what is driving everyone nuts about it, it opens right after your windows starts up and will flash all the messages and warnings so often in some cases that you don’t have a chance to do anything else. if you are having this issue have some patience while trying to pull up your start up list. In between messages from system tool you can get into your start up list but there may be a slight wait time while your request is in cue. See the cause of this is due to the number of times that system tool keeps activating those screens. Its kind of like trying to start multiple programs at the same time on your computer, they all take some resources but eventually do load in order.

    To disable the start up list on windows 7

    click on your start Icon.
    in the search window box type msconfig (then hit enter)
    you will see a window open up above the start button with msconfig app.
    double click this app and the application will open.

    once the app is open click on the start-up tab. now this is your list of all the programs that
    automatically open after windows boots up. If you see any program on that list that you don’t know, disable it. (note you can just disable the whole list for the time being if you don’t know what is good or bad. Don’t worry this will not affect your windows in anyway and you can go in and enable the list again after your rid yourself of system tool)
    By the way this is the same list I talked about in my previous post where you will find the name of the system tool exe file that is screwing with you. I can say without a doubt the exe file running system tool will be in that list. that is the only way it is able to pop up every time you boot up windows.

    after you disable the list “Apply the changes” and click OK. now restart your computer and follow the directions from my previous post to becoming system tool free. you will notice after booting up the system tool messages are gone, the system tool program is still on your computer but is just not active at this point and this gives you the chance to go in and
    remove it from your computer for good.

    Note: after the deed is done (system tool is gone) go back to the start-up list and enable the programs you want to automatically run at windows start up.

    Cybermonkey in MN over and out
    now it’s beer time. good luck

  147. David
    February 22, 2011 at 12:44 pm #

    I beat this scumbag virus by doing safe mode and than doing a system restore for 10 days earlier.

  148. marie2769
    February 24, 2011 at 3:59 pm #

    Thanks (ihatesystem) that fixed mine so far.

  149. Trace
    February 26, 2011 at 10:22 pm #

    Hi i would like to thank all you guys who help on here.I am running windows xp and got this pain in the bum virus.The first thing i tried was running in safe mode and it wouldn’t do it.I then tried loading up the PC and doing a system restore but the virus blocked it from running.I also tried to “msconfig”to stop it starting up in the first place but this was also blocked.I then tried doing a search for all .exe on the date i got this virus and there it was right at the top of the list at the time it appeared on my PC.I then removed it to the desk top right next to the recycle bin and restarted my PC.As soon as my PC loaded i put the file in the bin and emptied it and this worked for me.I was then able to go in and do a system restore to doubly make sure the damn thing had gone!

  150. tony
    February 27, 2011 at 9:19 pm #

    System tool haters method of photographing the process page in task manager before system tool kicks in works. Read his post at the top of this thread. It works and I am very pleased. Thank you system tool hater you are my hero.

  151. scott
    February 28, 2011 at 2:02 am #

    Tried doing system restore to previous date only date available was the day it was infected. Will not let me create a date manually. Please help.

  152. Andrew
    February 28, 2011 at 9:11 pm #

    Our infected netbook (windows 7) cannot open in safe mode, unable to get into msconfig, unable to run any exe files. We do no have a system restore point on it. This virus really seems to have got everything mentioned already covered. Has anyone else had the same issues and managed to kill this thing?
    Thanks

  153. Girlie77
    March 1, 2011 at 1:17 am #

    System restore in Safe Mode with Networking worked for me! Thank you!!

  154. Christina
    March 1, 2011 at 6:22 pm #

    I used the suggestion to search for .exe files while in safe mode. Found the problem, erased it then searched for similar files, deleted those and I was free! Thank you! (on XP system)

  155. Patsy
    March 1, 2011 at 10:11 pm #

    Yes to Girlie 77 – Important to go into Safe Mode with Networking! Then I was able to do a system restore. What I fear is a constant influx of this crap. And that something is buried inside my registry with a time period set for it to reactivate again and again. Why can’t the Feds so something to this idiots. Do people really, really buy this software?

  156. Petra
    March 2, 2011 at 12:53 am #

    Wow….thanks so much for every one’s comments. Got infected from a supposed update…warning to everyone! I tried the Automatic Removal, didn’t work. I tried searching for files with numbers in them, nothing worked. The simple System Restore worked. Well, at least for now. I’ve not received virus message for about 15 minutes now….good sign. Searched system files for anything named System Tool, also nothing. One of the comments was that McAfee didn’t catch it, I’m also disappointed. But if this is gone now, it was an extremely simple fix, only, that I would not have known about it unless I read these comments! So, thanks!

  157. Barnsley Simon
    March 2, 2011 at 9:07 pm #

    This worked for me with Windows XP
    1) Go to malwarebytes website and down load the spyware on to a memory stick. Ideally use your mates PC to do this.
    2) Switch on and go to safe mode (hit F8 and keep pressing as soon as you switch on your PC.
    3) Tab to top option ‘safe mode’
    4) Plug in your memory stick and down load spyware
    5) Run software in quick scan (this was enough for me….takes 30 minutes approx)
    6) Once complete make sure everything identified has a ‘tick’ and I mean EVERYTHING
    7) Hit remove and follow instructions right through switch off etc and……
    THAT’S IT….GET YOUR LIFE BACK

  158. Carnella Johnson
    March 4, 2011 at 7:20 pm #

    I need a contact phone number for system tools 2011 because I was charged too much for the spyware.

  159. Carnella Johnson
    March 4, 2011 at 7:21 pm #

    I just purchased the software but I can’t find it anywhere on my computer.

  160. Brandy
    March 5, 2011 at 5:12 am #

    i, unfortunately, did not know anything about this site, if i had, i would have done the process. our laptop was hit yesterday by the dreaded system tool 2011 virus. my daughter had been playing games on nickjr.com. i had to practically pull her off it, and when i managed to do so, i found the virus had struck. i don’t know how long it had been on there, just that i couldn’t get it off. the only thing was my son’s account on the laptop wasn’t affected, just mine. so because i don’t keep any important stuff on it, like documents or things like that, i did the only thing i knew to do. i wiped out my entire account. it got ride of the “system tool”, but it also deleted all my pictures. wish i had found this before hand. but then again, at least our laptop is safe.

  161. Dennis Hopper
    March 5, 2011 at 8:17 am #

    Transaction ID 37827858 – I have not been able to download or activate – can you let me have details?

  162. LucyLuvYou
    March 5, 2011 at 8:39 am #

    Thanks for all the help. I’m running Windows 7 and I just got this virus about two hours ago.

    I did a combination of a bunch of things and it worked. I think I’m in the clear. I tried removing the files listed, but that was unsuccessful. According to several posts here and elsewhere these viruses change within the course of days so sometimes the fix posted becomes obsolete. I tried a restore, that did not work. I tried downloading anti-malware, I could download it but it would not run. Basically, I found no .exe files where able to run period, not even Chrome because it was downloaded as an .exe.

    The system tools was running from my lower tool bar and I was able to right click on it and pin it to my task bar. I right clicked again and it showed me the files location C:\ProgramData\kIlKaFj06300.

    From there I attempted to delete the file, but could not because it was running. I googled exefix_windows7 (per on suggestion) and couldn’t download the damn zip for it. At this point I wanted to pull my hair out! But I got it fixed. My directions are below! Thanks to everyone because all the suggestions together helped me to conjure up my own fix!

    System Tool Removal Fix for Dummies, Windows 7 (like myself)
    1)Run computer in safe mode by hold F8 while starting computer
    2)Click Start Button
    3)Search Programs and Files for Run
    4)Run file name you found from taskbar (see above)
    5)Right click, select delete
    6) Delete from Recycle Bin to be sure (YOU ARE NOT DONE YET)
    7)Restart Computer per usual
    8) Download Anti-Virus/Malware (I used Malwarebytes)
    9) Follow instructions, remove and reboot (whole process took 5 minutes!)

    From Virus to none in 2hrs flat, would have been quicker if I knew what was doing at all!

    Hope this works! Cheers!

    Luc

  163. Ronaldo
    March 6, 2011 at 9:45 pm #

    I would leave my testimony here.
    I went by the above problem of having my computer attacked by the System Tools. Searching for solutions to end the problem I got here. I tried putting into practice the guidelines listed here to resolve the problem, however, the guidelines here seem to be a person who is technically on the subject and not just for who knows how to solve the problems on the computer, as is my case and many people come here for help.My hope was to make a system restore, even before he entered the site here, but as the System Tools would not allow “wiggle” at all in the computer, after coming here on the site and “tried” to perform complex procedures oriented here and can not resolve the problem, I decided to “seek, groping in the dark,” a solution to the problem. Then I went on the computer in safe mode and did system restore, “fading” to System Tools, and thereby solving the problem.So after all these explanations I have described, I suggest that the site guide people to perform the procedures that took that are much simpler for people who have little information to “wiggle” on computers. Once the procedures I performed, I decided my problem, disappearing with the torment “System Tools”.Hopefully, with my own account, be helping many people who like me spent or spend the same problem that I, and I without even knowing how to resolve, I decided, alone.
    Thank you. Ronaldo.

  164. Mark
    March 6, 2011 at 10:12 pm #

    Thank you for the tips. I was hit with System Tools yesterday and could not even run my anti-virus. I am running XP, went to safe mode on start up, did a system restore back a week, then ran my anti-virus and Vundofix from atribune.org and everything seems to be OK. I guess time will tell. Also made sure to have the latest XP service pack and security updates as well as all updates to Java.

  165. Dinkydido
    March 7, 2011 at 3:20 pm #

    I had the ‘System tool’ virus and hopefully got rid of it by following instructions. The thing that bothers me know, is that when I switch my netbook on, it doesn’t boot up. Just sits there with a cursor on a black screen. If I disconnect the AC and battery while it’s on, then switch it back on, it boots up. Anyone know what’s happening. Diane

  166. Alberto Escoto
    March 7, 2011 at 3:22 pm #

    I cannot register; I’d paid online, I have a product key, but it is not working.

  167. Odd
    March 9, 2011 at 5:36 pm #

    I just got this software today…no clue how. I followed the instructions on this thread (Matthew #23)….i.e. started the machine in Safe Mode with Networking Options, and did a system restore, and all seems fine. Thanks everyone.

  168. Relieved
    March 10, 2011 at 6:08 am #

    Just wanted to thank System Tool Hater #8 Nov 18th, 2010. You saved me a lot of stress. I followed your instructions and it worked. It was very simple to do. I at first tried to start up my spyware software but was unsuccessful. I was very worried then after finding this website I was so RELIEVED. Thanks. You don’t have to purchase any software just follow his instructions.

  169. Cocerned Human
    March 10, 2011 at 10:58 pm #

    I think the easy way if you don’t mind losing your admin info just create another log name and delete the other one. You may lose you life files but at least your free from system tool and reading all these suggestions.

  170. Scott
    March 11, 2011 at 2:43 pm #

    If anyone can tell me who created this program and is getting money from the credit cards used to buy the system tool scam program to remove the fake viruses listed I will kill the person who made it and is ripping people off.
    Just email me the company name or person who created it and they will be removed from this planet permanently.

    Thank you.

  171. Rob
    March 12, 2011 at 12:18 am #

    It is as easy as 123 to remove. When you start up your computer, immediately press F8 key. When the menu appears, scroll down to “Directory Services Restore Mode.” The rest is easy; just restore to an earlier date. Make sure it is a date before the virus entered your system and it will be gone. Your computer will be back to normal.

  172. mark
    March 12, 2011 at 5:30 pm #

    Now I got rid of the System tool thanks to matthews fix, can someone tell me how to get my Internet explorer back up? I click the ICON and it briefly flashes then disappears. Help.

  173. stamp of approval
    March 14, 2011 at 9:20 am #

    Thanks to #154 I am free of System Tools 2011. This virus is disgusting, before I found this site I called Shopzilla (in New Delhi, India) that’s cool! After spending time with Aditz on the phone, he told me I needed a Microsoft tech to come to my house and fix it for a cool $475.00. Yeah right. I suggest that everyone call him at 888-223-0112 and bug him and his partner in crime, Thainder, also of India, bug him a lot. After reading through all the comments and hearing of the frustration the virus causes, how people who ordered it got scammed, overcharged, etc. Can anyone find where they are physically located. a phone number, anything on them so we can end their hateful virus infection. Maybe we could also look up how to make a bomb and send it to the “system tools” a–holes. BOOM to them

  174. Turbo
    March 15, 2011 at 1:21 am #

    I Hate System Tool,
    Thank You for the clear and correct instructions Saved me a lot of grief thanks mate.

  175. Tom
    March 15, 2011 at 4:45 pm #

    Picked up the virus yesterday, worked till midnight. Got rid of it this morning. Older laptop running Windows XP. Was able to download Malwarebytes in normal mode but not run it. System Tool does disable control panel, task manager, and any antivirus software. Downloaded latest Registry Mechanic also. Ran these in safe mode (f8). Couldn’t do system restore, but found the directory based on some clues I read online and was able to delete the virus directory in safe mode. Restarted computer and all was well. Ran Malware again to do a clean sweep. Key was knowing about when the infection happened. It is hard to get rid of but can be done. I do CAD design for a living so am fairly computer savvy but not IT level.

  176. Kat in Ohio
    March 15, 2011 at 6:45 pm #

    I also got the dreaded system tool virus last night……….spent 2 freaking hours working to get rid of the damn thing……at first I thought it was a windows tool……googled it and found it was a virus and it shut down all my apps — anything I attempted to do I was blocked (task manager, system restore, etc.). I followed the advice of “TinyZor” posted 2/8/11; when the pop up screen came up that said I was infected with a bazillion viruses I clicked on the wrench icon as noted in Tiny Zor’s posting. It’s important to note that I could not boot in safe mode (F8 doesn’t work for me)….couldn’t run restore because the virus would launch — couldn’t set up another user account (blocked — but will do that today)……….so I clicked the wrench got the name of the virus (mine was gmkKdLj08200.exe) and then logged off. I logged back on and had about 15 seconds of “my desktop” before the virus launched – clicked run (or ctrl alt del) for task manager and then found the executable file and clicked end process………gotta be fast though you have only a few seconds to end the process. Once the process was ended I did a system restore to yesterday early afternoon and now I am running the malwarebytes. This was one of the harder ones to get rid of —– had one last month and I was able to do a system restore to get rid of it (didn’t block all my apps)…….This is a NASTY virus to get but it can be removed. THANKS. GO TO TINYZOR FOR THE HELP!!!

  177. Kirk
    March 18, 2011 at 4:37 pm #

    I woke yesterday morning to find my laptop infected with the System Tool….I am not very computer literate, so this website and the comments have helped me, but I still have the virus….I was able to download the malwarebytes and I have run it twice in the safe mode, but the scan shows 0 viruses found. I also ran my Mcafee twice in safe mode and it shows 0 viruses, but when I go back to regular mode, it’s still there. My system tool message pops up on the lower right part of my screen, and I have tried to right click it to find the code, but to no avail. Also this is a dumb question, but I have Windows Vista, how do I search for the file in safe mode? I clicked on the start button but where do I go from there?
    Thanks for any help.

  178. Sam
    March 20, 2011 at 7:18 pm #

    System Tool 2011 found its way onto my wife’s Windows Vista laptop this morning shortly after I updated installed the latest iTunes update. Of course, my wife was also on Facebook earlier so I guess it could have come from either source. I downloaded Spyware Doctor and two scans later System Tool 2011 was still there. I saw nothing out of the ordinary on the registry and there was no icon on the desktop either. I downloaded and installed Malwarebytes and voila…problem solved!

    Kirk, type “regedit” (without the quotation marks) in the search field after you hit the start button and see what that shows you. I was able to look at the registry but didn’t see any of the entries listed above as being associated with System Tool 2011. Hope it helps and good luck.

  179. susan
    March 21, 2011 at 6:13 pm #

    Cannot get in to safe mode so falling at first hurdle ,,,, I have pressed f8 a dozen times and nothing please in baby steps because I’m old how the hell do I do this please

  180. Stefan Hallin
    March 23, 2011 at 3:38 am #

    System Tool had completely taken charge of a notebook Acer Aspire One running XT. It made it even hard hard getting into Safe Mode but perseverance paid off.
    I had tried various methods and the pre installed McAfee had not protected it.
    Tried downloading various virus protectors [eg Windows Security Essentials, Avira, AGV, etc] via USB stick but System Tool kept blocking them from uploading.
    Found a reference to SuperAntiSpyware [free edition] which I downloaded and managed to get the computer to accept in Safe Mode.
    This picked up a total of 1,656 bugs – 97 Adware Tracking Cookies; 4 Browser Hijacker Internet Explorer Settings; 1,549 Security HiJack [image file execution options]; 3 Trojan Agent/Gen-RogueLoad; 2 Trojan Agent/Gen-FraudPack.
    I was then able to go back to normal mode and install normal virus protection.

    I highly recommend SUPERAntiSpyware free edition from this experience Good luck!

  181. Mark
    March 24, 2011 at 3:39 pm #

    System Tool Removal Fix for Windows 7
    These steps worked for us…in 30 minutes….but took us a few hours to develop this plan.

    Firstly you will note the system tools was running from the lower tool bar and so you need to right click on it and pin it to task bar.
    Then right click again and it will show the files location C:\ProgramData\bFkNkLdlcEd16639\bFkNkLdlcEd16639.exe was the name of mine.

    1)Run computer in safe mode by hold F8 while starting computer – or if struggling to get F8 to work, try holding off button until computer turns off, then restart computer and it should give Safe Mode option.
    2)Click Start Button
    3)Search Programs and Files for Run
    4)Run file name you found from taskbar (see above)
    5)Right click, select delete
    6) Delete same files from Recycle Bin to be sure (YOU ARE NOT DONE YET)
    7) Download SUPERAntiSpyware free edition on another computer – and save to USB stick
    8) Then – while in Safe Mode, I installed the SUPERAntiSpyware free edition from the USB Stick – and ran a Full Scan. It picked up a number of Adware Tracking cookies and Trojans.
    9) Restart Computer per usual
    10) Update every Anti-Virus software you have
    11) Track down and castrate the pricks that created this virus…

  182. Elly
    March 25, 2011 at 8:08 am #

    I just want to thank you guys so much. I used the System Restore method and it worked wonders :) The System Tool Virus was a total knob and I was infected with it after opening a suggesting link (for an avatar creation application) while checking my DeviantART account. I was freaking out since I’m a kid and pretty useless with computers but now it’s sorted. Thanks everyone!

  183. Jonas
    March 25, 2011 at 10:31 am #

    Thank Chris! I uninstall ADOBE AIR and virus System tool 2011 was killed. Thanks for you help.

  184. Lisa
    March 26, 2011 at 12:57 am #

    Hi, I got this virus March 24, 2011. It was just as everyone described. System Tools 2011. I started my computer in safe mode networking. Got online downloaded free MalWare and ran the scan. It took about 45 minutes to run through. It got rid of it. I don’t know that much about computers, but I was able to get onto my netbook and read how to fix the problem on my desk top. Thanks to all the smart computer people who helped out.

  185. Robert Mason
    March 28, 2011 at 6:25 pm #

    I have paid for System Tool 2011 how do I activate it?

  186. Random Fix
    March 28, 2011 at 7:41 pm #

    PROBLEM: My System Tool A@@holes

    #1 All AV programs are viruses MacAfee Norton… etc… they all slow down your CPU.

    SOLUTION

    #2 AdAware will remove this.
    Download.com Search Adaware for free.
    Look for Adaware download with Millions of Downloads because that’s the one.
    Install Update Scan Fixed. Reboot.
    Uninstall AdAware because its its own virus.

    #3 Your solution for ANY problem on your CPU should always be 2 things.
    Install Run SpyBot
    Install Run Adaware
    Delete Both.

    I promise you if you keep the download file handy in a Fix It folder your life will be much easier. Everything else is reactionary so there’s no point in paying for AV service. Or just buy a Mac. If you owned a Mac, you would never have a problem with your CPU for the rest of your life.

    NOTE: get comfortable with Ctrl Alt Delete or RIGHT click the toolbar and press Task Manager. I was fortunate enough to watch it get started. I saw my desktop background change and i rushed for the three finger solution. Task Manager opened… saw a funny file Bdsil1kj3.exe or similar craziness and then Right Click to Stop Process Tree.

  187. george villanueva
    May 9, 2011 at 4:13 am #

    I purchased tools 2011 to protect my computer back in Jan. 8, 2011 and now I don’t have it any more. it was for one year. can you please check you data. how can I get it back on my icon. my computer is infected. Please ASAP.

  188. Jan
    May 16, 2011 at 11:01 pm #

    Boy what a dumb thing I did, scared the heck out of me thought I had a terrible virus.

    Now I realize it was a huge Scam and they got my $100. Have a MAC and can’t seem to find

    out how to get rid of this virus. Can someone please help me? Have never had a problem before?

    Thanks

  189. kim dobrin
    May 23, 2011 at 11:48 am #

    I knew it was a con, when it took over my computer and basically indicated that without this program I will not be able to use my computer ,so I paid the $60 and I got it and then it vanished, and I got it back and now its gone again. How come someone keeps making lots of money on this cheating program ,without getting caught, surely with all the other people getting mugged, something must be able to close that site down, or get a refund.

  190. Tina's Here
    June 13, 2011 at 10:15 pm #

    I “removed” it making a new profile on my PC, and logged on to that one everyday and that solved the annoying windows/web browser redirects for me.

    You NEED to log on that profile everyday and never log on to your old one. [if you stay off your old profile long enough, it'll 'deactivate' it on that one too.]

    Sure it doesn’t remove the program, but I failed to remove it, and this switching computer profiles comes the closet to removing it.

    After like half a year It might start doing the annoying things, but when that happens just switch back to your old profile [or create a new one, but for me that wasn't necessary]

    So if you need a temporary fix, this method works well.

  191. joseph
    November 24, 2012 at 3:56 am #

    i did this but the issues not fixed.so this post was not helpful for me….!!!

Leave a Reply

Your email address will not be published. Required fields are marked *

(Required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>