System Tool Virus Removal 2011 For Vista, XP & Windows 7?

So I downloaded something and it came with the System Tool virus.
I need help removing this nasty virus or spyware. It's called System Tool 2011.
Not only my computer running Windows 7 has been infected by the System Tool 2011 virus, but my wife's laptop that runs Windows XP has also been affected by the virus.
It is not called "security tool" it calls itself "system tool," I asked about this on another site and they gave me the wrong instructions, not sure if they're the same though.

I have tried deleting System Tool so many times, but each time I do it it won't let me.
My brother sent me the removal instructions for Windows Vista but I need it for 7 and XP.
It won't let me access task manager or any anti malware/virus removals.

asked by Jasper in Software | 31301 views | 12-11-2010 at 11:44 PM

System Tool 2011 is a rogue (fake) anti-malware application.
In order to remove the program it will require you download, install, and update the best antivirus and anti-malware application.
I recommend an excelent application named Malwarebytes. It finds and deletes all malware apps and viruses it finds in your computer.
Be sure to use malwarebytes in the full scan mode and not the quick mode.

In order to remove the System Tool 2011 virus, follow these steps.

1. Boot into Safe Mode with Networking by pressing F8 during boot
2. Download Malwarebytes.
3. Install the program.
4. Run the program and this will remove the virus.

It doesn't matter what Windows OS you're using. This application is for Windows XP, Vista and Windows 7.

answered by Dallas | 12-11-2010 at 11:47 PM

What do you do when your computer does not down load Malware? I have it in safe mode with network and go out on line and go to the site, click on down load and nothing happens.

answered by Val | 12-14-2010 at 07:52 PM

What I did was download Malwarebytes onto a flash drive from another computer and then pulled it onto the infected computer and ran it from the flash drive. Another solution you can try is restoring windows to a previous date.

answered by Guest | 12-14-2010 at 11:29 PM

Thanks
Worked just like you said it would, thanks for the help!

answered by Jon | 12-14-2010 at 11:50 PM

Get Rid Of System Tools 2011
None of the prescribed remedies worked for me. Hereís what did; I searched for the System Tools 2011 folders, found them and deleted them. Of course the files they deposited were still causing all kinds of trouble. I then ran a search on my C: drive for all .exe files. I sorted those files by date and deleted all the files that had been created since I got the Systems Tools 2011 virus. That fixed it. I had to do these searches and deletions using F8 Safe Mode. They are changing file names so that spy doctor software and others donít work. Hope this helps. It sure is a rotten virus.

answered by Guest | 12-15-2010 at 02:01 AM

Reply to #6
Your advice worked for me. Thanks!

It was affecting one user (of 4) on my Vista PC, so I went ot the Admin user and it was not affected and then started running any antivirus, malware, spyware program I could find. I tried MS Essential Antivirus, PC Tools, couldn't find it.

So I searched for any .exe file that was updated or installed in the last week and found one with the date and time stamp that was exactly when the System Tools malware first started operating on my PC. It was in C:\ProgramData\ with the name kNiLm06300.exe, there was also another file in the same location with the same name only with no extension. Windows Explorer indicated that the .exe file was a Windows registry (editor?) and was created by Microsoft, but it also displayed the LOGO from the malware, a padlock with a picture of the globe in the center, so I was sure it was the SystemTools. Before I deleted the files I uploaded it to a free service provided by Threat Expert and they responded within 10 minutes (on Christmas Day) with the following:

Your submission was processed successfully and the analysis report is attached (password "threatexpert"). You can also view the results of your submission on our website at:
http://www.threatexpert.com/report.aspx?md5=f172f4ba3cfa31fa4c40793ea374ac5c

Then I deleted both files. Later I went back to the affected user on my PC and found System Tools in my program list, deleted it and any startup icons.

answered by Guest #7 | 12-25-2010 at 06:35 PM

Worked Great
I followed the same process as suggested by you and worked great....

Just searched for hidden files and found two files suggested by you under Document Setting/All Users/Application Data folder... Deleted them in Safe Mode

Thanks a lot!!! You made my day

answered by Prash | 12-27-2010 at 09:41 AM

I am so frustrated! Tell me how to search for hidden files so that I can delete them. Help

answered by Guest | 12-27-2010 at 08:30 PM

i found the hidden file, but it is telling me i do not have permission to delete. logged in safe mode and admin. malware running now and so far has not found anything.

answered by Guest | 01-04-2011 at 02:17 AM

I'm having the same problem except my computer is taking an extremely long time to go into safe mode. is it possible to get the anti-virus software on a flash drive and upload it to the infected computer while NOT in safe mode? also, after an hour or so of being on my infected PC I get the blue screen of death but I immediately shut off my computer and reboot and it works fine for another hour. Please help!

answered by Guest | 01-06-2011 at 11:51 AM

I hope to cross paths with its Author. I'd like to personally show him how much I appreciate his workmanship. I might be needing a defense attorney unless I am successful in hiding the evidence and the body.

answered by Carl in Dallas | 01-10-2011 at 12:35 AM

system tool
Hi, I have this thing also. Have also found the bad file by using safe mode. As "Guest #7" reported on the file name, look for a file that starts with letters and numbers. The clue is that the letters are lower case, upper case, lower case, etc. And the numbers usually have 5 digits.
Example: zAxSr08300

I think this rogue changes it's name every time it gits on a new computer.
PS I have not taken any action yet.
thanks

answered by Old Nam Guy | 01-11-2011 at 08:26 PM

System Tools 2011
Just got this thing starting to pop up at work. It's a real pain to get rid of. Thanks to the advice of everyone else on here that has already posted. Here's what I had to do to get rid of the threat.

The file's naming conventions I think are as follow (a=lowercase letter; B=uppercase letter; #=number): aBaBa#####.exe

Delete the following:
1.) Start Menu > Programs > System Tool 2011
2.) Search C:\windows\temp and delete pretty much any temp file from the date & time you first noticed the virus. You may want to do a few days before as well just incase.
3.) Search C:\documents and settings\<user>\local settings\temp and delete those temp files as well.
4.) Remove Systems tools from Control Panel > Add/Remove Software
5.) In the Registry under HKEY_CURRENT_USER\Software\microsoft\windows\curre ntversion\run once\, look for an entry that has the same naming conventions as above. Before deleting that registry entry, look at the file path that is linked to. That is where the main virus file is located. In my case it was located in C:\documents and settings\all users\application data\bLkIp01804\bLkIp01804.exe
6.) Delete the registry entry, and then both the .exe file and folder that it was linked to.
7.) Do another search on your machine for any file (also check hidden and system files) matching the virus file. In my case, I just searched for "bLkIp01804". I ended up finding another related file in C:\windows\Preftech\ called "BLKIP01804.exe-2B20434D.pf". Delete that file as well.

I'm still working on it, but I think that will help most people out.

answered by Guest | 01-12-2011 at 03:13 PM

Hey, thanks everybody, I just had this pop up on me as well. The Malwarebytes tool worked well. I downloaded the Malwarebytes onto a jump drive on another computer, then started my infected computer in Safe Mode (hit F8 while booting to get to that option), then installed and ran Malwarebytes. It found 3 files, which I removed.

After that, I was able to operate my computer normally. But I did a bunch of searches, like recommended above, on "system tool" and the 10 character file name that a couple of others allude to. I found it at "C:\documents and settings\all users\application data\", mine was "fIbCi10800".

Man am I relieved! I was expecting that I would have to wipe my hard drive to get rid of that thing, but now I don't!

answered by Guest | 01-18-2011 at 02:26 AM

Extra Steps Windows 7
I followed your advice. I went into safe mode then deleted the System Tools folder before running Malwarebytes. Then in normal mode I found a restore point before the virus showed up.
After that I ran a full system scan. I hope I'm good for awhile. Thanks

answered by Jimmie | 01-31-2011 at 07:46 PM

I've got infected with system tool, I didn't buy it, fortunately. I searched for a spyware doctor and I got a trial version of it which it didn't solve the problem definitely.

I found a full version of the spyware doctor, but after I've uninstalled the trial version and done a restart of the laptop, then it didn't start at all. It keeps doing like a good start but it turns at the beginning. I don't know what to do, because it doesn't allow me to open the laptop at any status (safe mode, safe mode with network, etc..)and then to allow me to install or do any action to clean and save my laptop. Please give me any help that you can.

answered by Guest | 02-08-2011 at 12:24 PM

HELP PLEASE
OK. I was just minding my own business when windows said that I have virus. I ignored it and it brought up system tools. I am trying to follow up as many of this process but it shuts down automatically. I can't do anything. Help?

answered by Guest | 02-10-2011 at 12:59 AM

Start up in safe mode and do a system restore to the last restore point... It worked for me.

answered by Guest | 02-11-2011 at 10:43 PM

System Tool Protect Your PC-infection
I had this problem today, I'm no computer genius by any means but I will tell you how I solved this. First I could not get on the internet, I could not access System Restore it would let me get to accessories, etc but when I clicked system restore, nothing.

I obviously wanted to start in "Safe mode" by continuously tapping F8 and do the system restore but no luck. I was about to bring in my tower for an expert to fix when I decided to do a "Hard Shutdown" (holding the on/off button) until it shutdown.

When I hit the button to turn on the computer lo and behold, the black screen I was wanting appeared. I selected "safe mode with networking" went to start, all programs, accessories, system tools, system restore, it opened the screen for selecting a previous restore date, this was selected and the computer then went through its paces and this took care of the problem. I hope this helps someone. PS I run Windows Vista.

answered by FrankW | 02-14-2011 at 06:00 PM

Thanks FrankW.....just got the virus today (took me sometime to realize that it was a virus).

Did exactly what you suggested and it worked a treat.

answered by Guest | 02-21-2011 at 12:00 AM

Safe mode is the key. I updated and ran Malwarebytes while in safe mode and it took care of everything. Of course now I will be scouring the system with AVG and Spybot to be certain it doesn't have any cousins lurking in the background.

answered by Guest | 02-26-2011 at 02:33 AM

I tried several solution and none them worked. I have Vista installed and this worked great!
I appreciate your help.

answered by Guest | 02-26-2011 at 05:43 PM

argh!
I'm usually pretty good at this stuff. Been working on it for over an hour now with no luck. Mine is even hitting me in safe mode!! It's not working, won't let me run anything, won't let me download, system restore. Won't let me find the files you lot are talking about, and when using regedit it doesn't show up any files in run once.

What's going on with mine? It's seems an even more aggressive version of what you lot have had, I have no idea what to do, there is no way I'm doing a full restore to factory settings on my computer.

Any more ideas?

answered by Guest | 02-26-2011 at 09:24 PM

System Tool (Vista)
Had the same problem here. C:|ProgramData\fLcAoAb01836.exe Had to search and found three or four files with it. Also deleted the temps files. Thanks a bunch guys.

answered by Guest | 02-28-2011 at 12:13 AM

Got It
I surprisingly got rid of it fairly easily on my Windows XP Computer.

I followed the path C:\Documents and Settings\All Users\Application Data then found the file folder with the odd name...mine was fAfEmBp06511. Open the folder and find the .exe of the same name. Right click on the name, select rename and call it anything you want. Reboot the computer. By changing the name, you'll prevent it from starting. Follow the path back to the application data folder then delete the whole folder.

I'm running Malwayre Bytes and Spybot now to see if anything else pops up.

answered by Dumb Guy | 02-28-2011 at 05:28 AM

System Tool ATTACK!
OMG, now I've got it... seems to be some good advice up here though so going to give it a go....Will keep you posted!
Don't they realize we don't have time for all this s***?

answered by Sarah Collins | 02-28-2011 at 07:12 PM

Thanks for advice guys
Got this damn virus this morning ... no idea where it came from. Seems to just block you running any other executable files.

After reading through the solutions above (using my spare laptop ... as my PC had the virus) I logged out of the virused user, logged in as one of my other user accounts (user B) ... set my hidden files to be visible, and found it in a few seconds under C: / Program Data / and it was right there ... bGhYv1830100 (or similar) ... I just changed the name of it (added XXX to the beginning of the file name). Then went back in as the other user (with the virus) ... and lo and behold it was all OK. Of Course, then I deleted the renamed file.

Interestingly, while I was in the user B account initially I ran my McAffee full system scan and it didn't pick this thing up at all.

Thanks guys ... this was a great help. Saved my business a lot of grief. All I lost was many hours of time, but didn't have to take the computers in to be 'fixed' and didn't lose any data. Great to know that the internet is populated with people who are willing to help, as opposed to the arse to created this pointless virus.

answered by Stu - MMG | 03-03-2011 at 09:18 PM

Thank you
Thank you everyone for all your help.

Worked well

answered by Guest | 03-05-2011 at 12:46 PM

Thank You All
I wasted 5 hours of my time trying to use the Malwarebytes program to rid myself of this evil virus and couldn't. Luckily, I found this board this evening and utilized the advice of y'all to search for the abnormally named file and ridded myself of it within 10 minutes. Thank you all so much!

answered by EddieS | 03-08-2011 at 03:23 AM

success
The Malwarebytes software did the trick for me. Thanks.

answered by barnold | 03-11-2011 at 10:56 PM

THANKS TO YOU ALL
Thanks so much, I have followed everything you have all suggested and it looks like the PC is back up and running again.

answered by Guest | 03-26-2011 at 06:37 AM

comment
Thread Tools
vBulletin® Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.