Home Malware Programs Rogue Anti-Spyware Programs System Tool

System Tool

Posted: October 22, 2010

System Tool's mild pink interface is simply a cover thrown over a rogue security product that can do serious harm to your computer. The System Tool rogue security product survives by pretending to be something System Tool is not – a useful security program. Instead of finding infections and deleting them, though, System Tool actually causes problems and makes up infections without even trying to look for real ones! Friendly appearance aside, System Tool is a real danger to any computer System Tool resides on, so consider a quick deletion and above all else avoid paying for this malignant software.

What This Not So Cute Infection Is Doing on Your Machine

The only point to System Tool's very existence is firstly to convince you that your computer is teetering at the very edge of self-destruction, and secondly to bully you into giving the crooks who designed System Tool your money and personal info. This is mostly done through the usual rogue security program snares of infection and error message pop-ups. Depending on the system, System Tool may issue these warnings very often or somewhat less frequently, but in all cases, the actual content is pre-programmed and not an accurate analysis of your computer. You can see some common messages System Tool uses below:

System Tool Warning
Your PC is infected with dangerous viruses. Activate anti-virus protection to prevent data loss and avoid the theft of your credit card details.
Click here to activate protection.

Warning: Your computer is infected
Windows has detected spyware infection!
Click this message to install the last update of Windows security software...

Security Monitor: WARNING!
Attention: System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need to update your current security software.
Click Yes to download official intrusion detection system (IDS software).

System Tool Warning
Intercepting programs that may compromise your private and harm your system have been detected on your PC.
Click here to remove them immediately with System Tool.

There's no real harm in these messages other than the annoyance they cause, provided you don't give in to System Tool's pleas for your money. Even your desktop is changed to match, with a shrill and rather hilarious warning about spyware, but this purely aesthetic threat is of little concern as far as rogue security product attacks go.

Repelling This Obnoxious Rogue Attacker

Your first thought on seeing the System Tool infection might be to run a good security program that will do in reality what System Tool claims to do. This will more often than not result in the following error:

Warning!
Application cannot be executed. The file cmd.exe is infected.
Please activate your anti-virus software.

At this point, System Tool has crashed your security program to prevent System Tool's own deletion, so you'll have to use harsher measures. In most cases, Safe Mode will keep System Tool and similar rogue security programs from running; after that, you can perform a scan and deletion maneuver without any further resistance. If necessary, you can locate the infected files yourself, since they're usually in the All Users\Application Data sub folder of the Documents and Settings folder.

System Tool is also known by other names, such as System Tool 2011 and System Tool 2.20 and is related to other rogue security programs such as Live Security Platinum and Security Shield 2012. If you value your computer's safety (as well as your sanity), you'll want to delete these System Tool twins with just as much force as you would use on the original.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AppData%\5648541024
    2 %AppData%\5648541024\5648541024.bat
    3 %AppData%\5648541024\5648541024.cfg
    4 %AppData%\5648541024\5648541024.exe
    5 %UserProfile%\Desktop\System Tool.lnk
    6 %UserProfile%\Start Menu\Programs\System Tool.lnk
    7 [RANDOM CHARACTERS].exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\System ToolKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Once "[RANDOM CHARACTERS]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "5648541024"

Additional Information on System Tool

  • The following messages's were detected:
    # Message
    1 System Tool Warning
    Intercepting programs that may compromise your private and harm your system have been detected on your PC.
    Click here to remove them immediately with System Tool.
    2 System Tool Warning
    Your PC is infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details.
    Click here to activate protection.
    3 Warning!
    Application cannot be executed. The file cmd.exe is infected.
    Please activate your antivirus software.
    4 Warning!
    Your're in Danger!
    Your Computer is infected with Spyware!

    All you do with your computer is stored forever in your hard disk. When you visit sites, send emails... All your actions are logged. And it is impossible to remove them with standard tools. Your data is still available for forensics, and in some cases

    For your boss, your friends, your wife, your children. Every site you or somebody or even something, like spyware, opened in your browsers, with all the images, and all the downloaded and maybe later removed movies or mp3 songs - ARE STILL THERE and could break your life!

    Secure yourself right now!
    Removal all spyware from your PC!

Related Posts

4 Comments

  • Ed says:

    I have this on my laptop, and I'm so glad I've just found this site on my desktop. I am going to attempt to remove "System Tool" once and for all, will report back soon.

  • Spike says:

    I have this virus & can\'t get to the task bar or the run-cmd, it disapperars after 1 second! I\'d just like to know how to erase everything & re-install Windows XP. Any suggestions?

  • stacy12 says:

    laptop has been infected by rogue malware a spy software called system tools it loaded a desktop screen so all I see when I try to use my mcafee is the screen nothing else how can I get rid of this screen so I can use a removal software

  • Wallace says:

    Find out definitively if it is reaeltd to your PC going into idle mode by setting your idle up to an hour or two, and coming back in 45 minutes and seeing if you still have the problem.if it is reaeltd to the idling problem, it sounds like your network card isn't playing nicely with the idle feature of your motherboard, so, you'll have to do without or look for fixes from the manufacturers.If it is NOT reaeltd to the idle power saving features, I've had this problem before with a wireless network card that would sometimes lose the network and was for some reason too stupid to reconnect. I could get back on by going into the control panel under network stuff and disabling and re-enabling that network connection, or by rebooting.If the second thing there is the case, check for new drivers or maybe even get a new, more reliable network card.

Loading...