How to remove System Tool spyware ?

WHAT IS SYSTEM TOOL SPYWARE ?

System Tool is a computer infection and categorized as a rogue anti-spyware program as it pretends to be an anti-virus program, but is actually a program that displays fake security alerts and scan results in order to make you think your computer is infected.

System Tool is installed through the use of malware that will install the program onto your computer without your knowledge or permission. When installed, the infection files will be created in a random named folder in C:\Documents and Settings\All Users\Application Data\, in XP, or C:\Documents and Settings\All Users\Application Data\, in Windows Vista and Windows 7. It will then be configured to start automatically when you login to your computer.

Once running it will scan your computer and state that there are numerous infections present, but will not allow you to remove them until you purchase the program. It is important to understand that SystemTool is scripted to display fake scan results regardless of whether or not your computer is infected. Therefore, please do not be concerned if this program states you are infected. System Tool will also terminate any executables that you attempt to run in order to protect itself from being removed. When you attempt to run any program, it will terminate that program's process and then display a warning.

System Tool was created solely to make you think that your computer is infected so that you will then buy the program.

You should definitely not buy System Tool.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If you run into this problem when following the steps in this guide you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

HOW TO REMOVE SYSTEM TOOL SPYWARE ?

1. Reboot your computer into "Safe Mode with Networking".

Press F8 when booting computer and choose Safe mode with networking option.

When the computer reboots into Safe Mode with Networking make sure you login with the username you normally use.

2. Change proxy setting of Web browser

This infection changes your Windows settings to use a proxy server that will not allow you to browse any pages on the Internet with Internet Explorer or update security software. Regardless of the web browser you use, for these instructions we will first need need to fix this problem so that we can download the utilities we need to remove this infection.

Lan Settings

Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen.

3. Use Malwarebytes' Anti-Malware

Now you should download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:

Malwarebytes' Anti-Malware Download Link

Once downloaded, close all programs and Windows on your computer, including this one. Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MBAM onto your computer.

When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.

If MalwareBytes' prompts you to reboot, please do not do so.

MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.

On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer for System Tool related files.

MBAM will now start scanning your computer for malware.

When the scan is finished a message box will appear, You should click on the OK button to close the message box and continue with the SystemTool removal process.

In main screen, click on the Show Results button.

A screen displaying all the malware that the program found will be shown.

You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.

Remember to reboot in Safe mode with networking.

4. Reset HOSTS file, if it is changed (It is not a mandatory step)

As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system. Please note that if you or your company has added custom entries to your HOSTS file then you will need to add them again after restoring the default HOSTS file. In order to protect itself, SystemTool changes the permissions of the HOSTS file so you can't edit or delete it. To fix these permissions, create following batch file and save it to your desktop :

@echo off

echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f

attrib -s -h -r "%WinDir%\system32\drivers\etc\hosts"

Double-click on the bat file that is now on your desktop. If Windows asks if you if you are sure you want to run it, please allow it to run. Once it starts you will see a small black window that opens and then quickly goes away. This is normal and is nothing to be worried about. You should now be able to access your HOSTS file.

We now need to delete the C:\Windows\System32\Drivers\etc\HOSTS file. Once it is deleted, download the HOSTS file that corresponds to your version of Windows and save it in the C:\Windows\System32\Drivers\etc folder.

5. Remove the SystemTool program manually

Remove these folders and files from your file system :

c:\Documents and Settings\All Users\Application Data\[random folder]

c:\Documents and Settings\All Users\Application Data\[random folder]\[random folder]

c:\Documents and Settings\All Users\Application Data\[random folder]\[random]\.exe

6. Remove the SystemTool from registry

Goto Run. Type "regedit". Click RUN.

Search the [random] name (found above) and remove it.

OR

Remove these associated System Tool Windows Registry Information :

KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[random]"

7. Restart computer in normal mode

Check the removal. Hope the bloddy SystemTool spyware is no more in the system.