Popular Reviews

Adware Removal

» Adware Removal

Rogueware Removal

» Rogueware Removal

Keylogger Removal

Fix PC Errors

Helpful Definitions

Learn More

» Learn More

Antispyware Reviews

Registry Cleaner Reviews

Firewall Reviews

Spam Filter Reviews

System Tool


"You guys rock. Your instructions were spot on! Thank You"
- J. Powell

"I was infected by SystemTool today. Thanks for the help on the page. I have removed it completely"
- L. Lepsře

"Your web page on Regclean was extremely helpful and very, very education. Its objectivity to was nothing short of excellent. Thank you..."
- Anthony G. Muya

"I want to express my thanks for the information on removing the browser hijacker. I took the steps you suggested and the follow-on precautions to prevent future infections... Thanks again"
- Carlos

For Information and Removal of System Tool

    - what is System Tool
    - automatic and manual removal instructions
    - personal assistance provided online or by phone to safely remove System Tool.


10th November 2010

How to Remove System Tool from Your System

"Click here to download the last update of Windows Security Software."  Most of us want to keep our security up -to-date, and when we see the Windows name, it is almost a natural reaction to click on the message.  Almost a natural reaction: it pays to take the time to read messages like these very carefully.  More often than not, they are not from a legitimate program like Windows but from a rogue antivirus program.  Instead of protection, these rogues want you to purchase the full version of the program.  Learning how to recognize rogues like System Tool can help you keep your system secure.

Getting to Know System Tool

To know System Tool, it is helpful to have an understanding of rogue antivirus programs in general.  Think of these programs as elaborate ads; pop-ups and false security scan warnings comprise the face of their campaign.  These are designed to convince users that there are several security risks that cannot be resolved unless you purchase and install their full software.  If the software is purchased, however, the user will not be protected from current or future threats. 

System Tool is associated with the System Security rogue family and is similar in design to Security Tool, also known as SecurityTool.

What You Will Notice

The most readily noticeable sign that a rogue antivirus program has been installed in your system is the presence of pop-ups and fake scan results.  These increase in both their frequency and their sense of urgency.  Among the messages you may see:

  • System Tool Warning

Your PC is infected with dangerous viruses.  Activate antivirus protection to prevent data loss and avoid the theft of your credit card details.  Click here to activate protection.

  • Intercepting programs that may compromise your private [sic] and harm your system have been detected on your PC. Click here to remove them immediately with System Tool.
  • Security Monitor: WARNING!

Attention:  System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files.  Your private information and PC safety is at risk.  To get rid of unwanted spyware and keep your computer safe you need to update your current security software.  Click Yes to download official intrusion detection system (IDS software).

To help convince you of the veracity of their statements (which of course lack any veracity whatsoever), the following message will be displayed when you try to run any of your legitimate programs:


Application cannot be executed.  The file cmd.exe is infected. Please activate your antivirus software.

System Tool has the ability to change your desktop.  It will display a warning that your computer is infected with spyware, followed by a nonsensical explanation of why you need to install this program to remove spyware:

All you do with your computer is stored forever in your hard disk...Your data is still available for forensics, and in some cases for your boss, your friends, your wife, your children...every site you or somebody or even something like spyware opened in your browsers, with all the images, and all the downloaded and maybe later removed movies or mp3 songs - ARE STILL THERE and could break your life!

Be assured that Windows will never issue a warning that a computer issue "could break your life!"

While the pop-ups are the visible face of the rogue antivirus program, there are also signs that System Tool is working behind the scenes.  As soon as you boot up your computer, the program begins running, and it remains in your background whenever your computer is on. This takes resources away from your legitimate programs, and you will likely notice that your computer is much slower than it normally is.  While this could be an indication of a variety of issues, combined with pop-ups and difficult running regular programs, it is a signal that a rogue program has entered your system.

Accessing Your Computer

System Tool accesses your system by what is known as a "drive by download."  That is, it is downloaded without your knowledge, usually when users install a fake Adobe Flash update or other reader, such as Java.  While these are both legitimate programs, when you see pop-ups for updates, it can be malware in disguise.  If you do want to update your programs, go directly to their respective websites.

It is also possible that users install the rogue program directly onto their computers.  After the "free version" becomes downloaded, and they are confronted with warning after warning, many understandably opt to purchase the software.  Unfortunately, this program does not offer the protection it claims.

System Tool Removal

Whether downloaded or user-installed, it is important that users take immediate steps to remove System Tool as soon as they can.  This sounds incredibly easy; after all, don't you have an Uninstall option in your control panel?  This option doesn't work because rogue antivirus programs are designed to bury themselves in your system and evade removal attempts.  Similarly, you cannot remove rogue programs with your antivirus protection because they are not considered viruses.  Your security program is not designed to handle them.  What will work then?

Automatic removal with a program specifically designed to handle rogue antivirus programs is a fast and efficient way to restore your computer to optimal functioning.  Malwarebytes Anti-Malware (Malwarebytes has free malware removal) and Enigma's SpyHunter are two excellent choices that are easy and thorough.  It is helpful to update your definition files and then run your security program to ensure your system is clean in the future after the removal program eliminates System Tool.

System Tool has been enhanced to evade and block legitimate security programs that try to remove it. It will remain dormant for a period of time while it configures itself to block security settings and programs on your computer, then becomes active. If you find that legitimate programs have been blocked from running or installing please contact us by email or phone to help resolve this problem (see below).

Your other option is to manually remove System Tool.  This, too, can be very effective, but only if you have experience with your system registry.  It is very easy to miss a file or delete a legitimate program inadvertently when dealing with registry keys and associated files.  This can impact the performance of your computer and allow the rogue to continue to run.  Manual removal can be tedious work, so if you have any questions or concerns, we are happy to give you the benefit of our experience.  You will find a list of files and registry keys that need to be deleted in order to eliminate System Tool.  To allow deletion, go to the Windows Explorer Tools menu and show hidden files.  After you have completed the process, change it back to its original settings. 

Stop Process:

(random string).exe

Delete Files:

c:\Documents and Settings\All Users\Application Data\(a random string)
c:\Documents and Settings\All Users\Application Data\(a random string)
c:\Documents and Settings\All Users\Application Data\.(a random string).exe

Delete Registry Key:

KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "a random string"

Removing System Tool Automatically/Safely

For free automatic removal we recommend using Malwarebytes Anti-Malware. This program is widely recommended by reputable third-party sites, so you can be reasonably confident of its ability to safely get rid of System Tool and any hidden Trojans. As a precaution we recommend double checking your system with SpyHunter. This program requires paid registration to enable deletions, however it has a money back guaranteed and is the top of the line in malware removal. It should catch malware that evades Malwarebytes and block anything that tries to reinstal itself.

Download SpyHunter

Remove System Tool Now:

  1. Download and install Malwarebytes Anti-Malware and SpyHunter Download  
  2. Run a scan with Malwarebytes Anti-Malware.
  3. Remove all the detected infections (free).
  4. Run a scan with SpyHunter
  5. Remove any remaining infections
  6. Reboot and rescan with SpyHunter. Your computer should now be clean.

Important note: If Malwarebytes is blocked by malware then run Chameleon (Start Menu → All Programs → MalwareBytes' Anti-Malware → Tools → Malwarebytes' Anti-Malware Chameleon). If you need further help removing System Tool please email us at info@removeadware.com.au or call for personal assistance on toll-free number 888-655-3453, within the USA and Canada.

Disclaimer: This webpage was created to provide information on System Tool and how to uninstall it. Manual removal instructions are intended for use by technical experts and should be used at your own risk. We do not own or endorse System Tool.

We are affiliated with some of the legitimate programs recommended on this website. Should you choose to use the programs recommended here, we may receive a fee that will help support the site.

All content copyright 2006-2017, RemoveAdware.com.au. Author: Wayne Davis.
All Rights Reserved. All trademarks and company brand names are acknowledged.
Privacy Policy | Terms Of Service