System Tool 2011
System Tools or System Tool 2011 is a fake anti-virus scanner that has infected hundreds of Windows users. The rogue program is a variant but it continues to infect computers because not all antivirus or anti-malware can detect it. Below is a guide on how to remove System Tools in Windows.
Changes of System Tool 2011 in Windows
The trojan that will install System Tool 2011 is often served with filename antispwaresetup.exe or antispywarepro.exe. When I test the sample of this trojan, it will not install in a virtualized environment, which means I have to use a non-virtual machine to find out how it works. If Windows is infected with System Tool 2011, the desktop background will be modified with blue screen with fake warning message:
It will also run a process with random characters, but the process name always ends with 08520.exe (e.g. nGlIePe08520.exe) and the description of the processes is called Firefox, which is obviously fake processes description.
The program will display fake notifications or alerts that say, "Security Monitor: Warning" to scare Windows users:
Any changes to the System Tool rogue program are not possible unless the end-user activates or pays for the software, which is not recommended since this is a fake program by fraudsters.
How to Remove System Tools 2011
Removing System Tool is tricky, but if you noticed the infection before the above-mentioned fake alerts or modifications in Windows have occurred, you should be able to use antivirus and anti-malware programs to clean the computer.
An example is when Malwarebytes' is able to remove System Tools in normal mode:
Norton Power Eraser can also detect and remove System Tool in Windows:
Windows Defender by Microsoft also has detection to System Tool, in real-time:
The antivirus scanner in Hitman Pro is now detecting and removing System Tool, as well:
Other Method in Removing System Tool
If System Tool has changed the desktop background, added the System Tool notification icon and continues to alert you with fake messages, you can try leaving the alert window of System Tool active before scanning using any of the above anti-malware or anti-virus software. However, if you experience problems running any applications, you should proceed to using the below steps on how to remove System Tools in Windows:
- Reboot the computer to safe mode with networking.
- Use Rkill to end the malicious processes added by System Tool trojan.
- Scan the computer using Malwarebytes, Hitman Pro, Windows Defender, A-squared Anti-malware or your antivirus program.
- Review the connection settings in Windows using Internet Options. Make sure that the LAN settings are not configured to use proxy server, if you are not really behind a proxy connection.
- Reset the hosts file in Windows using Microsoft Fix it 50267.
Note that if you use Hitman Pro, you can press the left Ctrl key when opening the Hitman program. This will make Hitman Pro end the malicious processes added by the rogue program, System Tool 2011.
Image credit: Screenshots taken by the author.