Pin Me

How to Remove System Tools

written by: Donna Buenaventura•edited by: Tricia Goss•updated: 3/23/2011

New variants of rogue programs are always out there. One of these is the fake scanner, System Tool 2011. Find out how to remove System Tools in Vista or Windows 7 operating systems.

  • slide 1 of 4

    System Tool 2011

    System Tools or System Tool 2011 is a fake anti-virus scanner that has infected hundreds of Windows users. The rogue program is a variant but it continues to infect computers because not all antivirus or anti-malware can detect it. Below is a guide on how to remove System Tools in Windows.

  • slide 2 of 4

    Changes of System Tool 2011 in Windows

    The trojan that will install System Tool 2011 is often served with filename antispwaresetup.exe or antispywarepro.exe. When I test the sample of this trojan, it will not install in a virtualized environment, which means I have to use a non-virtual machine to find out how it works. If Windows is infected with System Tool 2011, the desktop background will be modified with blue screen with fake warning message:

    How to Remove System Tool 2011: Background 

    It will also run a process with random characters, but the process name always ends with 08520.exe (e.g. nGlIePe08520.exe) and the description of the processes is called Firefox, which is obviously fake processes description.

    System Tool Fakes Firefox as Processes The program will display fake notifications or alerts that say, "Security Monitor: Warning" to scare Windows users:System Tool fake warning message 

    Any changes to the System Tool rogue program are not possible unless the end-user activates or pays for the software, which is not recommended since this is a fake program by fraudsters.

  • slide 3 of 4

    How to Remove System Tools 2011

    Removing System Tool is tricky, but if you noticed the infection before the above-mentioned fake alerts or modifications in Windows have occurred, you should be able to use antivirus and anti-malware programs to clean the computer.

    An example is when Malwarebytes' is able to remove System Tools in normal mode:MBAM quarantined System Tool rogue software 

    Norton Power Eraser can also detect and remove System Tool in Windows:Norton Power Eraser removes System Tool 

    Windows Defender by Microsoft also has detection to System Tool, in real-time:Windows Defender detects System Tool 

    System Tools and Windows Defender 

    The antivirus scanner in Hitman Pro is now detecting and removing System Tool, as well:Hitman Pro removes System Tool 

  • slide 4 of 4

    Other Method in Removing System Tool

    If System Tool has changed the desktop background, added the System Tool notification icon and continues to alert you with fake messages, you can try leaving the alert window of System Tool active before scanning using any of the above anti-malware or anti-virus software. However, if you experience problems running any applications, you should proceed to using the below steps on how to remove System Tools in Windows:

    • Reboot the computer to safe mode with networking.
    • Use Rkill to end the malicious processes added by System Tool trojan.
    • Scan the computer using Malwarebytes, Hitman Pro, Windows Defender, A-squared Anti-malware or your antivirus program.
    • Review the connection settings in Windows using Internet Options. Make sure that the LAN settings are not configured to use proxy server, if you are not really behind a proxy connection.
    • Reset the hosts file in Windows using Microsoft Fix it 50267.

    Note that if you use Hitman Pro, you can press the left Ctrl key when opening the Hitman program. This will make Hitman Pro end the malicious processes added by the rogue program, System Tool 2011.

    Image credit: Screenshots taken by the author.