System Tool 2011 Removal Instructions

This System Tool 2011 removal guide includes 2 System Tool 2011 Videos and a Manual Guide.

Jacob is the Creator of this guide and the person donating his time and efforts to create the videos for this guide as well as any updates. He is also helping to respond to comments for the System Tool 2011 guide. You can show your support by clicking the FaceBook Like button and by mentioning the RemoveVirus.org website to others. All purchases of software linked on this site also help support the RV website.

Updated: 3-6-2011: Latest instruction set added for newer traces.

Updated: 1-09-2011:  New Security Tool 2011 file paths.

Description: System Tool 2011 AKA System Tool is a clone of Security Tool.  This false security client is nothing more than a scam setup to steal peoples money.

 

 How Did I get infected with System Tool 2011?

Computers get infected with System Tool 2011 from what is known as a Drive By Download and from installing a program that that thought was something else like a video update. A drive by download is when a malicious website or website that has been hacked, injects code onto that web page and when a user visits the page he/she is prompted to run or install a program. In some cases these programs may auto install. Most paid clients out there like Spyware Doctor with Antivirus are able to block these types of infections. If your antivirus software did not block this install you should consider making a switch. It's obvious whatever you have is not protecting you.

What is System Tool 2011 Doing to My Computer Right Now?

The scan results found by this bogus security client are all fake.  The warning messages shown are also fake. Normally System Tool 2011 hijacks the users desktop on XP systems. It will also block security clients from running and installing as well as all other executables except firefox.exe and iexplorer.exe and a few others.

While you may get security measures about your system sending out spam or your private files benign accessed. In most cases these are false warnings meant to scare you into making a purchase of this client.

Here are some examples of FALSE messages that System Tool 2011 puts out.

Warning!
Application
cannot be executed. The file FILE NAME HERE is infected.
Please activate your antivirus software.

System Tool Warning
Your PC is infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details.
Click here to activate protection.

System Tool Warning
Intercepting programs that may compromise your private and harm your system have been detected on your PC.
Click here to remove them immediately with System Tool.

For many people the users Desktop may also be highjacked. The image below shows this warning. It is all made up to scare and trick the user into making a purchase. The message is

Warning!
Your're in Danger!
Your Computer is infected with Spyware!

System Tool 2011 Removal

Again the above message is meant to scare the user into making a purchase.

 

System Tool 2011

» Download System Tool Removal Software

You need to remove System Tool 2011 as soon as you can. In many cases users have other hidden trojans installed on their computer as well. This is why it's so important to run a full virus scan even if you follow the manual removal guide below.

System Tool 2011 Removal Video

This text will be replaced

Remove System Tool

NEW XP Guide. Works the same as the above. Just different file paths. The above video shows more insight.

Remove System Tool 2011 XP

 

HELP US:  We took the time to make this video and help you.  Please rate us on http://www.mywot.com/en/scorecard/removevirus.org .  It will only take you a minute to register and add a comment.  We would also welcome any positive facebook or social bookmark comments.

Don't forget.  If it's too hard for you to remove yourself or things just aren't working for you then a cheap route for repair is www.pcninja.com.

Remove Proxy Setting so You Can Connect to the Internet Again.

Proxy Settings

 

System Tool 2011 Manual Removal Procedures

The first step you must take in order to remove System Tool 2011 is to stop the following process. Watch the video for guidance.

  • [random].exe ( Example is gAoGm02900.exe ) Your file trace will be named different.

To Stop this process you can either browse to the file location shown below and re-name the file first and then restart your computer. Then browse to that file location again and delete the file.

The next step in System Tool 2011 removal is to delete the following file:

Windows XP:

  • C:\Documents and Settings\All Users\Application Data\[random]\[random].exe
  • New Path C:\Documents and Settings\USER NAME\Local Settings\Application Data

Windows Vista/7:

  • C:\ProgramData\[random characters ]\[random characters].exe
  • New Path C:\Users\USER NAME\AppData\Local

Once you have deleted the above executable, System Tool 2011 will no longer be running. At this time you need to run a full virus scan. RUN A SCAN. We recommend Spyware Doctor with Antivirus. You need to ensure no other viruses are on your computer.

System Tool 2011 Registry Removal Procedures

Once you have deleted the above System Tool 2011 file trace you will also want to remove the infected registry item. This is not a requirement as you already deleted the main executable.:

  • KEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce "[random]"

You should now run a full security scan to ensure no other threats are installed on your computer. We recommend you download a copy of Spyware Doctor with Antivirus.

System Tool 2011 Directories:

XP

  • C:\Documents and Settings\All Users\Application Data\[random]
  • New Path C:\Documents and Settings\USER NAME\Local Settings\Application Data

Windows 7 / Windows Vista

  • C:\ProgramData\[random characters ]\[random characters].exe
  • New Path C:\Users\USER NAME\AppData\Local

Outside Resources:

http://forums.malwarebytes.org/index.php?showtopic=66064

http://www.helpmyos.com/t2311-how-to-remove-system-tool-2011

  • technical admin

    It’s clear you need virus protection so you stop getting infected. Most likely cause is a you have a trojon downloader program on your computer that is simple installing other false clients. If you can run a virus scan I recommend you do that and see where the traces of this new threat are. We have already done several guides related to this Windows Scan program. You can always read one of the related guides. Just look at the images on the Home Page to see what threats are similar.

  • Anonymous

    When I renamed the file and restarted my computer, a new program, Windows Scan, popped up. What do I do about this?

  • Bern

    Thanks a million!!!!

    I did panic when I received the ‘WARNING’ message from System Tool 2011, especially when it suggested that my ‘Rapport’ software (which is part of my online banking logging-in process) was infected!!!!

    Thankfully, I did not open or subscribe to their site but, instead, texted a friend of mine for advice.

    Such advice not being forthcoming quickly enough, I found your site and, after viewing your video and users’ comments several times, proceeded accordingly and, surprisingly, managed to fix the problem myself (Well, I say myself but I mean without my friend’s intercession) or, rather, with your INVALUABLE guidelines and assistance!!!!

    I can’t thank or praise you enough!!! – and will DEFINITELY pass your details on to my family, friends and colleagues!!!!!

    Thank Heavens there are people like you out there who help, rather than hinder (like these swine who set up these false sites!!!!) we mere mortal computer users!!!

    Thanks again!!!!

    From a very relieved and grateful user/viewer/client???!!!!!

  • Anonymous

    so i made the mistake of purchasing the damn thing! luckily was able to get it sorted out with my bank. any who,

    i followed the steps correctly and managed to delete the system tool, but a program called “good memory” that came along with the purchase keeps popping up and running a scan. then it turns my whole screen black. then usually proceeds to restarting. what should i do?

  • technical admin

    Good Memory is a 100% seperate product. It’s a clone of dozens of other clients. I suggest you read the http://www.removevirus.org/remove-my-disk guide. We included a video in that one as well. It’s a very easy thing to remove.

    Because you got infected twice it’s a very clear sign that you have poor virus protection. I recommend you get Spyware Doctor with Antivirus and never have to worry about these things again.

  • technical admin

    Boot into safe mode with networking and donwload Spyware Doctor with Antivrius from this site. Run the full scan. It will show you the file paths and traces. Then browse to those file paths and delete them.

  • Anonymous

    Well.. I am not being able to open task manager. How can i ecit the process?

  • technical admin

    Watch the video. We show you several tricks

  • technical admin

    Nice detail. I love it when users jump in and help others out.

    Hint for others: 6)Click on AppData: (This is a hidden folder. If you can not see it just type “hidden” into the control panel search section and uncheck ( HIDE HIDDEN FILES AND FOLDERS )

    The video we included also talks about this. Be sure to still run a full virus scan to ensure you have no other viruses or spyware on the computer.

  • Anonymous

    i have read through everything and watched the video over and over. i cannot figure out how to get this off here. i dont have the icon on the desktop. i tried going into the programs data folder but there isnt anything in it and nothing is hidden. i went into program files and there isnt anything unusual in there either. i did get the task manager to come up when i restarted my computer but then im lost on what to do becuase once it loads far enough to where the system tool 2011 opens then the task manager closes so i am not allowed to do anything with it. i dont want to do a system restore because i dont want to loose anything on my computer. can you please give me some more details or explain more in detail?

  • LadyT

    The quickest way to remove system tool virus is to go into your files and delete the one that doesnt belong. Its kind of like a game…spot the folder that doesnt belong mixed with wheres waldo!!! yayyyy fun. Here are three different methods to try.

    1)First of all before you start in ‘safe mode’ see if theres an icon labeled ‘system tools’ on your desktop.
    2)If so right click on it and select ‘go to file location’. It should take you straight to the ‘virus’ so you can delete it.
    3)In order to delete the file you may have to rename it first.
    4)Also make sure you delete the icon from your desktop.
    ______________________________________________________________________

    Start your comp in safe mode. To do this you restart & while the computer is booting up you tap the F8 key right before windows starts. A screen should come up where you can select ‘Safe Mode’. Once in safe mode…

    1)Go to your start menu.
    2)Then click on my computer.
    3)Double click local disk C
    4)Click users
    5)Go to your folder (whatever your login name is) click it.
    6)Click on AppData
    7)There should be 3 folders there (local, locallow & roaming) or whatever.
    8)Make sure you have your folders set up so that you can see the ‘date created’. How do you do this? Right click on the little space above your folders labeled (name, type, size, etc) right click here and make sure ‘date created’ has a check next to it.
    9)Okay if your folders are set up like that. Click thru them until u see a ‘suspect’ folder name, such as ‘ieh338rhafb’ or something crazy like that. If you click on that folder it should have a ‘system tool’ app inside. Delete the entire folder! & make sure you delete it from the recycle bin.
    10) If you’re having trouble locating the folder this is where your ‘date created’ heading comes in…you can actually look for all folders that were recently ‘created’, until you find the weird labeled suspect one ‘afljefjah’. If the ‘system tool’ popup started on 1/1/2010 @ around 2am as mine did, then I would look for folders created on 1/1/2010 @ around 2am.
    _____________________________________________________________________

    If it’s not found here my next suggestion would be to look more specifically in the temp folder for this ‘suspect’ folder. To get to your temp folder go to START and type in %temp% this should bring the folder up.

  • Pierre

    Hello

    I got infected with this virus and i have tried to booth in safe mode on windows xp
    and was not succesfull. Nothing seem to work since then. Can I download an antimalware from an external key to get ride of this.

    Thanks

  • technical admin

    Yes you can download a antivirus client and the updates on a seperate disc and upload it that way.

    However this threat can be removed following our guide. It works and it’s been tested. watch the video if you have not done so yet. The main step is locating the location of the virus executable and either deleting it or re-naming it. After that the rest is easy.

  • MrsCats

    I first want to thank you for helping everyone. You are wonderful to perform this service!

    I cannot delete the exe because even signed in as administrator, when I click on the folder in program data, I get a message that says I don’t have permissions.

    I must have rebooted 5 times trying to make this thing go away….and all my anti virus tools were disabled. The 6th time I logged back in, all the pop ups were gone and I could now access task manager, but I am not allowed to enter, delete or modify that folder. I even renamed it.

    It’s almost as if the .exe file is no longer running……I don’t know why….but the folder is still there.

  • technical admin

    It’s not running because as you stated you re-named the file as instructed in the guide. The executable is not going to automatically execute after you change the name.

    Sounds like a permission issue is preventing you from deleting the file. You need to take ownership of the file. Then you should be able to delete it. I should point out that whatever antivirus software is installed on your computer should be able to delete this file as well.

  • MrsCats

    I did it, I did it! You were exactly right…I took ownership and then was able to delete the files and the folder.

    Again, thank you!

  • Anonymous

    Hi I was wondering what your opinion of avast! Antivirus is? It’s free and of course claims to be good. Many people like me can’t afford those expensive antivirus programs like norton. If you have Ntivirus does that protect you from malware and spyware too? ThNks for the help and sorry if you already answered this elsewhere

  • technical admin

    Glad you were able to delete the file after taking ownership. Just to confirm the current guides file paths. Was the System Tool 2011 folder in the guide correct? If it was changed what was the folder path for you?

  • technical admin

    Avast is better than nothing and one of the top FREE security clients on the market. However in my opinion it does not provide sufficient protection against viruses and spyware. No free antivirus client on the market will. Free clients are behind on current threats and do not provide enough upfront protection as the paid clients do.

    The “I can’t afford a security client” argument does not negate the fact that you need good protection and for that you will have to pay.

    The best free client on the market at this time in my opinion is going to be Microsoft Security Essentials. I still only recommend out paid clients because they offer better protection and customer support.

  • GoPwr

    Hello,

    I have watched the video and read the threads but I am unable to Rename or Delete the file (even in Safe Mode). When I go into the Permissions for the file, I am unable to change the Administrator rights (which are permanently set to Deny) access.

    I have never opened the file as I realized as soon as it was downloaded.

    Any help is much appreciated.

  • technical admin

    The process of taking ownership of a file is very well documented online. I would suggest you search for the information. If that does not work for you please post back in detail what you have already done to try to take ownership.

    In most cases you can take ownership from the folder and include all contents of that folder (inherit properties) My guess is that is your problem.

  • Anonymous

    help! i had fixed my laptop from system tool 2011 and now my brother’s computer has the same virus. i was glad to see that i remembered how to fix this. the only thing different about it was that his computer wont allow him to open control panel. what should i do now? if i cant see the hidden folders what now?

  • Ronda

    Thank you, thank you so much. I didn’t know what i was going to do. I knew I wasn’t going to enter my credit card info. Thankfully my friend found you on the internet for me. I could not get on at all, everything was locked up.
    She would watch the video and then tell me what you said. It worked, and I am grateful.

  • technical admin

    Thanks for the kind words. I’m glad you and your friend were able to put the guide to good use.

    Regards,

    Jacob

  • technical admin

    So the control panel is not opening at all? Never seen that before with this threat. Tells me you most likely have a secondary infection as well. Be sure to run a full virus scan. We recommend the SDA client as mentioned in the guide.

    With that said. You can access the hidden folders by just manually typing in the file path. For instance if you are on a Windows 7 based computer you could go to
    C:\ProgramData\ . Just type in the path in Explorer (Not Internet Explorer)

  • Anonymous

    I have watched your video and looked up so many ways to get rid of system tool 2011. My internet on my infected laptop will not let me download anything to automatically get rid of it. Sometimes it will even shut down. I only found one folder with the virus and was able to delete that after i renamed it. I set it up so i can view hidden folders. I can’t find any other unusually named folder like the one I deleted. (I deleted the shortcut too) I know my computer is still infected. I scanned it with spyware doctor and i still have low risk adware in my laptop. except around 46 of it :-/
    I am not computer savvy and it bothers me that I cant seem to find the right files no matter how much I search. I know I can try this manually but I am just about to give up. I tried putting a anti spyware program in the USB drive i have into my infected laptop, but my laptop will not read it at all. It’s really frustrating.

  • technical admin

    What is your operating System?
    Is the Main executable for system tool 2011 still running? If it is not running you should be able to download and run other security clients. If you are unable to and Security Tool 2011 is not running on your computer than that means you need to take a look at the proxy settings and remove them. That or just re-set IE.

    I would recommend you try to boot into safe mode with networking and download, install and update Spyware Doctor with Antivirus. From there you should be able to see ALL the left over traces if there are any and remove them manually.

  • Anonymous

    so i was infected with this system tool scam and before i discovered this website i was trying to figure it out on my own with no luck. a couple days or so ago i found your site and watched the video and felt confident i could get rid of it so i started my computer and was going to get er done except this time when i turned on my computer my antivirus picked it up and it seems like all the functions have returned to normal. i deleted it out of the virus chest and restarted my computer and it hasnt returned. i previously restarted my computer several times and one of the first things i did when i got this virus was did a boot time full system scan and it never got rid of it. any idea of why this might be different today and is the virus truly gone? thanks for the help and your excellent website.

  • technical admin

    any idea of why this might be different today and is the virus truly gone?

    I’m sorry but I don’t understand the question. My advice is to follow the guide and remove the traces shown in the guide. Once done install and do a full scan with Spyware Doctor with Antivirus to ensure you have no other threats installed.

    It sounds like you got re-infected with this threat. That should be a clear indication to you that whatever antivirus client you are using is not working. I recommend you upgrade. As stated we like the SDA client. You can check out http://www.antivirusreviews.com for some good ideas on what clients work.

  • john

    can’t find a file named application data???

  • Anonymous

    I don’t want to have to buy anything. Is this scan a free thing or will I have to buy it? Is there any scans I can use without money being involved?

  • technical admin

    What is your operating system? What have you already done to find the file path so we can offer more suggestions and help. With out knowing the basics it’s hard to help. Be sure to read the FULL guide and watch the videos.

    Please also paste in the path on your computer that the guide shows this threat should be in. That way I know you have looked in the correct file path.

  • technical admin

    READ THE GUIDE. We show you EXACTLY what to do to remove this threat. We recommend everyone scans there computer after they manually remove this threat with Spyware Doctor with Antivirus to ensure you have gotten everything. The scan will show you ALL file paths to any left over threats so you can manually remove them. The free trial does NOT remove and viruses. However it will protect your computer for 30 days and show you all the needed files that you need to delete to remove this virus.

    Our manual guide and videos work very well. One thing to think about is you got infected because you did not have proper protection. This threat has been out for over a year now. If you do not want to get infected with another virus down the road you will need to purchase real protection. Free clients while great and useful do not offer the needed protection a PC needs. In most cases the up front protection is very slim.

  • Anonymous56x

    i have windows xp. i right clicked on the system tool 2011 icon, clicked on properties, and identified the full file path, which starts with Application Data. Beyond that, you’ve lost me with the instructions and i cant get any further. i think in the video you’re using windows 7 and i cannot follow along with that because the file trace procedures you are showing are different than what i’m seeing on xp. i’ve also read the manual removal instructions but it does not provide enough info to get me any further. any detailed info you could provide related to a windows xp specific removal would be greatly appreciated.

  • Anonymous

    System Tool 2011

    There’s no desktop icon, but the program engages immediately upon startup. I “unstalled” the software, but it still activates. Viewed the video, found the System Tool folder, but it’s empty. Any ideas?

  • technical admin

    While the file paths may be different you do the exact same steps.

    You have identified the folder that contains this threat. Now browse to that folder and re-name the executable and re-boot your computer. Once your computer starts back up you can now delete that file you renamed and run a full virus scan on your computer.

    Let me know if this answered your question. I’m not sure how else to explain it. also paste in your file path so I can ensure were on the same page.

  • technical admin

    It’s obviously in a different location now.

    hit the Windows start button. In the run box type: msconfig . Now under the statup menu you can go through the list and attempt to pick out the folder location of this threat. Then browse to that folder and re-name the file trace.

  • Anonymous56x

    let me just say that before i rec’d your reply i did some additional things. i did a search of files and folders for the file path ID’d from the system tool icon (application data\nPiNb05700\nPiNb05700.exe”), which showed that it was located in C:\documents and settings\visitor\start menu\programs\system tool. i did all the steps to get there and renamed the file, rebooted, then deleted the file. however, this still did not kill off the executable, so i’m not sure if i did it right. since that didnt work i did another search of files and folders of the file path and nothing came up, so i then searched for 050700, which came up as npinb05700 with a location of C:windows\prefetch. i went to that location, confirmed that it was created on the same date and time when all this system tool stuff originally occurred, and i deleted that file also and rebooted. this also didnt work in killing off the executable. i guess i dont know if i did the file traces correctly by doing it via a search of files and folders. also, i have 2 different user accounts on my computer and system tools only affects one of them. i dont know if this could be of any help to me in trying to get rid of it.

  • QC

    Thanks for this,

    spent 10 mins watching the video and it answered all my Q’s and more importantly it fixed it for me!

    Thanks again!!

    QC

  • Anonymous56x

    disregard my last comments. i finally figured it out. thanks for the help!

  • Andrew

    I have successfully deleted the folder (thank you very much for your great video!). I am now trying to install Windows updates, but the updater is failing and giving me an error which suggests that it might be spyware that is preventing me from connecting to Windows update. Any suggestions? (running Windows 7). Thanks

  • technical admin

    Have you ran a full virus scan yet as instructed by the guide? Run the scan to ensure you are no longer infected with any other viruses besides the one you already removed. Often times people have several threats on their computer.

  • technical admin

    I did read you figured it out but let me state the solution for others.

    You need to rename the nPiNb05700.exe file as instructed in the guide. You would of needed to re-name it and re-boot your computer then delete the file or delete while in safe mode.

    The start menu will have nothing but a .lnk file in it that links to the above executable (nPiNb05700.exe). The prefetch folder holds data from previous opened programs and files. So while it the nPiNb05700.exe file may be present there it in almost all cases does not matter because this file is not the one that is being called on system boot to load the threat.

    My guess is you re-named nPiNb05700.exe and got your system to work again. Be sure to run a full virus scan to ensure there are no other viruses still installed on your computer. Reply back to let us know if we got it right.

  • Richard (England)

    It’s wonderful that companies and people like you are in the world to counter strike the criminals that cause so much missery to so many people.
    Your video and website has helped me a lot and I’m entirely grateful.
    Many thanks
    Rich UK

  • Travis

    Hello, I tried to follow the video help and was able to identify the file and find the path while in safe mode and delete it. However, after I reboot to get out of safe mode, my PC will not recover, I just have a blank screen with a flashing cursor on the top left corner of the screen. I was sure I deleted the virus files and not any essential programs, but I’ve tried pressing and holding the power button on/off to try and reboot but nothing. Any ideas?? Please?

    I am running windows XP on an Azus Eee.

  • Jacob

    Your computer is booting to a USB device and not the hard drive. Simply unplug any usb devices and other peripherals besides the keyboard, mouse and video.

  • UGG Pas Cher Australia

    abaissant pour à peu près n’importe quel look fréquent. Ils soulignent une semelle intérieure en mousse douce ainsi recevoir

  • William Martin

    Can this system tool 2011 can temporary remove also the copy windows not genuine? Or only a viruses.

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.