Protection Software: How to Remove the System Tool Infection




Discuss this article on the PC Tools Community Forum


System Tool is a variant of Security Tool FakeAV family.




System Tool is usually downloaded to the following location.


- %commonappdata%<random>
- %commonappdata%<random><random>
- %commonappdata%<random><random>.exe
- %desktopdirectory%System Tool 2011.lnk
- %commonprograms%System ToolSystem Tool 2011.lnk


Please note:


- %commonAppData%
is a variable that refers to the file system directory that serves as a common repository for application-specific data.
A typical path is C:Documents and SettingsAll UsersApplication Data.

- %DesktopDirectory%
is a variable that refers to the file system directory used to physically store file objects on the desktop.
A typical path is C:Documents and Settings[UserName]Desktop.

- <random>
refers to random alphanumeric characters

It also creates the following keys.

- HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce “<random>”
- HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallSystem Tool2011
- HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "<random>.exe"

To manually remove System Tool, please remove the above mentioned files and registry keys if found.



WARNING:
Editing the registry incorrectly can cause serious problems that may require you to reinstall Windows.
PC Tools cannot guarantee that problems resulting from the incorrect editing of the registry can be solved.
Edit the registry at your own risk or refer to our malware removal forum for guidance.


Article Number: 191
Posted: Fri, Jan 28, 2011 4:30 AM
Last Updated: Mon, Oct 24, 2011 3:37 AM

Online URL: http://www.pctools.com/kb/article/protection-software-how-to-remove-the-system-tool-infection-191.html