21
Dec
2010



Bookmark and Share

Remove fake antivirus system tool 2011If you got infected by a fake antispyware called System Tool 2011 you might wish to remove it from your Windows operating system (Windows 7, Vista and XP). Such a fake antivirus is quite easy to download from the Internet as a lot of websites and blogs seems to spread it to its readers. Furthermore, it mimics famous antivirus and antimalware friendly user interfaces, so it is very difficult to distinguish it from a legit and safe one. Once it has been installed, it will scare you by sending fake spyware and virus alerts,  and opening pop-up windows alerting you that your computer has been infected (false positive warnings). An example of these scareware messages is “Warning! You are in danger. Your computer is infected with spyware”. Of course, the main goal of these scaring pop-ups is to convince you to buy a “real”  (but not so good) anti-spyware software. Let’s see how to uninstall System Tool 2011 from your Windows, safely.

In order to manually remove fake System Tool 2011, follow this easy guide:

  1. Restart your computer in Safe Mode. To do it, restart your computer and when the screen will start displaying your computer hardware configuration start pressing F8 key on your keyboard. At this point you will have to choose Safe Mode from the list of option available.
  2. Click Start.
  3. In the Search field (or Run… if you have Windows Vista), type regedit and press Enter.
  4. Delete the following Windows registry keys:
    • HKEY_CURRENT_USER\ Software\ System Tool 2011
    • HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\Windows\CurrentVersion\Run “5648541024”
    • HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run “[random]”
  5. Now, Close the Windows registry.
  6. Click Ctrl+Alt+Del to open Windows Task Manager. Kill any processes which have got to do with the malware. Most common entries to kill are:
    • 5648541024
    • 5648541024.bat
    • 5648541024.cfg
    • 5648541024.exe
    • [random numbers]
    • System Tool 2011.lnk
    • Any System Tool 2011 process.
  7. Right each entry and select Click End Process.
  8. Now, click Start and open Windows Explorer. Delete the files:
    • C:\Documents and Settings\All Users\Application Data\\[random]\ (ex.: gARQWm02930.exe)
    • C:\Documents and Settings\All Users\Application Data\\5648541024
    • C:\Documents and Settings\All Users\Application Data\\5648541024\5648541024.bat
    • C:\Documents and Settings\All Users\Application Data\\5648541024\5648541024.cfg
    • C:\Documents and Settings\All Users\Application Data\\5648541024\5648541024.exe
    • C:\Users\Desktop\System Tool 2011.lnk
    • C:\Start Menu\Programs\System Tool 2011.lnk
    • %PROGRAM_FILES%\System Tool 2011\
  9. Restart the computer.
  10. Scan the whole Windows operating system with your favorite antispyware and antivirus to make sure you have succesfully removed the pestware System Tool from your PC.



Related Articles Latest Articles
.

4 Comments to “How to Remove and Uninstall Fake Antispyware System Tool 2011”

  1. jeanine Says:

    I’m using Windows XP and am not able to follow the files to delete the virus. Any ideas on this?

  2. Abhijeet Says:

    FAIL!!!

  3. Steve Pace Says:

    All of the above is one form this Spyware has taken, however it should also be noted that it has taken up different names and no longer uses a number string, as it appeared to be easily identifiable.

    Also, if you do not have any spyware currently on your computer and you come up with the idea to download a spyware removing software on your computer AFTER you have contracted the spyware, you can ONLY download it but it will NOT let you execute the install process.
    Download the software of your choice. There are some pretty good freeware programs at http://www.snapfiles.com formerly http://www.webattack.com.

    After you have downloaded the program you desire then go ahead and execute below.

    Below is the standard approach with the changes to look for.

    1.Restart your computer in Safe Mode. To do it, restart your computer and when the screen will start displaying your computer hardware configuration start pressing F8 key on your keyboard. At this point you will have to choose Safe Mode from the list of option available.

    2.Click Start.

    3.In the Search field (or Run… if you have Windows Vista), type regedit and press Enter.

    4.Delete the following Windows registry keys:

    ◦HKEY_CURRENT_USER\ Software\ Support.com

    ◦HKEY_LOCAL_MACHINE\ SOFTWARE\
    Microsoft\Windows\CurrentVersion\Run “Gemstrmw.exe”

    ◦HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run “[random]“ <—-nothing was found in the most recent case that I found in this particular area but worth a look anyway.

    5.Now, Close the Windows registry.

    6.Click Ctrl+Alt+Del to open Windows Task Manager. Kill any processes which have got to do with the malware. Most common entries to kill are:

    There now appears to be no processes running in safe mode to "kill" any related item that it may appear to be hiding under in the task manager, does not allow you to delete it. So don't be surprised if you do not see it, it's ok.

    7. Now click Start and open Windows Explorer. Delete the files:

    C:\Documents & Settings\ all users\ application data\IGPLg06380

    By taking out the obvious (the name of it), it has moved to the less obvious by creating an apparent series of random numbers and letters. Click on the file and you will find the executable hiding in the folder.

    * NOTE: DO NOT CLICK ON THE .exe file in the folder, you will activate the spyware in safe mode and it will prevent you from deleting the file and performing the approiate corrective action.

    ◦9.Restart the computer.

    10. Execute the install process for the spyware removal program that you previously downloaded, it will then run and clean up the "left overs"

    11. Run about once a month or if you feel that you went to a website that was questionable.

  4. Andy Says:

    Hi, I follow all these but can’t do it because the files or process which need to be deleted does not show, or appear in these folders or in window task manager proces. Can anybody help. Thank you in advance. I’m using win vista homepre 32bit.


Copyright © 2007-2017 | Sitemap | Privacy | Back To Top
Best screen resolution 1280x800 or higher.
Web Talk is best viewed in Firefox.

Stat