A 2009 APWG Phishing Activity Trends Report studied 22 million computers, and found that nearly half were affected by malware of some sort. If you have been experiencing pop-ups, an increase in security scan alerts, slow performance, and other changes in your computer's performance, you are not alone. Rogue antivirus programs, a form of malware, are especially prevalent, and they can be particularly effective because they promise to provide something every computer user needs: security. System Tool urges users to purchase their software, but users quickly find that nothing has changed - except, that is, their credit card balance. Learning how to detect rogue antivirus programs is the first step in avoiding them; and removing the rogue program manually or automatically is the first step in ensuring optimal protection.
Introduction to System Tool Rogueware
System Tool, a relative of Security Tool, may also be called System Tool 2011 or System Tool 2.20. Whatever the name, this rogue antivirus program is designed solely to profit on people's need for reliable computer security. When you find your system flooded with pop-ups and warning of severe infections, you understandably want to take action. The rogue wants to spur you to take immediate action without taking the time to think. "Buy the software; get rid of the threats now," is the clear message. But what should also be very clear to computer users is that all of the dire warnings they are receiving are, in fact, fictions made up by this scareware program. This rogue antivirus program cannot scan your computer, and it cannot provide you with the level of security you need to ensure safety while browsing. The warnings are all just window dressing.
Accessing Your Machine
People would never knowingly allow scareware into their computers, and this is why rogue antivirus programs depend largely on stealth to access your machine. How do they get in?
Trojans. System Tool is most commonly associated with a trojan that disguises itself as a needed music or media codec on sites that feature freeware or shareware. In exchange for being free, third-party vendors often allow other "software" to be bundled with the video or song. This free, absolutely unnecessary software, called "crapware," often contains malicious programs. Rogues depend on this free ride to enter your system. Trojans are also commonly disguised in spam emails, fake news alerts, and sites that feature social networking, free, P2P, adult, gaming, and pirated content.
Malicious ads and websites. Rogue antivirus programs are proactive: they advertise themselves as online malware scanners. These ads are especially prevalent when you are searching for information on legitimate security programs. If you click on the ad or opt to run the "free scan," you can allow the rogue program access to your system. Similarly, malicious websites exist solely to propagate malware. They are frequently found in the search results for trending topics. Of the results for the most frequently searched topics, 10 percent of the top 100 results are malicious.
User installation. This is less common, but more insidious. The "free version" of System Tool is delivered via trojan or malicious websites. The paid or full version, which is no different in terms of security, is installed by the user. After being confronted with a flood of warnings, they are convinced there are severe security threats, and they purchase the program to remove them. Unfortunately, this is not effective, and System Tool cannot provide the security you need.
What Does System Tool Do to Your Computer?
If System Tool 2011 has entered a system stealthily, users won't know at first. During a seemingly inactive phase, the rogue modifies your security settings so it can run undetected. After this comes an active phase, and here, you will notice changes. Among them:
Blocked Access to Security Programs. When you try to run your legitimate security software, you will receive the following message:
Application cannot be executed. The file cmd.exe is infected.
Please activate your antivirus software.
Pop-ups. Pop-ups are the hallmark of any rogue antivirus program. You will see this ads in two forms: security alerts and false scan result windows. The false scan features a padlock symbol in the corner, with the "System Tool" name clearly printed in four different locations throughout the ad. It indicates that a scan is in progress and that several threats, including trojans, worms, and dialers, have been detected. You are given the options of saving this report, removing the threats, and registering. All roads lead to the same place: a page prompting you to provide your credit card information. These threats are not real, and you should avoid clicking anywhere on the ad. Close with your task manager or by pushing CTRL F4.
The pop-ups appear from your taskbar and are balloon-style alerts. The text reads as follows:
System Tool Warning
Your PC is infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details. Click here to activate protection.
Warning: Your computer is infected
Windows has detected spyware infection!
Click this message to install the last update of Windows security software...
Security Monitor: WARNING!
Attention: System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need to update your current security software.
Click Yes to download official intrusion detection system (IDS software).
Hijacked Desktop. System Tool hijacks your desktop and replaces it with a nonsensical, almost humorous, message:
You're in Danger!
Your Computer is infected with Spyware!
All you do with your computer is stored forever in your hard disk. When you visit sites, send emails...All your actions are logged. And it is impossible to remove them with standard tools. Your data is still available for forensics, and in some cases
For your boss, your friends, your wife, your children. Every site you and somebody or even something, like spyware, opened in your browsers, with all the images, and all the downloaded and maybe later removed movies or mp3 songs - ARE STILL THERE and could break your life!
Secure yourself right now!
Removal all spyware from your PC!
The lack of professionalism or maturity in the wording is always a good indicator that your system is infected with rogueware. Be assured that nothing is going to "break your life". You just need to remove this rogue program from your system.
Removing System Tool
Rogue antivirus programs are not actually viruses; they manage to change your security settings, rendering your current security program useless to detect or remove them. They are adept at hiding, so using Uninstall is not effective. But there is good news. Automatic removal via a reputable program like Anti-Malware 2.0 is easy, efficient, and designed specifically to handle elusive scareware. When choosing scareware removal software, look for those with a continually updating database, user friendly interface, and good technical support:
You can also remove System Tool manually. This is more challenging because it requires handling the system registry, which is an area that most of us are unfamiliar with. The registry can be edited by clicking Start > Run and entering "regedit." Use extreme caution when editing the registry and always make a backup first. Don't hesitate to email us if you need more detailed instructions.
5648541024.exe (or random numeric string)