Fake Scanner Sites
Google Search Redirects
System Tool 2011
Alias: System Tool 2011, System Tool 2011 Virus, System Tool 2011 Trojan, System Tool 2011 Fake Antivirus
Description: Posted on: Nov 20, 2010 12:11am
System Tool 2011 is a new fake antivirus product which hijacks your computer and uses scare tactics to get you to purchase the full version. Just like other fake antivirus programs, System Tool 2011 disables your existing antivirus and antispyware programs. It can also block access to help forums and to major name brand antispyware and antivirus vendor websites. System Tool 2011 disables Task Manager so that you will not be able to shut it down manually.
System Tool 2011 occasionally harasses the user with warnings and messages saying that their computer is infected and is under attack from hackers. In most cases we have seen, System Tool 2011 is installed by a trojan or mistakenly downloaded from one of many fraudulent Fake Scanner Sites.
System Tool 2011 displays exaggerated fake scan results similar to those shown below:
System Tool 2011 places an annoying warning message on your desktop similar to the one shown below:
If you are unable to run programs, this is because System Tool 2011 has disabled them.
System Tool 2011 Special Removal InstructionsPlease make sure to bookmark this page as you may need to refer back to it to complete the removal steps.
Step 1: Download SpyNoMore onto the infected computer. If you are unable to download SpyNoMore directly onto the infected computer, you can download it to a clean computer and transfer it to the infected computer (by using a network or a flash drive). NOTE: This version of the installer will be named iexplore.exe.
Step 2: Double-click the downloaded file to install SpyNoMore on the infected computer. When the installation is completed, SpyNoMore will check for and download available updates which may alert System Tool 2011 to its presence at which point System Tool 2011 may shut down SpyNoMore. If SpyNoMore is shut down by the infection, simply restart SpyNoMore from the desktop shortcut.
Step 3: SNM will scan your computer and if System Tool 2011 is present, SNM will detect it and you will be able to see either System Tool 2011 or Security Master AV in the scan results. These two are the same product. Please note that the free version of SpyNoMore will only show you the detections but will not remove them. In order to remove the infection you need to purchase a 1-year license which costs $29 (or $39 for 3 computers). In all cases, you will be able to see System Tool 2011 in the free version scan results.
Step 4: After the scan is complete and you are able to see System Tool 2011 in the scan results, you can purchase the activation key and proceed to remove the infection. If you are unable to purchase the activation key from the infected computer, you can do so from a clean computer by clicking on our Purchase link on spynomore.com. Simply write down the activation key and use it to activate SNM on the infected computer. This will remove System Tool 2011 and restore your internet connection. You will again be able to run your programs and applications without trouble.
Step 5 (optional): It would be a good idea to check your computer for rootkits (which are basically hidden trojans) which may have tagged along with System Tool 2011. To do so, download and run TDSSKiller by Kaspersky Labs.
Step 6 (optional): If TDSSKiller does find a rootkit, it will ask you to restart your computer so that it can remove the rootkit(s). After your computer restart, scan your computer once more with SpyNoMore to make sure everthing is OK.
Hint: If SpyNoMore is unable to download updates, click on SpyNoMore's 'Settings' button and uncheck the box that says 'Use Internet Explorer settings'.
Hijacker - A Hijacker is a software application that takes control of your browser's settings. Usually it changes your home page and redirects it to some unknown site or modifies your search settings. It prevents you from changing back your browser's settings. An infected browser usually operates much slower.
Ransomware - Ransomware is a software application that infects a computer and asks for money to have the infection removed.
Trojan - A Trojans or Trojan Horse is any programs that installs itself secretly normally via malware programs, quite often with sinister intent. Once installed, the trojan author (hacker) can gain complete control of the infected PC. Trojans are usually designed to steal sensitive information and/or destroy the system. Trojans can be distributed as unsolicited email attachments, or bundled with freeware and shareware programs.
Advice: Remove This is a very high risk threat and should be removed immediately as to prevent harm to your computer and / or to protect your privacy.
SpyNoMore removes System Tool 2011: Yes
Threat risk: Very High Risk
Extremely dangerous malware. Uses stealth installation, randomly named entries and has the capability to self update or resurrect after incomplete removal. Almost impossible to remove manually. Category mostly consists of trojans and spyware.
Running Process Signatures:
Registered Dll (Dynamic Link Library) Signatures:
SpyNoMore Collected Residual File Signatures: