SelectTool is a potentially unwanted program (PUP) that typically installs as a browser extension or helper application without clear user consent. Once active, it injects advertisements into web pages you visit, redirects your searches to sponsored results, and tracks your browsing activity to build detailed profiles for ad targeting. While not a virus in the traditional sense, SelectTool exhibits intrusive behavior that degrades your browsing experience and poses privacy risks through persistent data collection.
This PUP commonly bundles with free software installers, particularly download managers, video converters, and PDF tools from third-party download sites. Users rarely notice they're agreeing to install SelectTool because it's tucked into pre-checked boxes during "Express" or "Recommended" installation flows. Once established, it proves stubborn to remove through normal uninstall procedures because it scatters components across multiple locations and reinstalls itself from hidden service processes.
Threat Profile
| Attribute | Details |
|---|---|
| Threat Classification | PUP (Potentially Unwanted Program), Adware, Browser Hijacker |
| Primary Aliases | Select Tool, SelectTool Extension, SelectToolService |
| Affected Platforms | Windows 7/8/10/11; affects Chrome, Firefox, Edge, and occasionally Safari on macOS |
| First Documented | Variants observed since approximately 2018; continues active distribution |
| Distribution Methods | Software bundling, fake updates, misleading download buttons on freeware sites |
| Persistence Mechanisms | Browser extensions, scheduled tasks, Windows services, startup registry keys |
| Primary Capabilities | Ad injection, search redirection, browser settings modification, tracking cookie deployment |
| Common Filesystem Artifacts | Random-named folders in %LOCALAPPDATA% or %PROGRAMFILES%, browser extension directories |
| Network Behavior | Frequent connections to ad-serving domains, tracking pixels, affiliate redirect chains |
| Data Collection | Browsing history, search queries, clicked links, system configuration, occasionally form data |
| Removal Difficulty | Moderate — requires multiple steps due to scattered components and auto-reinstall mechanisms |
| Payload Risk | Low direct damage, but creates security vulnerabilities and may download additional PUPs |
How It Spreads
SelectTool reaches your computer primarily through software bundling operations run by third-party download platforms. When you download what appears to be legitimate freeware—a PDF reader, video codec pack, or system utility—from sites like Softonic, download.com mirrors, or file-sharing platforms, the installer often includes a "bundle" of additional software. SelectTool hides in the "Custom" or "Advanced" installation screens that most users skip past, or it comes pre-checked in the "Recommended" installation path where users simply click "Next" repeatedly without reading.
Beyond bundled installers, SelectTool also spreads through deceptive advertising on streaming sites and torrent platforms. You might encounter fake "Your video player is out of date" warnings that lead to malicious downloads, or misleading "Download" buttons on file-sharing pages that install SelectTool instead of your intended file. Some variants arrive through browser notifications after users accidentally grant permission to questionable websites, allowing those sites to push installation prompts directly to the desktop.
Distribution vectors include:
- Bundled freeware installers from third-party download sites, particularly those offering "free" versions of paid software
- Fake software update notifications for Flash Player, Java, media codecs, or browser components
- Misleading download buttons on torrent sites, file hosts, and free streaming platforms designed to look like the legitimate download
- Malvertising campaigns on legitimate websites compromised by ad injection attacks
- Email attachments disguised as invoices or shipping notifications that actually contain PUP installers
- Browser notification permissions granted to shady websites that then push installation prompts
- Pirated software cracks and keygens bundled with adware and PUPs
What It Does On Your Machine
Once installed, SelectTool immediately modifies your browser configuration to ensure its ads appear on virtually every website you visit. It injects additional advertising content into legitimate web pages, often appearing as in-text ads (random words become hyperlinks), pop-unders (ads that open behind your current window), and banner ads inserted into page margins. These aren't the normal ads website operators place—they're additional layers that override or supplement existing advertising, with revenue going to SelectTool's operators rather than the content creators you're visiting.
SelectTool also hijacks your search experience. When you perform a web search, even through Google or Bing, your query gets intercepted and routed through a series of redirect domains before reaching a results page. This redirect chain allows SelectTool to replace organic search results with sponsored links, prioritize affiliate offers, and track every search term you enter. Your default search engine setting may change entirely, pointing to unfamiliar search portals that exist solely to serve ads. Your browser's homepage and new-tab page often get replaced with SelectTool-controlled pages designed to look like legitimate search engines but filled with promoted content.
Behind the scenes, SelectTool deploys extensive tracking mechanisms. It monitors which websites you visit, how long you stay, what you click, and what you search for. This data gets compiled into behavioral profiles used for ad targeting—both by SelectTool and by third-party advertisers who purchase access to this information. The software often installs persistent cookies and tracking pixels that follow you across websites, building detailed maps of your online activity. While SelectTool typically doesn't steal passwords or financial data directly, it creates security vulnerabilities by maintaining persistent backdoor-like access to your system that more dangerous malware can potentially exploit.
The program also establishes multiple persistence mechanisms to survive removal attempts. It creates Windows services that run in the background, scheduled tasks that trigger at login or hourly intervals, and registry keys that restore deleted components. If you simply uninstall the visible SelectTool program through Control Panel, these hidden elements remain active and reinstall the visible components within minutes or after the next reboot. This resilience is intentional—the longer SelectTool remains on your system, the more ad impressions and tracking data its operators can monetize.
Manual Removal — Step by Step
Disconnect From Network and Document Symptoms
Before beginning removal, disconnect your computer from the internet by disabling Wi-Fi or unplugging the ethernet cable. This prevents SelectTool from downloading additional components or updating its configuration during removal. Take notes or screenshots of the suspicious programs you see in Task Manager, browser extensions, and any unfamiliar search engines or homepages—this documentation helps verify complete removal later.
Boot Into Safe Mode With Networking
Restart your computer and enter Safe Mode, which loads only essential Windows components and prevents SelectTool's services from starting automatically. On Windows 10/11, hold Shift while clicking Restart, then navigate to Troubleshoot > Advanced Options > Startup Settings > Restart, and select Safe Mode with Networking (option 5). This environment makes it much harder for SelectTool to defend itself during removal.
Uninstall SelectTool and Related Programs
Open Control Panel (search for it in the Start menu), navigate to Programs > Uninstall a Program, and carefully review the list sorted by installation date. Look for SelectTool, Select Tool, or anything installed around the same time your symptoms began—adware often travels in packs, so you may see multiple suspicious entries. Uninstall everything questionable, but be cautious not to remove legitimate software you recognize and use. Pay special attention to programs with generic names, missing publisher information, or installation dates matching your first symptoms.
Remove Browser Extensions
Open each browser you use and manually remove SelectTool extensions. In Chrome, type chrome://extensions in the address bar; in Firefox, use about:addons; in Edge, use edge://extensions. Remove any extension you don't recognize or didn't intentionally install—not just those with "SelectTool" in the name, as it often uses generic or misleading names like "Helper," "Shopping Assistant," or "Easy Access." After removing extensions, close all browser windows completely.
Delete Scheduled Tasks
Open Task Scheduler by typing "Task Scheduler" in the Start menu search. Navigate to Task Scheduler Library and look for tasks with names containing "SelectTool," "Updater," or generic names created by suspicious publishers. Right-click each suspicious task and select Delete. SelectTool commonly creates tasks in both the root library and the Microsoft\Windows subfolder, so check thoroughly. These scheduled tasks are what allow the infection to reinstall itself after apparent removal.
Clean Registry Entries
Press Win+R to open the Run dialog, type regedit, and press Enter to open Registry Editor. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Look for entries named SelectTool or pointing to suspicious executables in AppData folders. Right-click and delete these entries. Also search the entire registry (Edit > Find) for "SelectTool" and carefully delete found keys—be cautious here, as deleting wrong registry entries can cause system issues. If you're uncomfortable editing the registry, skip this step and rely on the malware scanner in the next step.
Run Malwarebytes or AdwCleaner
Download and install Malwarebytes (free version works fine) or AdwCleaner, both reputable tools specifically designed to detect PUPs and adware. Run a full system scan—this typically takes 30-60 minutes. These tools catch remnants that manual removal misses, including orphaned registry keys, tracking cookies, and hidden service files. Quarantine or delete everything the scan identifies. AdwCleaner is particularly effective against browser hijackers and often catches SelectTool components hiding under generic names.
Reset Browser Settings
Even after removing extensions, SelectTool may have altered your browser's default settings. In Chrome, go to Settings > Reset and clean up > Restore settings to their original defaults. In Firefox, type about:support in the address bar and click "Refresh Firefox." In Edge, go to Settings > Reset settings > Restore settings to their default values. This removes lingering homepage changes, search engine modifications, and any altered proxy settings. Note that this will disable all extensions and clear some preferences, but bookmarks and passwords remain intact.
Delete Leftover Folders
Open File Explorer and enable viewing hidden files (View tab > Hidden items checkbox). Navigate to C:\Users\[YourUsername]\AppData\Local\ and C:\Users\[YourUsername]\AppData\Roaming\. Look for folders named SelectTool, random GUID-style names created on the same date as your infection, or generic names like "Helper" or "Service" that weren't there before. Delete these folders entirely. Also check C:\Program Files and C:\Program Files (x86) for SelectTool folders. Empty your Recycle Bin afterward to prevent potential restoration.
Reboot Normally and Verify Removal
Restart your computer in normal mode (not Safe Mode) and reconnect to the internet. Open your browsers and verify that ads no longer appear abnormally, searches aren't redirected, and your homepage is what you set it to be. Check Task Manager (Ctrl+Shift+Esc) to ensure no suspicious processes are running. Monitor your system for 24-48 hours—if SelectTool was thoroughly removed, symptoms won't return. If you still see intrusive ads or redirects, additional components remain and professional removal may be necessary.
Prevention
- Download software only from official sources. Go directly to the developer's website rather than using third-party download portals like Softonic, download.com mirrors, or file-sharing sites. These platforms frequently bundle PUPs with legitimate installers to monetize free downloads.
- Always choose "Custom" or "Advanced" installation. Never click through installers using "Express" or "Recommended" settings. Custom installation reveals bundled software offers, pre-checked boxes, and additional program installations that you can decline individually.
- Read every installer screen carefully. Don't click "Next" reflexively. Look for small checkboxes that agree to install "additional software," "recommended tools," or "partner offers." Uncheck these boxes before proceeding. The desired software and the bundled junk are typically separate—you can have one without the other.
- Keep a reputable ad-blocker and anti-malware extension active. Tools like uBlock Origin (browser extension) and Malwarebytes Browser Guard help block malicious ads and warn you about dangerous download sites before you click. They won't catch everything, but they significantly reduce exposure.
- Be suspicious of update prompts. Legitimate software updates rarely arrive through browser pop-ups or unexpected windows while browsing. If you see a notice that Flash Player, Java, or a codec needs updating, close the window and manually check for updates through the official application or the developer's website.
- Maintain regular system backups. While backups don't prevent infections, they give you a clean restoration point if you do get infected. A weekly system image to an external drive means you can roll back to a pre-infection state if removal proves difficult or incomplete.
- Don't grant browser notification permissions to unfamiliar sites. When a website asks to "Show notifications," click "Block" unless you have a compelling reason to allow it. Malicious sites abuse notification permissions to push fake alerts, scam offers, and PUP installation prompts directly to your desktop even when the browser is closed.
- Educate everyone who uses the computer. Family members, employees, or anyone with access needs to understand these risks. Many infections occur because one person clicks something without recognizing the danger. A few minutes explaining what bundled software looks like can prevent hours of cleanup work.
When Computer Repair Roswell removes malware from your system, we back our work with a 90-day reinfection warranty. If the same threat returns within three months through no fault of your own, we'll remove it again at no additional charge. We also provide guidance on the security adjustments that prevented the infection from recurring, so you're protected going forward.
Bring It In
If you've followed these removal steps and still see intrusive ads, redirected searches, or suspicious browser behavior, SelectTool likely has components that manual removal missed. Some variants include rootkit-like persistence that requires specialized tools and experience to eliminate completely. That's where we come in. Computer Repair Roswell has removed thousands of PUP infections from Windows and Mac systems, and we know where these programs hide their most stubborn components.
We're located in Roswell, Georgia, and we handle both drop-off service and on-site visits for local businesses. Most adware removals take a few hours, and we typically have systems ready for same-day or next-day pickup. We'll thoroughly scan your computer, remove all malicious components, verify your browsers work properly, and walk you through the security settings that prevent reinfection. Call us at (770) 709-0097 or stop by the shop—we're here to get your computer back to normal, without the ads and without the privacy invasion that comes with programs like SelectTool.