The idea behind this tool is to remove hacker's account (red marked in the picture) from the Authorities of victim's account so that the hacker can not access the account when master password is changed. We need to use private active key for that. I do not think SteemConnect let users updated their active authorities, and set vesting routes, then only let users change posting authorities. I could be wrong though.

This tool should only be used if a hacker updates active authority and/or changed vesting withdrawal routes.