System Fix a fake computer optimization software that detects numerous false problems and displays various critical errors alerts on the computer. The rogue program from the same family of malware as Data Restore, Data Recovery, Master Utilities, PC Repair, System Repair, Windows XP Repair, etc. It is promoted and installed itself on your computer without your permission and knowledge through the use of trojans or other malicious software. Moreover, the scammers may also distribute System Fix on Twitter, My Space, Facebook, and other social networks. Please be careful when opening attachments and downloading files or otherwise you can end up with a rogue program on your PC.
When System Fix is installed, it will perform a fake scan of your computer then tells you it has found numerous critical errors. Next, it will prompt you to pay for the fake software before it “repairs” your machine of the problems. Of course, all of these errors are a fake. So, you can safety ignore the false scan results.
While System Fix is running, it will block legitimate Windows applcations on your computer and won’t let you download anything from the Internet. Moreover, it will display various fake critical errors alerts that the computer’s hard drive is corrupt in order to frighten you into purchasing this useless application. Some of the fake errors are:
The system has detected a problem with one or more installed IDE / SATA hard disks.
It is recommended that you restart the system.
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
Critical error
Windows can`t find disk space. Hard drive error.
System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Windows – No Disk
Exception Processing Message 0×0000013.
Of course, all of these warnings are a fake. This is an attempt to make you think your computer in danger. Like false scan results you can safely ignore them.
As you can see, obviously, System Fix is a scam, which created with only one purpose – to steal your money. Most important, don`t purchase the program! You need as quickly as possible to remove the malicious software. Follow the removal instructions below, which will remove System Fix and any other infections you may have on your computer for free.
Use the following instructions to remove System Fix infection
Click Start, Type in Search field %allusersprofile% and press Enter (if you use the Windows XP, then click Start, Run and type a command in Open field). It will open a contents of “ProgramData” folder (“All Users” folder for Windows XP).
System Fix hides all files and folders, so you need to change some settings and thus be able to see your files and folders again. Click Organize, select ”Folder and search options”, open View tab (if you use Windows XP, then open Tools menu, Folder Options, View tab). Select “Show hidden files and folders” option, uncheck “Hide extensions for known file types”, uncheck “Hide protected operating files” and click OK button.
Open “Application Data” folder. This step only for Windows XP, skip it if you use Windows Vista or Windows 7.
Now you will see System Fix associated files as shown below.
Basically, there will be files named with a series of numbers or letter (e.g. 2636237623.exe or JtwSgJHkjkj.exe), right click to it and select Rename (don`t rename any folders). Type any new name (123.exe) and press Enter.
You can to rename only files with .exe extension. Its enough to stop this malware from autorunning.
Reboot your computer.
Now you can unhide all files and folders that has been hidden by System Fix. Click Start, type in Search field cmd and press Enter. Command console “black window” opens. Type cd \ and press Enter. Type attrib -h /s /d and press Enter. Close Command console.
If your Desktop is empty, then click Start, type in Search field %UserProfile%\desktop and press Enter. It will open a contents of your desktop.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start System Fix removal process. When disinfection is completed, a log will open in Notepad. Reboot your computer.
System Fix may be bundled with TDSS trojan-rootkit, so you should run TDSSKiller to detect and remove this infection.
Download TDSSKiller from here and unzip to your desktop. Open TDSSKiller folder. Right click to tdsskiller and select rename. Type a new name (123myapp, for example). Press Enter. Double click the TDSSKiller icon. You will see a screen similar to the one below.
TDSSKiller
Click Start Scan button to start scanning Windows registry for TDSS trojan. If it is found, then you will see window similar to the one below.
TDSSKiller – Scan results
Click Continue button to remove TDSS trojan.
If you can`t to download or run TDSSKiller, then you need to use Combofix. Download Combofix. Close any open browsers. Double click on combofix.exe and follow the prompts. If ComboFix will not run, please rename it to myapp.exe and try again!
Your system should now be free of the System Fix virus. If you need help with the instructions, then post your questions in our Spyware Removal forum.
System Fix removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
System Fix creates the following files and folders
%UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
%CommonAppData%\[RANDOM]
%CommonAppData%\~[RANDOM]
%UserProfile%\Desktop\System Fix.lnk
%CommonAppData%\[RANDOM].exe
%Temp%\smtmp\
%Temp%\smtmp\1
%Temp%\smtmp\2
%Temp%\smtmp\3
%Temp%\smtmp\4
Note: %CommonAppData% is C:\Documents and Settings\All Users\Application Data (for Windows XP/2000) or C:\ProgramData (for Windows 7/Vista)
System Fix creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\USE FORMSUGGEST = Yes
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CERTIFICATEREVOCATION = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONBADCERTRECVING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONZONECROSSING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\3\1601 = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\STATE = 146944
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\CONTROL\SESSION MANAGER\PENDINGFILERENAMEOPERATIONS = \??\%CommonAppData%\[RANDOM].exe
System Fix removal – Video instructions
System Fix is basically clone of Windows XP Repair, so you can use the video guide below to remove this malware.
Using Windows 7.
“Step 4 Now you will see System Fix associated files as shown below.” <— This does not automatically happen for me. And when I try to go to the Documents and Settings folder manually I get this error message:
"C://Documents and Settings Folder is not accessible. Access Denied."
Please help. Thank you.
gracias!
It all appears to have worked ok up to number 16. However, almost all of my files are translucent (when i clicked on their properties they are hidden and occasionally read only as well).
I tried to download and run first the tdsskiller and then combofix and renamed both of them and it still won’t get rid of the tdss trojan redirection internet thing.
When I click on either of them, the windows message comes up asking if it the programme has my permission to continue and when I click continue nothing happens. Sometimes on the combofix it appears to do some sort of scan, but when it is completed nothing comes up explaining what happened, nothing appears to have changed and still nothing happens. Please help – i thought that getting rid of the tdss trojan was the easy part!
Hi there,
I tried Malwarebytes and it stopped the virus from executing, but there are still system fix files, and icons on my PC, any idea how I can remove it fully?
OMG!!! I did it !
I will have my friends call me a genius for a day at least ! If I could do it anybody could !
thank you , thank you very very much ! YAY !
You are a saving angel !!!
Sincerely ,
raley
Thx a lot. My pc just got infected by this virus. I am following your instructions.
Wow, thank you so much for the detailed guide, this helped me so much!!
I was running Norman Antivirus and it detected a trojan, moved it to quarantine, but apparently that wasn’t enough, in the meantime my computer started acting crazy and was getting many fake popups telling me my hard drive, memory, etc were failing and all my files disappeared which freaked me out!
I came across this post when I was Googling System Fix and following the guide seems to have fixed all the issues. I’ve now deleted Norman and am running Kaspersky which I’ve been successfully running on other computers, never going back to Norman again, this is the second infection it has allowed to occur!!
So many many thanks !!!!
it attacked me last night and i was sure all my files were deleted an i had some really important files !!!
I did just like in this article, and i got my computer back !!!!
THANKS !!!
Noga
Thank you very much for this very clear solution to a very irritating and worrying problem.
Thanks very much! This is the only guide I found that actually told me how to fix the damn thing w/o having to install whatever AV they were trying to sell. Spyware Docter identified it, but failed to remove it (glad I didn’t pay for the reg code ;-P ).
The only addendum I would make would be to run a system restore once you get the virus all removed. TDSSKiller wouldn’t run for me, but ComboFix did the final cleanup. After I reverted to a restore point from before the infection my machine was fully back to normal.
removed the virus – thanks – but all my program and data files are still “hidden” – how can I can make them reappear?! Thanks.
Thanks. This stopped the annoying fake warnings, but my programs and documents are still invisible. I could not for some reason get TDSSkiller to work. And when I ran combofix, it became ran as some other name, purported to find over 1,000 issues. It said it was “free,” but when I tried to use it to remove all issues, it asked for money to “register.” I declined. Any advice is greatly appreciated.
Many, many thanks. I followed the same procedure but used SuperAntiSpyware instead of MalwareBytes. I am a tech and have a license for SAS, thats why the change. The key was stopping System Fix from auto starting in step 5. In my case TSSDKiller did not find anything.
I had to do one extra step – right click Start and set Control Panel, Computer, etc. to display as menu. Worked perfectly. Thanks again.
Thanks for this. Changing the file names and using Malware stopped the fake alerts. However my programs and files are still invisible and the computer is super super slow. Also y searches are redirected to ads posing and legit websites. I was unable to get TSKiller to run. I tried combofix as suggested, but it downloaded as something called by a different name, one I cannot recall. It claimed to be free, located over 1,000 issues, then wanted $ for “registration” in order to remove them. I opted not to pay and deleted the now suspect program. If anyone can give further guidance, I’d appreciate it. thanks
when I scan with tdsskiller. it didnt detect any trojan. yet my files on desktop,computers and still in hidden. what to do? sorry for bad english
Woo it solved, great!!!
but I am not able to unhide the files.
pls help me.
But I am not able to unhide the files
Thank you so much for your great help!
But my start menu doesn’t even have run! How to fix it now?
brilliant, thanks. very helpful.
So, what if i’ve done all of these steps, even purchased the MBAM.. and system fix is still attacking once i reboot?
Butler, try re-download Combofix. Its a free malware remover.
I followed the instructions up to “application Data file” It is locked and cannot be accessed. How do I unlock it?
access denied is on almost everything you suggest to do
Please Help!
I have Windows XP Home. When I got to Start I do not see anything but an empty window, certainly no Run box. So there does not seem to be a way to follow the instructions for dealing with System Fix.
This was perfect… only one problem. When I executed step 7, I could see the process going file by file, but next to each one it said ACCESS DENIED. So it didn’t batch unhide all my files. Any suggestions for what to do?
thanks so much for this. really easy to follow (even for a not very tech savvy person like me) also had probsquare when first tries to download combofix but worked fine when i re-downloaded it.
I have tried many things, but everytime I change the settings under the folder options checking and unchecking things you said, it still will not let me open the Application Data folder. Please help ASAP. I have a paper due tonight and I haven’t been able to type it. Thank you.
Hi. I tried following this guide, but the Application Data file is locked and I don’t know how to open it. Can anyone help me?
Do I do this in safe mode? Normal mode is a black screen