System Fix a fake computer optimization software that detects numerous false problems and displays various critical errors alerts on the computer. The rogue program from the same family of malware as Data Restore, Data Recovery, Master Utilities, PC Repair, System Repair, Windows XP Repair, etc. It is promoted and installed itself on your computer without your permission and knowledge through the use of trojans or other malicious software. Moreover, the scammers may also distribute System Fix on Twitter, My Space, Facebook, and other social networks. Please be careful when opening attachments and downloading files or otherwise you can end up with a rogue program on your PC.
When System Fix is installed, it will perform a fake scan of your computer then tells you it has found numerous critical errors. Next, it will prompt you to pay for the fake software before it “repairs” your machine of the problems. Of course, all of these errors are a fake. So, you can safety ignore the false scan results.
While System Fix is running, it will block legitimate Windows applcations on your computer and won’t let you download anything from the Internet. Moreover, it will display various fake critical errors alerts that the computer’s hard drive is corrupt in order to frighten you into purchasing this useless application. Some of the fake errors are:
The system has detected a problem with one or more installed IDE / SATA hard disks.
It is recommended that you restart the system.
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
Critical error
Windows can`t find disk space. Hard drive error.
System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Windows – No Disk
Exception Processing Message 0×0000013.
Of course, all of these warnings are a fake. This is an attempt to make you think your computer in danger. Like false scan results you can safely ignore them.
As you can see, obviously, System Fix is a scam, which created with only one purpose – to steal your money. Most important, don`t purchase the program! You need as quickly as possible to remove the malicious software. Follow the removal instructions below, which will remove System Fix and any other infections you may have on your computer for free.
Use the following instructions to remove System Fix infection
Click Start, Type in Search field %allusersprofile% and press Enter (if you use the Windows XP, then click Start, Run and type a command in Open field). It will open a contents of “ProgramData” folder (“All Users” folder for Windows XP).
System Fix hides all files and folders, so you need to change some settings and thus be able to see your files and folders again. Click Organize, select ”Folder and search options”, open View tab (if you use Windows XP, then open Tools menu, Folder Options, View tab). Select “Show hidden files and folders” option, uncheck “Hide extensions for known file types”, uncheck “Hide protected operating files” and click OK button.
Open “Application Data” folder. This step only for Windows XP, skip it if you use Windows Vista or Windows 7.
Now you will see System Fix associated files as shown below.
Basically, there will be files named with a series of numbers or letter (e.g. 2636237623.exe or JtwSgJHkjkj.exe), right click to it and select Rename (don`t rename any folders). Type any new name (123.exe) and press Enter.
You can to rename only files with .exe extension. Its enough to stop this malware from autorunning.
Reboot your computer.
Now you can unhide all files and folders that has been hidden by System Fix. Click Start, type in Search field cmd and press Enter. Command console “black window” opens. Type cd \ and press Enter. Type attrib -h /s /d and press Enter. Close Command console.
If your Desktop is empty, then click Start, type in Search field %UserProfile%\desktop and press Enter. It will open a contents of your desktop.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start System Fix removal process. When disinfection is completed, a log will open in Notepad. Reboot your computer.
System Fix may be bundled with TDSS trojan-rootkit, so you should run TDSSKiller to detect and remove this infection.
Download TDSSKiller from here and unzip to your desktop. Open TDSSKiller folder. Right click to tdsskiller and select rename. Type a new name (123myapp, for example). Press Enter. Double click the TDSSKiller icon. You will see a screen similar to the one below.
TDSSKiller
Click Start Scan button to start scanning Windows registry for TDSS trojan. If it is found, then you will see window similar to the one below.
TDSSKiller – Scan results
Click Continue button to remove TDSS trojan.
If you can`t to download or run TDSSKiller, then you need to use Combofix. Download Combofix. Close any open browsers. Double click on combofix.exe and follow the prompts. If ComboFix will not run, please rename it to myapp.exe and try again!
Your system should now be free of the System Fix virus. If you need help with the instructions, then post your questions in our Spyware Removal forum.
System Fix removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
System Fix creates the following files and folders
%UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
%CommonAppData%\[RANDOM]
%CommonAppData%\~[RANDOM]
%UserProfile%\Desktop\System Fix.lnk
%CommonAppData%\[RANDOM].exe
%Temp%\smtmp\
%Temp%\smtmp\1
%Temp%\smtmp\2
%Temp%\smtmp\3
%Temp%\smtmp\4
Note: %CommonAppData% is C:\Documents and Settings\All Users\Application Data (for Windows XP/2000) or C:\ProgramData (for Windows 7/Vista)
System Fix creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\USE FORMSUGGEST = Yes
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CERTIFICATEREVOCATION = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONBADCERTRECVING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONZONECROSSING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\3\1601 = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\STATE = 146944
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\CONTROL\SESSION MANAGER\PENDINGFILERENAMEOPERATIONS = \??\%CommonAppData%\[RANDOM].exe
System Fix removal – Video instructions
System Fix is basically clone of Windows XP Repair, so you can use the video guide below to remove this malware.
at the step, run -> cmd => choose the program you want to use to open this file window
what shall i do?
Thank you so much, I cant tell you how annoyed this virus made me–enough to wish a slow, painful death apon the creator and his/her entire family. This worked like a charm. I hope it is completely gone, im sure ill find out in the next few days, but at the very least you gave me a way to fight back. Thank you.
Awesome Info!! I downloaded and installed Malware but still I was getting the problem. Prime reason/suggestion was to go to allusersprofiles and rename the system fix exe files, if that wasnt done then each time I restarted pc it would have generated again and all crazy pop ups would have still come, though malware identified n deletes files and we having to run malware after each system bootup.
Thanks a million!!! Super Info!!! Keep it up 😀
Thanks for the help…I followed your advice and was able to get back up and running. I had to make some registry changes that you didn’t cover to get all the desktops working on my machine. The way I got control of my machine back is by using a hacked authorization number in System Fix’s registration box, which I then went to Step 4. Note- if you don’t do step 4, Malawarebytes will NOT find the Trojan or other infected files.
Hey All,
My comp was infected with this virus last night. I was freaking out how to get rid of it. After searching and finding different ways, I did a system restore (restoring the comp to a previous date and time) on my comp and when it booted back up, the virus was gone. So I would definitely recommend you try it!
Great info, thanks so much!
thanks for all the help, this was great at helping. the only problem i have left is that in the task bar when i go to all programs and click something, say iTunes, it says “empty” underneath. any advice on how to fix that?
Just to thank you so much, your guide saved me time, money and my files.
Very, very,very helpful.
A big Thanks !!!!!!!!!!!!!!!
Thanks, problem solved!
Typing this in the CMD did not let my folders show: attrib -h /s /d and press Enter. Close Command console.
Any suggestions?
I did all these steps and still can’t see anything in my start menu or and gadgets or normal things on my desktop (my files are also light colored still, although i see them on my desktop).
By the way, thankyou so much for this, I was freaking prior to finding this site
Thanks for the great detail post and step by step instructions to follow. I will lost without your help. Thanks a million
Omg thx soooo much!
Thanks for the great article. Two extra things worth to know:
1. The virus moves your shortcuts to %Temp%\smtmp folders. In 1 you’ll find your program shortcuts, in 2 your quick launch items
2. The program modifies two reg keys under HKCU\Software\Microsoft\Windows\CurrentVersion\Policies
Explorer\NoDesktop = 1 (to disable the desktop)
System\DisableTaskMgr = 1 (to disable task manager)
I too believe I have removed all the System Fix bugs but icons and files/folders are still hidden, what might the fix be?
Hi! I managed to change the name of the system fix in save mode so I can now run windows 7 normal without it starting. But my problem is malwarebytes can’t find any infected items updated to current version. Tdskiller found a few objects that I deleted, the system fix .exe (123.exe) is still in it’s folder but I can’t see any files from the start menu. Or my applications that I had pinned to my task bar (although I see folders and music ect on my desktop. I can’t get anything to show though. It’s doing my head in because I know it’s still here. Just can’t banish it. Using combo fix now seeing if that helps.
Hellllllp!
seriously thank you man without your help i will probably end up paying a lot to get it fix everything work outs prefect and all my data are still the same thanks a lot homie i owe you one
Hi i did all this ad now malwarebytes and tdsskiller all say my computer is clean i.e. nothing maliscious detected but even after i restart my computer the virus is still there? What else can i do? Please help as i was in the middle of doing a thesis when this happened!
A MILLION thanks! Bless you for the fix!
i got hit with this virus and your instructions saved me a lot of grief. lets all hope that the manufacturers of this virus in some way piss off a third world mafia albanian nigerian or something like that and get beheaded by them.
Thank you very much!
Hey, so i’m on the step where it tells me to open Application Data and it’s “locked” or something, won’t let me open it. What do i do now?
Okay disregard last comment, figured that out. But when i open this “black window” and type in all the commands it says access denied and i still have no internet to download malware bytes with
WOW Where would we be without people like you to help us, I thank you personally very much and this site has been my saviour.
All the best to you
excellent, did not expect it to work but followed the steps and everything works how it used to. Many many thanks! Very helpful!
thank you so much, this guide is a lifesaver. For people having issues with un-hiding everything, don’t close the cmd window until it’s back at “C:\>_ ” I had to wait about 5 minutes before it continued past the first few lines of output, but it gets there eventually
Many thanks for this, it seems to have done the job, bar a few minor desktop appearance issues. You have saved me from an extremely stressful evening!! Thanks again!!
Thank you so much…I thought all had come to an end on my computer. The instructions were easy to follow and it worked. Can’t thank you enough.
THANK YOU THANK YOU THANK YOU!!!
The malware fix worked, but I still get the black screen…thoughts?