System Check is a malicious program which pretends to be a computer defragmenter and system analysis software. It is from the same family of malware as System Fix, Data Recovery, Master Utilities, PC Repair, System Repair, Windows XP Repair, Windows XP Fix, etc. It is promoted and installed itself on your computer without your permission and knowledge through the use of trojans or other malicious software. Moreover, the scammers may also distribute System Check on Twitter, My Space, Facebook, and other social networks. Please be careful when opening attachments and downloading files or otherwise you can end up with a rogue program on your PC.
When System Check is installed, it will perform a fake scan of your computer then tells you it has found numerous critical errors. Next, it will prompt you to pay for the fake software before it “repairs” your machine of the problems. Of course, all of these errors are a fake. So, you can safety ignore the false scan results.
While System Check is running, it will block legitimate Windows applcations on your computer and won’t let you download anything from the Internet. Moreover, it will display various fake critical errors alerts that the computer’s hard drive is corrupt in order to frighten you into purchasing this useless application. Some of the fake errors are:
The system has detected a problem with one or more installed IDE / SATA hard disks.
It is recommended that you restart the system.
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
Critical error
Windows can`t find disk space. Hard drive error.
System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Windows – No Disk
Exception Processing Message 0×0000013.
Of course, all of these warnings are a fake. This is an attempt to make you think your computer in danger. Like false scan results you can safely ignore them.
As you can see, obviously, System Check is a scam, which created with only one purpose – to steal your money. Most important, don`t purchase the program! You need as quickly as possible to remove the malicious software. Follow the removal instructions below, which will remove System Check and any other infections you may have on your computer for free.
Use the following instructions to remove System Check infection
Click Start, Type in Search field %allusersprofile% and press Enter (if you use the Windows XP, then click Start, Run and type a command in Open field). It will open a contents of “ProgramData” folder (“All Users” folder for Windows XP).
System Check hides all files and folders, so you need to change some settings and thus be able to see your files and folders again. Click Organize, select ”Folder and search options”, open View tab (if you use Windows XP, then open Tools menu, Folder Options, View tab). Select “Show hidden files and folders” option, uncheck “Hide extensions for known file types”, uncheck “Hide protected operating files” and click OK button.
Open “Application Data” folder. This step only for Windows XP, skip it if you use Windows Vista or Windows 7.
Now you will see System Check associated files as shown below.
Basically, there will be files named with a series of numbers or letter (e.g. 2636237623.exe or JtwSgJHkjkj.exe), right click to it and select Rename (don`t rename any folders). Type any new name (123.exe) and press Enter.
You can to rename only files with .exe extension. Its enough to stop this malware from autorunning.
Reboot your computer.
Now you can unhide all files and folders that has been hidden by System Check. Click Start, type in Search field cmd and press Enter. Command console “black window” opens. Type cd \ and press Enter. Type attrib -h /s /d and press Enter. Close Command console.
If your Desktop is empty, then click Start, type in Search field %UserProfile%\desktop and press Enter. It will open a contents of your desktop.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start System Check removal process. When disinfection is completed, a log will open in Notepad. Reboot your computer.
System Check may be bundled with TDSS trojan-rootkit, so you should run TDSSKiller to detect and remove this infection.
Download TDSSKiller from here and unzip to your desktop. Open TDSSKiller folder. Right click to tdsskiller and select rename. Type a new name (123myapp, for example). Press Enter. Double click the TDSSKiller icon. You will see a screen similar to the one below.
TDSSKiller
Click Start Scan button to start scanning Windows registry for TDSS trojan. If it is found, then you will see window similar to the one below.
TDSSKiller – Scan results
Click Continue button to remove TDSS trojan.
If you can`t to download or run TDSSKiller, then you need to use Combofix. Download Combofix. Close any open browsers. Double click on combofix.exe and follow the prompts. If ComboFix will not run, please rename it to myapp.exe and try again!
Your system should now be free of the System Check virus. If you need help with the instructions, then post your questions in our Spyware Removal forum.
System Check removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
System Check creates the following files and folders
%UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
%CommonAppData%\[RANDOM]
%CommonAppData%\~[RANDOM]
%UserProfile%\Desktop\System Check.lnk
%CommonAppData%\[RANDOM].exe
%Temp%\smtmp\
%Temp%\smtmp\1
%Temp%\smtmp\2
%Temp%\smtmp\3
%Temp%\smtmp\4
Note: %CommonAppData% is C:\Documents and Settings\All Users\Application Data (for Windows XP/2000) or C:\ProgramData (for Windows 7/Vista)
System Check creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\USE FORMSUGGEST = Yes
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CERTIFICATEREVOCATION = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONBADCERTRECVING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONZONECROSSING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\3\1601 = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\STATE = 146944
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\CONTROL\SESSION MANAGER\PENDINGFILERENAMEOPERATIONS = \??\%CommonAppData%\[RANDOM].exe
System Check removal – Video instructions
System Check is basically clone of Windows XP Repair, so you can use the video guide below to remove this malware.
Can’t thank you enough – everything worked like a charm. i thought my husbands laptop was truly done. God Bless.
Thank you alot, it is a great help. I also still have the problem of hidden documents. I could not reconvert them. When iwrite to codes to cmd, says access denied. Any ideas?
This tutorial is a god-send. Saved my computer from certain demise.
I could only see blank screens upon opening malwarebytes or tdsskiller. Nothing was working, so I searched the net for other help.
Tried superantispyware portable, which might have helped marginally, but on the McAfee website, I found this \Stinger\. It was the only program that opened fully without a white screen, and allowed me to see all the dialog boxes. It removed ALL of the virus, identified it, when I restarted the computer after the scan, all of the transparent hidden files were opaque once more.
However, it did not restore my hidden folders to start menu, etc. Running unhide.exe right now to see if it will do the trick!!
Thank you sooo much for this detailed but easy to follow guide.
mcafee.com/us/downloads/free-tools/stinger.aspx
this is the link to the Stinger program. Hope it helps someone else!!
Cynde C, I experienced the same issue as you, in terms of the access denied files, despite being logged on as admin. I think my suggestion will help!
Update: Unhide.exe restored everything!!!! Praise the lord. I’m so happy!! Thank you for this tutorial!!!!!
Jessica,
what is the unhide.exe when I go to C: drive my documents and settings has a lock on it that I can’t get off and this is preventing my docs from showing in start menu
Jessica, can you tell how did you restore back the hidden files? Which program did you use? Thanks Salih
Thank you. Thank you. Thank you!!! I almost fainted when i thought I’d lost MONTHS of precious video work. It worked and unhide.exe did the rest of the job. Did not repair start up menu. The latest version of system check also took out the windows sound mapper. You are a genuine life saver!!
Actually, to me right now you are God! Thanks again Dude!!
Windows XP – Worked but lost all of my quick launch toolbar shortcuts, all of my start programs (folders are there but they are empty) and all of my pinned programs. May have something to do with closing the command box too soon in step 7? Instructions lead you to believe you should close it right away, and not wait for the length process it goes thru before finishing? “Type attrib -h /s /d and press Enter. Close Command console.”
Anyway, I can probably restore from my external back-up drive.
Sound problem Problem fixed, simply ran sys config and discovered all services were disabled.
All my files are in perfect nick. Awesome, thanks again.
Thank you, Jessica! Malware bytes removed two of the trojan files, but Kaspersky didn’t detect/remove any of the infected files, and I was too nervous to run combofix since the warning message says it should only be used be people who know what they are doing (which I don’t). So instead I downloaded the Stinger program you recommended, and it detected and cleaned the rest of the virus. Still can’t see any programs in my Start menu, so I’m going to try the Unhide.exe program now. Thanks so much to the person who created this help tutorial and to Jessica! You two have REALLY helped me today! Bless you both!
Hi There, I got the same message of access denied when I do the attrib -h /s /d
I am now running the mcafee stinger that Jessica mentioned but where is the Unhide.exe?
Thanks
Thank you! Great tut!
This is the worst virus ever! When it hit, I did as stated above and got everything back to normal and everything scanned clean from there on. BUT when I look in program files IT IS STILL THERE!!! If I try to put it in the delete bin it excutes with all those pop ups, but my computer is thankfully still acting normal. I tried Jessica’s and AVG said it was a serious threat. So, is there anything that will totoally get this out of my PC? TIA!!!
Thankyou, this saved my pc. I hope that the ppl who designed this system check will fall down the stairs 🙂
I did the mistake of not examining what I was ‘clicking’ and activated this malware bigtime. What a mess. But I will say that your explanation/instructions were excellent. One of the best for clearing malware.
Jeff CISSP 2009
I can’t get online on my infected computer so how were you able to download this Malwarebytes program?
Excellent, precise, well-written. God bless you.
I currently have this virus and follow your steps. However it won’t let me open the Application data folder – what can I do…?! I really appreciate your help since my computer is completely “dead” apart from this virus…
I did these steps and when computer rebooted it won’t boot up, just comes on and sits there. I think files were still hidden and the boot files can’t be accessed. Typing on my phone, please help.
It pisses me off that there are people out there that create viruses like this. Thank God there are people like you who help us remove them. You guys rock!!
Thank you very much – really useful, and thanks, Jessica, for the Stinger link.
Thank you SO much. I tried many different techniques and they took hours. Yours helped me within a good 20 minutes. Does anyone have any suggestions on how to get any of my desktop icons or files back?
thank you!!
also Unhide.exe helped me to restore all the hidden files and shortcuts
This WORKED!!!!!!!!!!!!!!!!!!!!!!!!!!
Thank you so much!!!
I took my computer to bestbuy, they said dignostic will be 75 and virus removal will be 200!!
I am sooooo happy I did not pay a penny and fixed this problem!!
THANK YOU!
ps. my start menu’s program files are still gone. I can fine any programs on my start menu. But i can live with that 🙂
It worked but my icons and my user files are all hide, what can I do to make them appear again?
help system check has gone but so had my mirosoft office programmes. Freaking out! Please help!!!
Thanks Jessica….your solution worked. I was stuck at the same problem as Cynde C. I then run stinger.aspx and unhide.exe. Everything is fine now, except I still don’t see start menu. I will see if I can figure that out
Thanks
This is what I found out from another website-
That menu is made by two sections.
The upper portion are pinned programs.
You can pin any program by right clicking on it and then clicking on \Pin to start menu\
Right click on Start button, click \Properties\ and \Start menu\ tab.
Bottom part are frequently used programs.
Make sure both boxes are checked in \Privacy\ section.
When you do this the above section will repopulate over time.
Quote:
or the portions on the right side of the start menu such as My Documents, Control Panel, Pictures, etc. that used to be there
While at \Start menu\ tab, click on \Customize\ tab and checkmark all items you want see on right hand side.