System Check is a malicious program which pretends to be a computer defragmenter and system analysis software. It is from the same family of malware as System Fix, Data Recovery, Master Utilities, PC Repair, System Repair, Windows XP Repair, Windows XP Fix, etc. It is promoted and installed itself on your computer without your permission and knowledge through the use of trojans or other malicious software. Moreover, the scammers may also distribute System Check on Twitter, My Space, Facebook, and other social networks. Please be careful when opening attachments and downloading files or otherwise you can end up with a rogue program on your PC.
When System Check is installed, it will perform a fake scan of your computer then tells you it has found numerous critical errors. Next, it will prompt you to pay for the fake software before it “repairs” your machine of the problems. Of course, all of these errors are a fake. So, you can safety ignore the false scan results.
While System Check is running, it will block legitimate Windows applcations on your computer and won’t let you download anything from the Internet. Moreover, it will display various fake critical errors alerts that the computer’s hard drive is corrupt in order to frighten you into purchasing this useless application. Some of the fake errors are:
The system has detected a problem with one or more installed IDE / SATA hard disks.
It is recommended that you restart the system.
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
Critical error
Windows can`t find disk space. Hard drive error.
System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Windows – No Disk
Exception Processing Message 0×0000013.
Of course, all of these warnings are a fake. This is an attempt to make you think your computer in danger. Like false scan results you can safely ignore them.
As you can see, obviously, System Check is a scam, which created with only one purpose – to steal your money. Most important, don`t purchase the program! You need as quickly as possible to remove the malicious software. Follow the removal instructions below, which will remove System Check and any other infections you may have on your computer for free.
Use the following instructions to remove System Check infection
Click Start, Type in Search field %allusersprofile% and press Enter (if you use the Windows XP, then click Start, Run and type a command in Open field). It will open a contents of “ProgramData” folder (“All Users” folder for Windows XP).
System Check hides all files and folders, so you need to change some settings and thus be able to see your files and folders again. Click Organize, select ”Folder and search options”, open View tab (if you use Windows XP, then open Tools menu, Folder Options, View tab). Select “Show hidden files and folders” option, uncheck “Hide extensions for known file types”, uncheck “Hide protected operating files” and click OK button.
Open “Application Data” folder. This step only for Windows XP, skip it if you use Windows Vista or Windows 7.
Now you will see System Check associated files as shown below.
Basically, there will be files named with a series of numbers or letter (e.g. 2636237623.exe or JtwSgJHkjkj.exe), right click to it and select Rename (don`t rename any folders). Type any new name (123.exe) and press Enter.
You can to rename only files with .exe extension. Its enough to stop this malware from autorunning.
Reboot your computer.
Now you can unhide all files and folders that has been hidden by System Check. Click Start, type in Search field cmd and press Enter. Command console “black window” opens. Type cd \ and press Enter. Type attrib -h /s /d and press Enter. Close Command console.
If your Desktop is empty, then click Start, type in Search field %UserProfile%\desktop and press Enter. It will open a contents of your desktop.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start System Check removal process. When disinfection is completed, a log will open in Notepad. Reboot your computer.
System Check may be bundled with TDSS trojan-rootkit, so you should run TDSSKiller to detect and remove this infection.
Download TDSSKiller from here and unzip to your desktop. Open TDSSKiller folder. Right click to tdsskiller and select rename. Type a new name (123myapp, for example). Press Enter. Double click the TDSSKiller icon. You will see a screen similar to the one below.
TDSSKiller
Click Start Scan button to start scanning Windows registry for TDSS trojan. If it is found, then you will see window similar to the one below.
TDSSKiller – Scan results
Click Continue button to remove TDSS trojan.
If you can`t to download or run TDSSKiller, then you need to use Combofix. Download Combofix. Close any open browsers. Double click on combofix.exe and follow the prompts. If ComboFix will not run, please rename it to myapp.exe and try again!
Your system should now be free of the System Check virus. If you need help with the instructions, then post your questions in our Spyware Removal forum.
System Check removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
System Check creates the following files and folders
%UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
%CommonAppData%\[RANDOM]
%CommonAppData%\~[RANDOM]
%UserProfile%\Desktop\System Check.lnk
%CommonAppData%\[RANDOM].exe
%Temp%\smtmp\
%Temp%\smtmp\1
%Temp%\smtmp\2
%Temp%\smtmp\3
%Temp%\smtmp\4
Note: %CommonAppData% is C:\Documents and Settings\All Users\Application Data (for Windows XP/2000) or C:\ProgramData (for Windows 7/Vista)
System Check creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\USE FORMSUGGEST = Yes
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CERTIFICATEREVOCATION = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONBADCERTRECVING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONZONECROSSING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\3\1601 = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\STATE = 146944
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\CONTROL\SESSION MANAGER\PENDINGFILERENAMEOPERATIONS = \??\%CommonAppData%\[RANDOM].exe
System Check removal – Video instructions
System Check is basically clone of Windows XP Repair, so you can use the video guide below to remove this malware.
Thank you so much! I am just about back in action. Unfortnately, I still have a System Check icon on my desk top and System Check also appears under all programs. Should I delete these? Or uninstall? Scared to do anything with out some advice. Again, Thank you so much for getting me this far.
I got the malware stopped, and the program seems to have removed it, but my desktop is still blank…the h/s/d black screen said access denied on almost all of the lines
After install and run TDSSkiller my disk died because TDSSkiller clean my boot sector. FCK!
how do I restore my old settings? I have gone through all the steps and the virus is gone buy my desktop and start menue etc is still the same as it was from the virus
So I tried, this, and at the attrib -h /s /d part, all I get is access denied errors. I’m the system administrator, and I’ve tried running this As an administrator, in safe mode, in safe mode as an administrator, and all I get is Access Denied.
Any ideas?
The steps realy work! Thank you so much I can use my coumputer again. I have tried other sites steps and they only temporaly fixed the problem.
I have windows xp and my search field is blocked or hidden. Any suggestions? I tried in safe mode, but still blocked. I was able to disable the malware from running. Thank you
Testing to see if these are real comments.
I ran everything and can open programs again but all my icons on my screen are still greyed out and noting shows in my start menu either. Any suggestions?
Thanks, lifesaver, Got rid of it. Only thing is my desktop has changed, no quicklaunches either and there is nothing in the startup menu, program’s etc. Anyone know how to restore them?
Won’t allow me to run tdskiller.exe – says its too large.
This was a great find for me. It really helped me out. Thanks
I’m stuck at the first step. I clicked start to access the run command, however run is hidden. I have the computer in safe mode with networking by the way.
Cheers for this, Worked a treat.
I am able to sign onto my account after disabling System Check by changing the file names. New problem; “Services and Controller app has encountered a problem” pops up, then “System Shutdown – System Process WINDOWS/System32\services.exe has failed, status code -1073740972. I am unable to run Malwarebytes before the computer shuts down. Is there a way to disable this, or get around it?
For some reason the attrib wont unhide my files =/
Hi, thanks so much for the guide.
It’s really helpful.
Anyway, I still couldn’t unhide the files.
When I did this step
“Command console “black window” opens. Type cd \ and press Enter. Type attrib -h /s /d and press Enter.”
It showed all files lists, however
on the left side,
It said ” Not resetting system file or Access Denied”
then none of the files was restored
Could you please help me?
All problems’ fixed
Thank you very much for your help 🙂
Thank you guys soooooo much for all this help!!! For 10 minutes I was freaking out convinced my hard drive had failed..this virus was really somewhat convincing for a bit. I really appreciate your clear concise directions. My only concern is I still can’t see files correctly under program files in the start menu. For example it says (empty) under iTunes, when I’m certain this is not actually the case.
I’m fairly certain I’ve gotten rid of the virus on my machine (all thanks to you guys!) If you have any other suggestions to fix please let me know!
Thank you so much again for saving hours of my time! 🙂
Thanks for the instruction, it did work.
when i do the attrib -h/s/d part is says access denied and doesnt stop.. ?? help……!
I have done all above but I getting access denied when I run the cmd attrib part. When I reboot the folders are still there but are “empty”, still no icons, and if I just clcik on the c:\ and highlight all the content; all the files are still checked hidden. Running Windows 7.
I keep getting “access denied” messages when I try to do the command line instructions. I’m sure I’m logged in as admin and i got the syntax right.
I think the virus is off, but I still show no windows programs or anything that was on my comuter previous to the virus?
THANK YOU FOR THE INFO, THIS SYSTEM CHECK VIRUS IS A REAL NIGHTMARE< THANKFULLY YOUR SOLUTION WORKED. THANKS AGAIN!! 😉
I get a bunch of “access denied” and “Not resetting system file…” errors while trying to run attrib -h /s /d on windows 7. any ideas?
HELP! I got this virus and it did a scan on my computer. Next thing you know, the icons on my desktop are gone. I tried to restart but the computer doesn’t load anything and it is just stuck on a black screen with a flashing hyphen/underscore on the left top corner. I didn’t purchase the program they asked to purchase. HELP!!! What do I do???
Thanks for the help. I followed the directions; installed Malwarebytes, and got some functionality back. However, my background is still black and when I click the windows button (I have Windows 7) the pop-up tab is blank. Anything else I can do?
Also, it looks like this virus sprang up a lot recently. Any idea where its coming from?
Thanks again
Thanks heaps thought i was screwed
Thanks heaps a big help