System Check is a malicious program which pretends to be a computer defragmenter and system analysis software. It is from the same family of malware as System Fix, Data Recovery, Master Utilities, PC Repair, System Repair, Windows XP Repair, Windows XP Fix, etc. It is promoted and installed itself on your computer without your permission and knowledge through the use of trojans or other malicious software. Moreover, the scammers may also distribute System Check on Twitter, My Space, Facebook, and other social networks. Please be careful when opening attachments and downloading files or otherwise you can end up with a rogue program on your PC.
When System Check is installed, it will perform a fake scan of your computer then tells you it has found numerous critical errors. Next, it will prompt you to pay for the fake software before it “repairs” your machine of the problems. Of course, all of these errors are a fake. So, you can safety ignore the false scan results.
While System Check is running, it will block legitimate Windows applcations on your computer and won’t let you download anything from the Internet. Moreover, it will display various fake critical errors alerts that the computer’s hard drive is corrupt in order to frighten you into purchasing this useless application. Some of the fake errors are:
The system has detected a problem with one or more installed IDE / SATA hard disks.
It is recommended that you restart the system.
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
Critical error
Windows can`t find disk space. Hard drive error.
System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Windows – No Disk
Exception Processing Message 0×0000013.
Of course, all of these warnings are a fake. This is an attempt to make you think your computer in danger. Like false scan results you can safely ignore them.
As you can see, obviously, System Check is a scam, which created with only one purpose – to steal your money. Most important, don`t purchase the program! You need as quickly as possible to remove the malicious software. Follow the removal instructions below, which will remove System Check and any other infections you may have on your computer for free.
Use the following instructions to remove System Check infection
Click Start, Type in Search field %allusersprofile% and press Enter (if you use the Windows XP, then click Start, Run and type a command in Open field). It will open a contents of “ProgramData” folder (“All Users” folder for Windows XP).
System Check hides all files and folders, so you need to change some settings and thus be able to see your files and folders again. Click Organize, select ”Folder and search options”, open View tab (if you use Windows XP, then open Tools menu, Folder Options, View tab). Select “Show hidden files and folders” option, uncheck “Hide extensions for known file types”, uncheck “Hide protected operating files” and click OK button.
Open “Application Data” folder. This step only for Windows XP, skip it if you use Windows Vista or Windows 7.
Now you will see System Check associated files as shown below.
Basically, there will be files named with a series of numbers or letter (e.g. 2636237623.exe or JtwSgJHkjkj.exe), right click to it and select Rename (don`t rename any folders). Type any new name (123.exe) and press Enter.
You can to rename only files with .exe extension. Its enough to stop this malware from autorunning.
Reboot your computer.
Now you can unhide all files and folders that has been hidden by System Check. Click Start, type in Search field cmd and press Enter. Command console “black window” opens. Type cd \ and press Enter. Type attrib -h /s /d and press Enter. Close Command console.
If your Desktop is empty, then click Start, type in Search field %UserProfile%\desktop and press Enter. It will open a contents of your desktop.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start System Check removal process. When disinfection is completed, a log will open in Notepad. Reboot your computer.
System Check may be bundled with TDSS trojan-rootkit, so you should run TDSSKiller to detect and remove this infection.
Download TDSSKiller from here and unzip to your desktop. Open TDSSKiller folder. Right click to tdsskiller and select rename. Type a new name (123myapp, for example). Press Enter. Double click the TDSSKiller icon. You will see a screen similar to the one below.
TDSSKiller
Click Start Scan button to start scanning Windows registry for TDSS trojan. If it is found, then you will see window similar to the one below.
TDSSKiller – Scan results
Click Continue button to remove TDSS trojan.
If you can`t to download or run TDSSKiller, then you need to use Combofix. Download Combofix. Close any open browsers. Double click on combofix.exe and follow the prompts. If ComboFix will not run, please rename it to myapp.exe and try again!
Your system should now be free of the System Check virus. If you need help with the instructions, then post your questions in our Spyware Removal forum.
System Check removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
System Check creates the following files and folders
%UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
%CommonAppData%\[RANDOM]
%CommonAppData%\~[RANDOM]
%UserProfile%\Desktop\System Check.lnk
%CommonAppData%\[RANDOM].exe
%Temp%\smtmp\
%Temp%\smtmp\1
%Temp%\smtmp\2
%Temp%\smtmp\3
%Temp%\smtmp\4
Note: %CommonAppData% is C:\Documents and Settings\All Users\Application Data (for Windows XP/2000) or C:\ProgramData (for Windows 7/Vista)
System Check creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\USE FORMSUGGEST = Yes
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CERTIFICATEREVOCATION = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONBADCERTRECVING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONZONECROSSING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\3\1601 = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\STATE = 146944
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\CONTROL\SESSION MANAGER\PENDINGFILERENAMEOPERATIONS = \??\%CommonAppData%\[RANDOM].exe
System Check removal – Video instructions
System Check is basically clone of Windows XP Repair, so you can use the video guide below to remove this malware.
Thank you so I thought I lost all my precious data. I am still however going to format my PC. I can never be sure something malicious wasnt left behind. Again thanks a billion for your magnificent guide. Keep up the good work please 🙂
I got hit by this bastard of a virus during work of all times.
Thankfully there are kind people like you who write up many virus removal guides for everyone to use. It’s become common sense to run MalwareBytes in safe mode at this point but it always helps to know what shifty things these viruses are doing.
AMAZING VIDEO.
I followed the steps precisely and removed the dreaded ‘System Check’ virus without a hitch.
Everything else should be this easy.
Thank you, thank you , thank you.
Hi. Thanks fir your website. I’m trying to follow the directions but like a user above I’m stuck at attrib. I’ve tried all variants of the -h /s /d but nothing is working. Can’t get past that stage. Help please.
Thank you so much! This was SO easy to follow!
All the files and short cuts on my desktop are now ghosting and transparent anyway I can restore them. And thanks for helping me get the thing off either way.
thank you soooo much this worked after trying many other things!! luckily all of my docs, etc are still there even though this thing made it look like everything was wiped out!
One of my users was almost crying because of this. Thanks to the solution above, we are good to go!
I cannot get into the Application Data folder. Get message C:\program data\application data is not accessible. Access is denied.
I just did all the steps and now my PC is free of System Check and working well. Thanks a lot for this post!
Here are some tricks I had to use to execute this fix.
I couldn’t do a search or run however I did have the network icon in the taskbar. Right click that and explore network locations brings up the ability to right click and explor my computer. Once explorer is up you can run the %allusersprofiles% and you can also rin the attrib command by creating a bat file and editting that to contain the attrib command and then double clicking it.
This article was great, thanks
All worked until I got to the tdss step…scan found nothing but screen still black and computer not fully restored. Any further steps recommended?
Thank you soooo much!!!! Was screwed and this worked perfectly!
I’m getting stuck downloading Malware.
Says…
The publisher could not be verified….Are you sure you want to run this software?
I click \Run\
It then pops a box with a red \X\ that says, \The setup files are corrupted. Please obtain a new copy of the program.\
Can anyone help me?
I got through step 15. After the reboot, I see only Malware bytes icon on the desk top. Also I have McAfee available. However nothing else works. I have lost the internet connection as well. Any ideas?
Thanks for your help.
I just did it and it worked…but all my files are gone. is that what’s supposed to happen?
Worked perfectly! Now I have to figure out how my 2011 System Mechanic Professional let it on my PC!
I have this same virus but now my computer won’t even turn on past the Dell screen. It goes to a black screen with a mouse clicking, as if it’s waiting for me to type. F8 doesn’t work, changing settings in F2 or F12 doesn’t work either. How can I get to my desktop?
Hi
Most of it I get to work .. but cant seem to get the users Destop back ?..
Can I be doing something wrong there ??
This worked well the first time. I only used it to stop program from running and then restored system files. Norton let the virus in but I hadn’t updated virus definitions in a while. I will be using this product also in the future.
Hi, I’m having trouble with step seven, I’ve gone through the entire process and when I reached step seven it did nothing, so I simply continued on to step eight, I’ve cleared my laptop of malware, but my desktop icons are all faded, half of my program shortcuts have disappeared from my desktop, my start panel doesn’t have any of my usually used programs on it automatically, my background had been changed to a black screen. Does anyone know how to solve my problem, I’ve tried redoing the step but nothing happens
I think the malwarebytes has removed the virus but step 7 ‘attrib -h /s /d’ hasn’t worked for me. the black window opens and runs through lots of stuff for ages but they mostly say access denied and the files/folders are still all hidden?? anyone know why this is?
Thank you sooo much!!
done all of this seems gone, but all my files and personal stuff is gone or hidden, how do I get it back?
Thanks ! worked great ! fought this for days til if found your solution !
got to the tdss part but this finds no results?? im assuming that theres no further issues after the malware whats his chops treatment lol i can still see the “system check” shortcut on desktop, do i just delete this?
Hi,
I’ve run through the full instructions which mostly worked. When I did step 7 access to all files was denied in the command console. Also after step 8 my desktop icons are functional but are faint compared with anything recently saved to desktop.
Any help?
The virus seems to be gone however I do not have any of my files. I was wondering if there was a way to find them. I would really appreciate the help. Thank you.
Are you still able to recover your desktop/shortcuts etc if you have managed to remove this painfull trojan from the system.
The Link in Step 17
“Download TDSSKiller from *here* and unzip to your desktop. Open TDSSKiller folder. Right click to tdsskiller and select rename.”
lead me to a zip that was infected!!!!(according to antivir)!!!!
That can’t be good!!
I got the tdss killer from the internet and it worked fine… It isn’t a zip but a download app
Please check whas’s going on here…
Tahnks for the rest of the instructions…
N.