System Check is a malicious program which pretends to be a computer defragmenter and system analysis software. It is from the same family of malware as System Fix, Data Recovery, Master Utilities, PC Repair, System Repair, Windows XP Repair, Windows XP Fix, etc. It is promoted and installed itself on your computer without your permission and knowledge through the use of trojans or other malicious software. Moreover, the scammers may also distribute System Check on Twitter, My Space, Facebook, and other social networks. Please be careful when opening attachments and downloading files or otherwise you can end up with a rogue program on your PC.
When System Check is installed, it will perform a fake scan of your computer then tells you it has found numerous critical errors. Next, it will prompt you to pay for the fake software before it “repairs” your machine of the problems. Of course, all of these errors are a fake. So, you can safety ignore the false scan results.
While System Check is running, it will block legitimate Windows applcations on your computer and won’t let you download anything from the Internet. Moreover, it will display various fake critical errors alerts that the computer’s hard drive is corrupt in order to frighten you into purchasing this useless application. Some of the fake errors are:
The system has detected a problem with one or more installed IDE / SATA hard disks.
It is recommended that you restart the system.
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
Critical error
Windows can`t find disk space. Hard drive error.
System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Windows – No Disk
Exception Processing Message 0×0000013.
Of course, all of these warnings are a fake. This is an attempt to make you think your computer in danger. Like false scan results you can safely ignore them.
As you can see, obviously, System Check is a scam, which created with only one purpose – to steal your money. Most important, don`t purchase the program! You need as quickly as possible to remove the malicious software. Follow the removal instructions below, which will remove System Check and any other infections you may have on your computer for free.
Use the following instructions to remove System Check infection
Click Start, Type in Search field %allusersprofile% and press Enter (if you use the Windows XP, then click Start, Run and type a command in Open field). It will open a contents of “ProgramData” folder (“All Users” folder for Windows XP).
System Check hides all files and folders, so you need to change some settings and thus be able to see your files and folders again. Click Organize, select ”Folder and search options”, open View tab (if you use Windows XP, then open Tools menu, Folder Options, View tab). Select “Show hidden files and folders” option, uncheck “Hide extensions for known file types”, uncheck “Hide protected operating files” and click OK button.
Open “Application Data” folder. This step only for Windows XP, skip it if you use Windows Vista or Windows 7.
Now you will see System Check associated files as shown below.
Basically, there will be files named with a series of numbers or letter (e.g. 2636237623.exe or JtwSgJHkjkj.exe), right click to it and select Rename (don`t rename any folders). Type any new name (123.exe) and press Enter.
You can to rename only files with .exe extension. Its enough to stop this malware from autorunning.
Reboot your computer.
Now you can unhide all files and folders that has been hidden by System Check. Click Start, type in Search field cmd and press Enter. Command console “black window” opens. Type cd \ and press Enter. Type attrib -h /s /d and press Enter. Close Command console.
If your Desktop is empty, then click Start, type in Search field %UserProfile%\desktop and press Enter. It will open a contents of your desktop.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start System Check removal process. When disinfection is completed, a log will open in Notepad. Reboot your computer.
System Check may be bundled with TDSS trojan-rootkit, so you should run TDSSKiller to detect and remove this infection.
Download TDSSKiller from here and unzip to your desktop. Open TDSSKiller folder. Right click to tdsskiller and select rename. Type a new name (123myapp, for example). Press Enter. Double click the TDSSKiller icon. You will see a screen similar to the one below.
TDSSKiller
Click Start Scan button to start scanning Windows registry for TDSS trojan. If it is found, then you will see window similar to the one below.
TDSSKiller – Scan results
Click Continue button to remove TDSS trojan.
If you can`t to download or run TDSSKiller, then you need to use Combofix. Download Combofix. Close any open browsers. Double click on combofix.exe and follow the prompts. If ComboFix will not run, please rename it to myapp.exe and try again!
Your system should now be free of the System Check virus. If you need help with the instructions, then post your questions in our Spyware Removal forum.
System Check removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
System Check creates the following files and folders
%UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
%CommonAppData%\[RANDOM]
%CommonAppData%\~[RANDOM]
%UserProfile%\Desktop\System Check.lnk
%CommonAppData%\[RANDOM].exe
%Temp%\smtmp\
%Temp%\smtmp\1
%Temp%\smtmp\2
%Temp%\smtmp\3
%Temp%\smtmp\4
Note: %CommonAppData% is C:\Documents and Settings\All Users\Application Data (for Windows XP/2000) or C:\ProgramData (for Windows 7/Vista)
System Check creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\USE FORMSUGGEST = Yes
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CERTIFICATEREVOCATION = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONBADCERTRECVING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONZONECROSSING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\3\1601 = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\STATE = 146944
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\CONTROL\SESSION MANAGER\PENDINGFILERENAMEOPERATIONS = \??\%CommonAppData%\[RANDOM].exe
System Check removal – Video instructions
System Check is basically clone of Windows XP Repair, so you can use the video guide below to remove this malware.
Hey whenever I do the attrib -h /s /d it does it all but then keeps saying access denied
hey whenever i do the attrib -h /s /d it works but when it attempts to do it all i get is a bunch of access denied help
Thank you so much for your help!
I just have one remaining problem – I’m on Windows 7, and after completing this process a whole lot of my personally created files (my Japanese study folder, for instance) are remaining invisible and my USB ports stopped working.
Any advise?
It so help me , you saved my day, thanks a lot!!!
This virus got me good! I have almost everything back to “normal” except when I try to unhide my files. At first I had problems with the attrib -h /s /d then I saw another comment and I added the spaces. When i do that though it states that “access denied” is there any way around this?
Thank you so much for the tutorial. It worked for me. However, my screensaver is black, has not returned to normal, and when I try to put another image it says access denied. What do I do? Is something still wrong with my computer? thank you
Thanks a lot. You are the best, this method helped me to resolve remove system check. Met few document went to hidden file, but following this steps I got all back n remove virus.
Thanks so much!! My only problem is I can’t reverse the hiding of my files. When I do the attrib -h /s /d it says access denied! I’m logged in as an administrator…any ideas?
Thank you so verry much for this solution. I don’t believe i have ever read a solution written so well. Thanks again.
thank you very much sir for this post.. it really helps a lot..
Thanks alot. I found the responsible files on my own but I couldn’t delete them until it stopped itself. Then when I deleted it and rebooted, it came back as a differnt name… I kept loosing sleep over the problem until I found this site and discovered that if you rename the file it won’t auto run… can’t believe I didn’t think of that myself. Thanks for the info! 🙂
i dont know how to thank u
thanx a lot
that saved me
THANX A bilun times
thanks very very much….really, its work on my computer, and i do as you told.its really very very wonderfull.oohh God you save my pc.i dont know how much iam happy to get my pc back.i dont know how can i thank to you..God bless you.
I have the same problem as Cynde C. I am logged in as the privileged user and I’m getting access denied with the attrib command. My C drive only shows the Users and ProgramData folders. This is really annoying. Any other tips? pwoznic@gmail.com
I’m doing the step of updating the MBAM….There is a message that the copy of Windows is not genuine… My copy is genuine… will this problem persist after the scanning is complete…Plz reply quickly
thanks alot
this is my 2nd note too you. i relly happy to get my pc back but there is still, one problem.I can’t reverse the hiding of my files. I also done as you told on your site like, the attrib -h /s /d. any suggestion please shre with all of us.
hello there
This is my 3rd comments.befor in my comments i told you about not reversing my hided file. now i am glad to say that i got them back.you know…? before i dint wait cmd to complete his processing.now i got , that we have to let cmdcomplete its processing.i have seen you videos 3/4 times then i am able to understand.
thannks alot again
THANKSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
I have done the steps, installed both Malwarebytes and TDSSKiller. Malwarebytes came up with 5 infected items. I got rid of those and rebooted. TDSSKiller didn’t come up with anything. I ran the full scan of Malwarebytes and came up with nothing. I went back to Organize files and folders and redid that. Then I went into the cmd black window and did those steps and I am getting some crazy \access denied\ and all that jazz. My files are still hidden. Help!
Thank you very much for this helpful walk through. I have one quick question about restoring my Start Menu. There might be a simple solution to getting it back to the way it was before the problem. Any thoughts would be appreciated.
Nevermind, I just went ahead and did it manually. Thanks.
I spoke too soon about the start menu. The few folders I have in the program area are blank when I try to open them. I can access them other ways, but I was hopeful to get it back to “normal”. Thanks again.
I followed your instructions and they removed thevirus. Also, ran my BitDefender and it caught 49 issues @5 trojans. However, I have two remaining issues. Internet Explorer 8 icon (program launch) is missing. I can still access it with saved short cuts. Any thoughts? Also,my data files which are on separate drives (D&I)are showing as “hidden files and folders”. If I go to C:\Documents and Settings\All Users and uncheck “show hidden files and folders” they disappear in explorer. The only way I can access them is to have the check in “show hidden files and folders”. Is there anyway to correct this problem?
Hi,
attrib -h /s /d gives me access denied message. Any help?
Help me please!! I have tried removal of this several times over. Both malwarebytes and spydoctor pickup nothing. tdsskiller did remove some threats, however, when I run my system configuration I see a virus! It’s located in c:\ProgramData\niEJngRwieOhYh.exe. When I go to Program Data, it’s not there. I did stop it from running upon startup, but my computer is just not acting right. Can not get this off, please help!
I have went through these instructions step-by-step several times. The first time, malware bytes got rid of what I thought was the entire system fix virus, however, computer was still not acting right. After running performance scan and looking at system configuration I found this and promptly stopped it from running during start-up c:\ProgramData\niEJngRwieOhYh.exe. I have tried everything I know to remove it, but I am not successful. i know that my computer is still not running correctly and really would appreciate any help. Also, when I look in Program Data, the , 123.exe, 124.ex. & 125.exe files are still there (the ones you suggested to rename) and I can not see the niEJngRwieOhYh file. I just am at a loss on what to do to get rid of this.
I believe I have been attacked by this but I can’t get anything to show up on my start menu. It seems to have left me with only the internet explorer, notepad, system check. I do have the ability to get on my system configuration utlity though. Can I do anyhting with that?
thank you it worked. but when i click on programs evrything is empty how do i get that back?
hi guys.. you have done a great job.. thanks a ton.. but even i am not able to unhide the files.. plz help..
My workplace managed to get this – it appeared on one computer first, then another, then another.
Not all used by the same people or at the same time.
Any info on if this thing is capable of going around a network or is our server likely infected?