System Check virus – how to remove it

System Check is a virus/trojan pretending to be a system diagonstics tool displaying fake errors. To recover them the user will be fooled to pay for the software. Whatever you do – do not pay for it! When infected, all icons on the desktop will be hidden and the only program in the Start menu will be the System Check tool. 

Computer infected with the System Check virus

I tried to follow the instructions here to remove System Scan virus. However, the virus seems to exist in a newer version where the Run and Search fields in the Start menu are disabled. Because of this I had to take a different approach. 

  1. Boot the computer on an operating system located on a USB stick. I used Ubuntu which can be booted and run from the USB stick without installing it on the harddisk. Then mount the Windows filesytem. If you are not used to Ubuntu Linux the same thing can be achieved by booting LiveCD or similar tool.
    Removing System Check virus
  2. On the Windows file system, change directory to Documents and Settings -> All users -> Application data.
  3. Find the files with a filename made up just by numbers or random characters. Change the extension from .exe to something not executable, like .xex. 
  4. Reboot back into Windows.
  5. Download MalwareBytes Anti-malware (MBAM) on another computer and save it to a USB stick. This is because on the infected computer, all programs are still hidden, including Run and Search.
  6. Move the USB stick to the infected computer. If the popup asking you what to do with the USB-stick shows up, select browse the USB stick. If it doesn’t automatically open, click on the Start menu button and right click in the programs menu (or where they normally should appear) and select browse. Browse your way to the USB stick. 
  7. Start the MalwareBytes Anti-malware and select Perform Quick Scan and click Scan.
  8. When the scan is finished click Remove Selected.
    Removing System Check virus
  9. Reboot the computer. 
  10. Now you can go back to this guide and follow step nr 7 (unhiding hidden files using attrib) and then go on with step 16 using TDSSkiller to search for rootkits.

 

 

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

fifteen − fifteen =