Demand for System Check virus removal increases

 

By Posted 23 Jan 2012, 13:15

Just after Christmas we started hearing about a new virus which was affecting Windows-based PCs, this is known as ‘System Check’ and it almost looks like a genuine program, however it is in fact malware which tries to trick you into purchasing unneeded dodgy applications. The good news is that the infection is pretty easy to remove, so for now ignore the fake messages such as: “Hard drive clusters are partly damaged. Segment load failure” and sit back and relax while we point you in the direction of some great removal guides.

Before we get started we will talk about this particular infection a little, once infected by System Check the program tricks you into thinking it is a genuine utility which is reporting legitimate problems with your computer, however it is scareware which tries to fool you into activating the “fully-functional” version of the software, by doing this you wasting roughly $40 and are at risk of having your bank account details compromised So don’t fall for the scam!

Below we have embedded a graph which shows just how much of a jump Google search has seen for the terms “System Check virus”. As you can see it first began to spike on December 27-28 and since then has been searched a lot by people around the World (especially in the United States), this shows just how far the infection spread and how many people have searched for information on how to remove it.

If you head over to BleepingComputer you can see a full removal guide, the process is pretty simple, just follow the instructions in full and you should be infection free within an hour or so, to summarize you must start your computer in “Safe Mode with Networking”, download and run rKill, download and run iExplore.exe, download and install Malwarebytes’ Anti-Malware and then update it and run a full system scan, once complete remove all of the infections the scan finds and restart your PC – you should now be infection free.

We have embedded a video below which we found over at YouTube, this shows you how to manually remove System Check, however in some cases the infection may disable such methods from working – the best thing to do is read Bleeping Computer’s removal guide in full and do exactly what they say.

Did this help you remove System Check from your computer? If you are still experiencing problems why not leave a comment below and the PR community may be able to help you…

  • A. White

    I was infected by System Check yesterday from a driveby download. It dodged Malwarebytes and AVG until on chance AVG (that let the virus in in the first place) happened to catch the random-named exe trying to connect to the internet and forcefully removed it. Still doing damage analysis and repair. Definitely the nastiest virus/malware I’ve encountered but luckily I didn’t get the strain with the TDSS rootkit. 

    • http://twitter.com/Jam1ePert Jamie Pert

      lots of AV solutions have trouble with these sort of infections for some reason

  • Christy

    I can’t get the task manager to stay open therefore cannot delete the files in the ProgramData folder.  Any suggestions?

    • guest

      Search for a program called unhide.exe on bleeping computer.  The virus moves all your shortcuts to a temp directory, so you’ll need to move it back. Easy to do this by running unhide. It took me like a good 10 mins for this program to run but once it finished running, all my icons and links showed up fine. Good luck!!

    • http://twitter.com/Jam1ePert Jamie Pert

      in that case follow Bleeping Computer’s guide, not the video. Basically start in Safe Mode with Networking and then install MalwareBytes and update the program and run a full scan removing anything you find 

  • Graham

    Just finished trying to expunge this little blighter.

    It almost completely bricked my computer until I restarted and used built in system diagnostics to load a system restore point from a few days ago.  That seemed to kill entries it had in startup.

    I’m halfway through running Malwarebytes and have found nothing.  I’ve also run Spyware Doctor and found nothing.

    It made a few of my personal documents invisible, but I’ve not observed any other damage.

    I really hope it didn’t get into my Firefox saved passwords directory.

    System Restore seems to have killed it.

    • http://twitter.com/Jam1ePert Jamie Pert

      make sure you update Malwarebytes before running a full system scan

      • Graham

        I’ve done so.  The only thing that is mildly concerning me is I was unable to run the TDSSKiller utility that many have recommended as part of the removal.  This is either because I have a 64-bit system, or because it loaded some sort of rootkit malware.

        I have downloaded the very latest version of TDSSKiller from Kapersky and that will run.  I will scan with it after Malwarebytes finishes.

        • http://twitter.com/Jam1ePert Jamie Pert

          are you in safe mode, did you run rkill or iexplore before trying the removal, these tools kill background processes which are associated with the infections and block full access to the pc and applications

        • Graham

          Initially I was in safe mode, and I ran RKill.  It found nothing, but I was unable to update Malwarebytes.

          When I restarted to normal mode it seems to system restore killed enough of the infection to enable me to download a working copy of malwarebyes and TDSSKiller.  Both of those found one threat when ran.

          Now I’m just updating AVG and am going to run another anti-virus and anti-malware scan overnight just to be sure I got it all.

          Tomorrow I will make a start on changing my most sensitive passwords as a precaution.

          You know, there were several things I wanted to do this evening.  Un-bricking the computer wasn’t one of them.

    • A. White

      You were lucky. I wasn’t able to run System Restore since it hung on “Initializing” so I had to go the long route. 

      From my research, if you’re able to update MBAM, visit BleepingComputer, and none of your browser activity is getting redirected then you 9 times out of 10 don’t have TDSS. The rootkit blocks MBAM and other software from updating and blocks access to known computer help sites like BleepingComputer. Another symptom is that it redirects your Google search results to a random page. 

  • Annie white

    A good explanation.And this helped ma a lot…

  • Anonymous

    My task manager won’t come up and system check has hidden itself on my desktop and search bar… help!

  • Fifi61

    Its not as easy to remove as it states.  I have been doing the steps on and off for four days and it keeps coming back.  It’s been hijacking my browser and it hides your programs and everything that appears in your start button and your “all programs” area.  I suggest you “dock” explorer or whatever browser you use on your system tray (bottom toolbar) as that is the only way I could access the internet to download the fixes.  It is BRUTAL and does come back.  I’m finally virus free, but it was a long drawn out process to get here.  Spring for the best anti-virus out there — its worth it.

  • Fifi61

    Its not as easy to remove as it states.  I have been doing the steps on and off for four days and it keeps coming back.  It’s been hijacking my browser and it hides your programs and everything that appears in your start button and your “all programs” area.  I suggest you “dock” explorer or whatever browser you use on your system tray (bottom toolbar) as that is the only way I could access the internet to download the fixes.  It is BRUTAL and does come back.  I’m finally virus free, but it was a long drawn out process to get here.  Spring for the best anti-virus out there — its worth it.

  • Wijems_woman

    None of the steps are helping so far…I’ve ran everything, done the show hidden files….nothing is working

  • Ben

    @c1733d2e1780f198342138b5ce976316:disqus 

    There’s a program running around called “Unhide.exe”. If you run that, you’ll get your stuff back. You might also need to delete the “HideTaskMgr” data entry from the registry.

  • Chopec79

    I used a jump drive and installed malewarebytes in safe mode. I had to run it a few time because for some unknown reason when I rebooted and was not deleting the 3 main ones. Once I got it clean I went to bleeping computer and copied over unhide.exe to my jump drive from the page for the system check virus and ran it on my pc that was infected. It brought everything back. The only issue I am having is firefox not working right. I am going to unistall and reinstall that. Thank you for this page and thank you for bleeping computer. Freaking life saver!!!!

    • Chopec79

      And I was not able to run system restore or any windows tools. That is why I had to go this route

  • John Hannah

    I just got this turd yesterday.  My machine is a dual core running XP with AVG, Malware, Zone Alarm and other stuff and not one caught it.   I can’t get the machine to boot in safe mode,  I tried putting IExplore on a flash drive, but could not get it to run using Run with keyboard shortcut.  Can’t get access to computer or C drive or apparently any other drive.  Start window only has two icons in it.  The main System Check screen won’t close.  Ctrl+Alt+ Del does not work.  Can’t get at Control Panel or any way to run restore.  All my shortcuts are gone.  I can’t figure out any front door or back door way to get my machine to respond to my commands of any sort.  It is dead meat.  I had been looking for a different computer but that would mean reinstalling a ton of software plus right now I don’t know how I would get my data moved over.  This thing is way beyond me as I’ve tried all the stuff like this site posts and nothing works.  To make it worse I live out in the boondocks and there isn’t much help here, paid or otherwise.