System Repair is a fake computer defragmenter and system analysis software which hijacks your computer, blocks Windows legitimate applications from running, presents various fake critical errors alerts that the computer’s hard drive is corrupt in order to frighten you into purchasing this useless application. It is a from the same family of malware as Windows XP Fix, Windows XP Repair, etc. So don`t trust anything that it will display you and remove this misleading application from your computer as quickly as possible!
System Repair Removal Instructions
Click Start, Type in Search field %allusersprofile% and press Enter (if you use the Windows XP, then click Start, Run and type a command in Open field). It will open a contents of “ProgramData” folder (“All Users” folder for Windows XP).
Windows 7 Fix hides all files and folders, so you need to change some settings and thus be able to see your files and folders again. Click Organize, select ”Folder and search options”, open View tab (if you use Windows XP, then open Tools menu, Folder Options, View tab). Select “Show hidden files and folders” option, uncheck “Hide extensions for known file types”, uncheck “Hide protected operating files” and click OK button.
Open “Application Data” folder. This step only for Windows XP, skip it if you use Windows Vista or Windows 7.
Now you will see System Repair associated files as shown below.
Basically, there will be files named with a series of numbers or letter (e.g. 2636237623.exe or JtwSgJHkjkj.exe), right click to it and select Rename (don`t rename any folders). Type any new name (123.exe) and press Enter.
You can to rename only files with .exe extension. Its enough to stop this malware from autorunning.
Reboot your computer.
Now you can unhide all files and folders that has been hidden by System Repair. Click Start, type in Search field cmd and press Enter. Command console “black window” opens. Type cd \ and press Enter. Type attrib -h /s /d and press Enter. Close Command console.
If your Desktop is empty, then click Start, type in Search field %UserProfile%\desktop and press Enter. It will open a contents of your desktop.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for System Repair infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start System Repair removal process. When disinfection is completed, a log will open in Notepad. Reboot your computer.
System Repair may be bundled with TDSS trojan-rootkit, so you should run TDSSKiller to detect and remove this infection.
Download TDSSKiller from here and unzip to your desktop. Open TDSSKiller folder. Right click to tdsskiller and select rename. Type a new name (123myapp, for example). Press Enter. Double click the TDSSKiller icon. You will see a screen similar to the one below.
TDSSKiller
Click Start Scan button to start scanning Windows registry for TDSS trojan. If it is found, then you will see window similar to the one below.
TDSSKiller – Scan results
Click Continue button to remove TDSS trojan.
If you can`t to download or run TDSSKiller, then you need to use Combofix. Download Combofix. Close any open browsers. Double click on combofix.exe and follow the prompts. If ComboFix will not run, please rename it to myapp.exe and try again!
Your system should now be free of the System Repair virus. If you need help with the instructions, then post your questions in our Spyware Removal forum.
System Repair removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
System Repair creates the following files and folders
%UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
%CommonAppData%\[RANDOM]
%CommonAppData%\~[RANDOM]
%UserProfile%\Desktop\System Repair.lnk
%CommonAppData%\[RANDOM].exe
Note: %CommonAppData% is C:\Documents and Settings\All Users\Application Data (for Windows XP/2000) or C:\ProgramData (for Windows 7/Vista)
System Repair creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\USE FORMSUGGEST = Yes
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CERTIFICATEREVOCATION = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONBADCERTRECVING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONZONECROSSING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\3\1601 = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\STATE = 146944
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\CONTROL\SESSION MANAGER\PENDINGFILERENAMEOPERATIONS = \??\%CommonAppData%\[RANDOM].exe
System Repair removal – Video instructions
System Repair is basically clone of Windows XP Repair, so you can use the video guide below to remove this malware.
Hello sorry to bother you but I got this virus and did the same thing. It worked and got rid of the virus but now almost all of my programs and files show up as see through rather than their normal solid versions and when I try and access essential files, my pictures for example. I cannot access the folder and almost every single file/folder on my harddrive is showing up as a icon you can see through. Can you help me fix this. Thank you.
Taylor, try to repeat the step 7 above.
Followed instructions and the virus is gone. However, Internet Explorer is not the same as it was. I was searching for these instructions in google just to make sure I followed them all. When I hover over the result that’s supposed to take me here, the status bar shows the correct link (www.myantispyware.com…), but when I click on it, I am redirected to all kinds of oddball sites–technetcast.com, shopica.com, bible.us, etc.
I’ve checked IE’s proxy settings and they look right (no proxy), and I’ve looked through the Manage Plugins and everything looks valid there, too. I could really dig in and start reading some http traffic, but maybe you guys know what I’m suffering from?
I used Safari on the same machine to get here, so I know it’s not the whole network system that’s been hijacked, not just IE.
Thanks.
Hi, thanks for your step by step help in getting rid of the virus. However, im facing the same issue as Taylor plus some of the folders like desktop, recycle bin still locked. i repeated the step 7 again and again and still to no avail. any other possible ways to solve this?
Could do every step except 7 (get access denied on files) different processes for windows 7 as well can be confusing
Hello, insructions worked great on my laptop. My exernal hard drive was connected at the time of corruption. I have checked the show hidden files box but they are showing as icons you can see through. Any ideas? Thanks
I have the same problem as above, and repeating step 7 solves nothing. I’m positive I’ve completely removed the virus and I know all my files are there, and most of them can be opened, but they are still transparent and I can’t run/open a lot of things (for example, when I run Minecraft it crashes and gives me an error report saying that access was denied to a critical folder). What should I do?? Thank you.
followed the steps. but my desktop is all white. though when i do step 8 i can see and use any desktop icon. but none of them are ON the desktop and normally right clicking on the desktop brings up a menu bar but that doesn’t appear. and my programms appear empty. internet works but its like its deleted all my software so my webcam doesn’t work, its even deleted the little games that come with the machene. unless its hidden them.
im a tad lost. if you wouldn’t mind giving me a hand, it would be very much appreciated =D
Hey all, i had the virus, got rid of it, and now i have the same problem with the see-thru files all over my laptop. also i have no documents folder anymore….any help?
System repair hid itself! I tried to open up the programdata folder and it is empty. I don’t know how to make it show itself.
I had to run attrib -s -h *.* /S /D under an elevated command prompt.