System Check is a malicious program which pretends to be a computer defragmenter and system analysis software. It is from the same family of malware as System Fix, Data Recovery, Master Utilities, PC Repair, System Repair, Windows XP Repair, Windows XP Fix, etc. It is promoted and installed itself on your computer without your permission and knowledge through the use of trojans or other malicious software. Moreover, the scammers may also distribute System Check on Twitter, My Space, Facebook, and other social networks. Please be careful when opening attachments and downloading files or otherwise you can end up with a rogue program on your PC.
When System Check is installed, it will perform a fake scan of your computer then tells you it has found numerous critical errors. Next, it will prompt you to pay for the fake software before it “repairs” your machine of the problems. Of course, all of these errors are a fake. So, you can safety ignore the false scan results.
While System Check is running, it will block legitimate Windows applcations on your computer and won’t let you download anything from the Internet. Moreover, it will display various fake critical errors alerts that the computer’s hard drive is corrupt in order to frighten you into purchasing this useless application. Some of the fake errors are:
The system has detected a problem with one or more installed IDE / SATA hard disks.
It is recommended that you restart the system.
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
Critical error
Windows can`t find disk space. Hard drive error.
System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Windows – No Disk
Exception Processing Message 0×0000013.
Of course, all of these warnings are a fake. This is an attempt to make you think your computer in danger. Like false scan results you can safely ignore them.
As you can see, obviously, System Check is a scam, which created with only one purpose – to steal your money. Most important, don`t purchase the program! You need as quickly as possible to remove the malicious software. Follow the removal instructions below, which will remove System Check and any other infections you may have on your computer for free.
Use the following instructions to remove System Check infection
Click Start, Type in Search field %allusersprofile% and press Enter (if you use the Windows XP, then click Start, Run and type a command in Open field). It will open a contents of “ProgramData” folder (“All Users” folder for Windows XP).
System Check hides all files and folders, so you need to change some settings and thus be able to see your files and folders again. Click Organize, select ”Folder and search options”, open View tab (if you use Windows XP, then open Tools menu, Folder Options, View tab). Select “Show hidden files and folders” option, uncheck “Hide extensions for known file types”, uncheck “Hide protected operating files” and click OK button.
Open “Application Data” folder. This step only for Windows XP, skip it if you use Windows Vista or Windows 7.
Now you will see System Check associated files as shown below.
Basically, there will be files named with a series of numbers or letter (e.g. 2636237623.exe or JtwSgJHkjkj.exe), right click to it and select Rename (don`t rename any folders). Type any new name (123.exe) and press Enter.
You can to rename only files with .exe extension. Its enough to stop this malware from autorunning.
Reboot your computer.
Now you can unhide all files and folders that has been hidden by System Check. Click Start, type in Search field cmd and press Enter. Command console “black window” opens. Type cd \ and press Enter. Type attrib -h /s /d and press Enter. Close Command console.
If your Desktop is empty, then click Start, type in Search field %UserProfile%\desktop and press Enter. It will open a contents of your desktop.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start System Check removal process. When disinfection is completed, a log will open in Notepad. Reboot your computer.
System Check may be bundled with TDSS trojan-rootkit, so you should run TDSSKiller to detect and remove this infection.
Download TDSSKiller from here and unzip to your desktop. Open TDSSKiller folder. Right click to tdsskiller and select rename. Type a new name (123myapp, for example). Press Enter. Double click the TDSSKiller icon. You will see a screen similar to the one below.
TDSSKiller
Click Start Scan button to start scanning Windows registry for TDSS trojan. If it is found, then you will see window similar to the one below.
TDSSKiller – Scan results
Click Continue button to remove TDSS trojan.
If you can`t to download or run TDSSKiller, then you need to use Combofix. Download Combofix. Close any open browsers. Double click on combofix.exe and follow the prompts. If ComboFix will not run, please rename it to myapp.exe and try again!
Your system should now be free of the System Check virus. If you need help with the instructions, then post your questions in our Spyware Removal forum.
System Check removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
System Check creates the following files and folders
%UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
%CommonAppData%\[RANDOM]
%CommonAppData%\~[RANDOM]
%UserProfile%\Desktop\System Check.lnk
%CommonAppData%\[RANDOM].exe
%Temp%\smtmp\
%Temp%\smtmp\1
%Temp%\smtmp\2
%Temp%\smtmp\3
%Temp%\smtmp\4
Note: %CommonAppData% is C:\Documents and Settings\All Users\Application Data (for Windows XP/2000) or C:\ProgramData (for Windows 7/Vista)
System Check creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\USE FORMSUGGEST = Yes
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CERTIFICATEREVOCATION = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONBADCERTRECVING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONZONECROSSING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\3\1601 = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\STATE = 146944
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\CONTROL\SESSION MANAGER\PENDINGFILERENAMEOPERATIONS = \??\%CommonAppData%\[RANDOM].exe
System Check removal – Video instructions
System Check is basically clone of Windows XP Repair, so you can use the video guide below to remove this malware.
Thanks a ton for this tutorial. Just fixed the gf’s computer, although we still don’t know where the virus came from. Only problem afterward is that the icon from system check is still on the desktop, and the .ink is now in the quick taskbar, but a full scan from malwarebytes may take those away, if not a simple delete, just don’t know if these are the only remnants.
Also on the start menu, under all programs (vista), very few if any of the program folders have info in them, although I can access the programs through folder navigation.
Do you know if this program creates a .tmp on the desktop as well? Because there’s a suspicious one on the cleaned computer that doesn’t google (probably random name assignment). But again, thanks a ton for this!
This worked for me. Thank you!!
This was much more comprehensive than other solutions out there. I guess they were written with older strains in mind.
I did this but my desktop is still black and program shortcuts are not showing in start menu. Do you know how I can reset my computer back the the personalization? Thank you!
I’m getting stuck at the attrib -h/s/d part any hlep? it says invalid switch
It’s worked >>>>>>>>>>>>>
thanks>>>
i am so glad to help me
This worked for me as well. However I had a really hard time getting my desktop files back to normal – even though everything appeared after unhiding the files, all icons appeared greyed out. Very odd.
i cannot change some of these exe files in the early steps due to ‘being currently used’ apprently.. total bs. i wanted to change any files (5) that were made in the app data fold the same date/time & cant change em all. theres 4 of the xp security icons in the right toolbar. it also wont let my monitor load the windows screen, or anything at that, from any shut down/standby/etc method most times i try. pretty fuckin disgusting. please help to get thru ur seemingly detailed process that i dont doubt works. thx
JSM, you need add a space between ‘-h’ and ‘/s’ and ‘/d’
This worked for me. Thank you!
I am not particularly computer savvy but I followed the instructions and voila.
The other sites and suggestions did not work for me.
With regard to the second comment above about the attrib -h/s/d part, I had trouble with that also but when I cut and pasted exactly as it is in this dialogue it worked.
This virus locked out the Application data folder and I can’t open it. It also did it to a few more folders including the desktop folder. I’ve tried it all except for combofix. But I am about to do that now. Please help me with the locked out folders.
this didnt work at all. my desktop looks worse then it did when i started
You can also system restore to before the infection to unhide all of th folders/files. It works a lot better.
Patrick, I added the spaces and the command said
Not resetting on all lines.
What now?
ok, i need help, i followed all instructions…and this stupid system check thing keeps popping up :0(
I’ve done what you said step by step until 15. 16-19 it didn’t find tdss trojan rootkit. Now I can see my files and folders again – THANK YOU!!! 🙂
but they are shaded, like how system files are shaded. New files that I just saved appear normal, but old ones are shaded.
My old favorites do not appear on ie. When I save a new page in the favorites, it does show, but the old ones are just not there.
what should I do? Am I missing something?
Thank you so much for the help! I got worried because of this stupid virus!
Your instructions worked perfectly.
You should include that if there are multiple users of computer, the scan needs to be run by each user.
(the desktop will be empty if this needs to be run)
Dear Sir/Madam,
your steps helped me remove the virus but I have lost my picture/video/ and any folders I had created on my desktop. The disk is full as it was before the virus infection but now after removal I cannot see my picture/videos folders.
I ran attrib -h /s /d but it keeps saying “Access denied” to all the lines.
I am using Vista and am logged in as Administrator.
Could you please help?
sincerely
Anand
I am also getting stucked with attrib -h /s /d.
It says access denied.
I think it worked ok with the instructions, and virus is now off. Only, I cannot see anymore the icons that previously appeared above the search bottom when clicking the windows 7 bottom at the left down screen corner. Only the icon for internet explorer appears on top, but otherwise is blank, any more icons are there. Is there any way to recover them again? Many thanks!!
in my startmenue all the folders are empty! How is that possible?
Problem in my previous post is already solved!!
THANK YOU! This worked perfectly. There was a moment there where I thought all my files were gone but kept following the steps and by the time the “attrib -h /s /d” part was complete they were all restored again
ive done all this and i think its removed, however alot of my files are still “hidden” my start menu doesnt show them and my desktop items are faded, anyway i can get everything back to its normal state? id be happy to send a screen shot if i havent explained everything clearly
pretty good job,man, it helped,thank you, but…the folders and files are after all still marked like hidden…if I uncheck “show hidden files and folders”, I can´t see them again…what´s wrong?
I did all the steps. It did unhide my desktop and stop the fake prompts from the virus. However, my start up menu is still empty and my shortcuts are not showing. System check is still showing up as a folder in the program menu.
I feel like I missed a step.
Any thoughts?
I ran through everything and got the malware removed, but when I do the step to try to unhide everything, it runs through all of my files in command prompt and says acess denied on everything. So, everything is still hidden. Apparently, something is sill screwy.
I completed all of the steps above, however the unhidden system check icon is still on my desktop and the renamed files are still there as well
BIG help thank you.
Thanks for this, but what do i do if I am running Windows XP and do not have a search bar in the start menu? Some of the steps do not seem possible without this search bar. Thanks
Hi,
Thank you for this info. It is great!
I have a couple of questions:
1) I cannot see my programs under “All Programs”. I see folders but they all say empty
2) I cannot open pictures on a drive that I created out of a partition. My docs open but not pictures. They are there for me to see but when I click on them they say no files.
Do you have any ideas how to fix these issues?
Thanks a bunch for the time you have put into explaining fixes to this aggravating virus.