C'mon guys, this malware (not a virus) comes bundled with a rootkit. It hides certain files and blocks genuine antivirus software (in safe mode too). Your suggestions are pretty much useless. First of all, do not delete any files from your computer manually, especially those located in Temp folder.
Basically you have two options: register rogue program using debugged reg key or use Rkill.exe + Unhide.exe from bleeping computer to stop the rogue program and restore missing files. And only then you can run anti-malware software to remove System Check malware.
1. Open System Check malware.
2. Click link "Click here to activate full functional version"
3. Enter made up email and this reg key 1203978628012489708290478989147. Click activate.
Now, the rogue program will supposedly fix found errors and restore missing icons/files. At this point, download Malwarebytes or any other antimalware software and run a full system scan. Once finished, run TDSSKiller to make sure your PC is rootkit free http://support.kaspersky.com/downloads/utils/tdsskiller.exe
Finally, as many rogues and other malware are installed through vulnerabilities found in out-dated and insecure programs, UPDATE WINDOWS AND other software.
I hope this helps. Peace!
Ah Myke -- if only I had read your post before other forums. I have successfully manually removed both the root kit (using TSSDkiller) and the infection (manually, but checked with Malwarebytes after AVG free failed to find it). But in doing so, following another set of instructions, it appears I erased the links to the programs and control panel:administrative tools. The applications will still launch (MS Word opens with a double-click on a Word doc), but the links to the programs and their folders from within the start menu are hosed.
Reading a lot more, it looks like those links get moved from their original place to the %Temp folders created by System Check. Those I manually tossed. Bummer. How do I recreate those links and put them in the right places for the Programs menu and Administrative Tools menu to see them?
I suspect your instructions below would have been a better way, but the only way into the computer was using AVG's boot disk ISO and it didn't catch the root kit. Midnight commander is amazingly powerful, particularly in dumb hands like mine.
Suggestions or tutorial on something that is probably really basic such as making and moving links to the right spots would be much appreciated. Thanks.
I have researched some anti-virus applications that can remove this type of virus. My personal opinion is that AVG is quite powerful anti-virus tool that can protect you from virus aggression and penetration of malwares like System Check. In addition, I would recommend you to scan your computer with programs like Malwarebytes' Anti-Malware. This is a program with totally free version available. But you will have the problem of not seeing any icons on your desktop necessary to download Malwarebytes. Here is a good guide how you can actually download security software - http://www.how2removevirus.com/system-check-virus-elimination/
System check seems removed. missing personal files (desktop, user files. etc.)..
Hey, I'm dealing with this damn system check malware thing.
I installed AVG free and it removed 7 threats. I restarted my computer then tried the TDSS killer as mykee said.
I then tried downloading the ZIP as AVG said to. i did at first accidently click on the AVG_OSfix.vbs first then the realised i started the wrong one first. so i done the Fix_disabled_desktop.reg then the ABG_OSfix.vbs.
Rebooted computer and nothing happened. tried one more time by doing the .reg then the .vbs and rebooted again and still nothing. Missing my desktop items and a few 'start' items too. every now any then something pops up for like .5 of a second that says 'catalyst control' or something. couldn't read it fully. it closes and nothing seems to happen.
Could i please get some help on this issue. I'm running windows 7.
System check is a virus, do not accept any of their terms and conditions, scan your computer, give them personal details or pay them money.
Often with system check, your computer will say things such as “warning critical error your system needs to be scanned etc.”
The system has detected a problem with one or more installed IDE / SATA hard disks.
It is recommended that you restart the system.
A critical error has occurred while indexing data stored on hard drive. System restart required.
Windows can`t find disk space. Hard drive error.
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Windows – No Disk
Exception Processing Message 0×0000013.
IGNORE them! They are fake and your computer is fine (except for the system check virus of course). Also when you click on the start menu all your icons are gone i.e my documents, my computer etc. do not stress, there’s a way to get to them!
This is how I removed the virus:
Step 1: Access the Task Manager
Usually the system check virus completely blocks the use of task manager so you usually can’t access it by pressing “alt + ctrl + delete” or “right-click on desktop > task manager” so you have to do it another way.
The other way is to double click on the recycle bin > on the left hand side click on my computer > access the C:/ drive (or whatever your hard drive is) > on the left side click search for files or folders > all files and folders > search “system32” I the local hard drive > once you have found the folder, open it > search for “taskmgr” > right click on “taskmgr” and copy, paste it onto the desktop > change the file name to “iexplorer” > double click “iexplorer” and you will have access to the task manager.
Step 2: Deleting the active program “System Check” from running
Once the task manager is opened, go to processes (at the top) and then search for a process called something like “epzgmrqx2o4EnC.exe” or something similar like “fjdsidmdos” anything that looks like that > highlight it and then click end process > it asks you “Are you sure you want to end? It could cause the system to crash etc” click yes > the stupid system check should close from your desktop and all those “warning error!” from the bottom right should also stop.
Note: if this doesn’t work, just go to “application” instead of “processes” and close the system check program by clicking “end now”.
Step 3: Removing the System Check files
There should be a “System Check” icon on your desktop. Right click > properties > open file location (vista and 7) or it should say “find target” (xp) > delete all the files that are named “epzgmrqx2o4EnC” or “fjdsafisdf” whatever, but they should all be the same name and there should be 4 files.
NOTE: if you cannot find these files it is because they are hidden. Go tools (at the top) > folder options > view > hidden files and folders > show hidden files and folders.
Once those files are deleted, send your “System Check” shortcut icon from your desktop into the recycle bin.
Remove “System Check” from the start menu. Start > System Check > Right Click > remove from the list. (the shortcut list that’s usually on the left hand side).
Remove “System Check” from the start menu. Start > All Programs > System Check > Right Click > Delete > Yes I want to delete.
Step 4: Removing the System Check from the regedit.
Go to the search toolbar (usually found in the start menu). If you cannot find the search button double click on the recycle bin > my computer > C: drive > search for files and folders.
Type in the search “regedit” and then a window called “Registry Editor” should pop up. Click on “HKEY_CURRENT_USER” > Software > Microsoft > Windows > Run
Under the “Run” folder some files should pop up. From the files you have deleted earlier, it should have a similar name like the “epzgmrqx2o4EnC” examples shown above. The name should be consistent throughout your computer, for example you shouldn’t get “epzgmrqx2o4EnC” and then another file saying “dsiodsandsalcs7657”.
To double check that it is the right file you are deleting, check these attributes:
1. Same name as the files you have deleted.
2. Under “Data” it should have the exact same location as the files you deleted in step 3 so either program data (vista and 7) or application data (xp).
3. Is an “.exe” file
After you have double checked that it is the right file, go ahead and delete it. It will say something like are you sure you want to delete this, it may cause yada yada, just delete it.
Step 5: Restarting the computer/laptop
Close all your programs and restart your computer. Logged under the same user, log on and check if the system check is really gone. You will know when it is gone, when it is no longer popping up randomly on your desktop and your computer no longer says “error!” etc.
If it is still popping up again, go back to steps 1 and try again (I had to do it twice to actually delete it).
Step 6: Deleting the files from the recycle bin.
ONLY go to the step, once you are sure that the virus is no longer infecting your computer and the system check window isn’t popping up anymore.
Restart your computer again.
Go to the recycle bin and delete the little buggers that cause you so much trouble (oh the relief!)
And then your computer should be free of that damn System Check virus.
I hope this works for you and remember don’t download anything unless you know you can trust the website/person sending the email otherwise if it’s not a safe site, it could automatically install viruses on your computer like System Check did to yours!
This is where I got the information from, check out the youtube video: