Computer malware called “System Check” will act like a virus when it is loaded on one’s computer. It is crucial to remove this bogus software at once to avoid more damages it may cause to an affected system.
System Check is a fraud program that originates from a large family of fake hard drive tools. This program is a clone of Windows Error recovery and Win 7 Fix. Rogue developer maintains the core of this rogue product and changes the skin to publish a new version. Name modification is also in the process to give victims a fresh new misleading application.
Malicious web sites will distribute System Check virus in a way that visitors can acquire it without an effort. Running a script each time a web site sense a visit will automatically download and install the rogue application without user’s involvement.
Authors behind System Check also use spam email messages to spread the malware. Messages commonly disguise as a letter from courier services such as this one:
Subject: Error in the delivery address
Your package has been sent to your address.
Please find a post label attached which contains a track number of your package.
Thank you for your attention.
DHL Logistics Services.
The fake DHL message contains infected file (Post_Label_N5501US.zip) may install System Check. Usually, it connects to a remote server to download the rogue program and simultaneously install a rootkit Trojan to avoid removal.
After penetrating the computer, System Check will disable system tools and hides files and folders. It also prevent access to Internet particularly security web sites. Using various techniques to prevent victims from removing System Check from the computer may end up in buying the rogue product.
System Check virus displays a PC Performance & Stability analysis report to mislead computer users. This contains a number of hard drive and memory errors found on your PC.
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
When System Check is present on the computer, it will provide numerous annoyances to convince user that PC is in trouble. In fact, it will display various annoyances such as fake warnings and alerts coming from system tray. Some of the fake alerts will contain these messages:
Windows OS can’t detect a free hard drive space. Hard Drive error.
Hard drive critical error. Start a system diagnostics application to scan your hard disk for errors and performance problems.
RAM memory reliability is extremely low. This problem may cause system failure.
Hard drive clusters are partly damaged. Segment load failure.
How to Remove System Check
1. On fake System Check console, click on Click here to activate full-functional version. Enter any email address and this code provided by S!Ri.
Activation Code: 1203978628012489708290478989147
2. Click on Activate. You need to run System Check in registered mode temporarily to access your files and programs. This step also unhides all files and folders.
Note: Activating the program will not remove it from the computer. We are running this step to make the removal easy. Once you have activated System Check, you may regain an Internet access to download a removal tool. With the full version, the malware will stop blocking programs and you may be able to run a virus scan on the PC.
3. Download MalwareBytes' Anti-Malware from this link.
4. Once download is complete, double-click on the file to install MBAM. Just load it with default settings. It may prompt for update after installation, please download all necessary updates.
5. MBAM will run right after the update has completed.
6. Click on Perform quick scan, the click on Scan. MBAM will scan the computer for presence of threats. This may take a while.
7. When scan has completed, NPE will display a list of all detected threats.
8. Click on Show Results to reveal all identified threats.
9. Make sure that all threats are mark with check. Click on Remove Selected to permanently delete all files and registry entries that belongs to System Check virus.
10. If it prompts you to restart the computer, just click No. We need to remove some more files that belong to System Check virus.
11. Press Ctrl + Alt + Del on your keyboard. Windows Task Manager will open. On Application, select System Check and click on End Task. This will end the running process of rogue program.
12. Next, we need to locate and delete the files manually (These steps can be automatically performed by MBAM after restarting the computer).
- For XP Users: Go to C:\Documents and Settings\All Users\Application Data\
- For Vista and Windows 7 Users: Go to C:\ProgramData\
- Delete all files with questionable random file name similar to the following:
13. We need to remove Startup entry belonging to System Check.
- Go to Start > Run and type msconfig. This will open System Configuration Utility.
- Click on Startup tab. - Look for startup item consisting of random character.
- Remove the check mark and click OK.
14. Please restart the computer to complete the removal process.
15. After restarting the computer, you need to unhide all files set hidden by System Check. However, if you have activated System Check ealier, you may skip this step. Activating System Check using the given activation code automatically unhides all files and folders.
- Open My Computer. Go to Drive C: and select all files.
- Right-click on highlighted files then select Properties.
- On Attributes area, remove the mark on Hidden. Please confirm that you will apply the changes to Selected items, subfolders and files.
What To Do If Files and Folders Are Missing?
a. Open Windows Explorer/My Computer.
b. On Top Menu, click on Organize > Folder and Search Options (Windows Vista/7).
On Top Menu, click on Tools > Folder Options (Windows XP).
c. Click on View tab.
d. Mark "Show hidden files and folders"
e. Click on Apply, then OK.
That will show all hidden files and folders on your computer.
16. Lastly, all shortcut link files must be removed. They are all visible on your task bar, desktop and Programs menu. Simply delete any .LNK files that correspond to System Check virus. You may also refer to 'Associated Files' section for individual location.
Removing Rootkit Trojan
On some instances, Rootkit Trojan is the one responsible for dropping System Check inside the computer. Rootkit Trojan is capable of concealing itself from anti-virus application and hides its presence. This is the reason why we need to neutralize the complicated malware using a special tool designed for this type of infection.
1. Download Norton Power Eraser here. Save it to your desktop.
2. Once download is complete, double click on NPE.Exe.
3. Norton Power Eraser will run. If it prompts for End User License Agreement, please click on Accept.
4. On NPE main window, click on Scan.
5. On next window, select Include Rootkit Scan and click on Restart.
6. NPE will restart the computer and performs rootkit scanning. This may take a while.
7. When scan has completed, NPE will display a list of all detected threats.
Important! If there are any detected threats under Suspicious, remove the check mark. Only threats in Detected category are necessary to remove at this point. Make sure that you mark the Create System Restore Point before proceeding with the fix.
8. Now, click on Fix to start removing any threats associated to System Check.
9. Norton Power Eraser will restart the computer. Then after a reboot, it will initialize and display the eliminated threats.
10. You may now close NPE. That completely removes System Check rootkit Trojan.
Alternative Removal Method for System Check
Option 1 : Use Windows System Restore to return Windows to previous state
If System Check enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before System Check infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.
Option 2 : System Check manual uninstall guide
IMPORTANT! Manual removal of System Check requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.
1. Kill any running process that belongs to System Check.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for System Check files (refer to Technical Reference) and click End Process.
2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.
3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
4. Delete all files dropped by System Check.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.