Saturday, January 7, 2012

Remove System Check (SystemCheck) malware, unwanted present to New Year’s Day

System Check (SystemCheck) performs weird actions such as disabling shortcuts on system desktop and emptying some folders. The information eliminated is stored into Temporary folders, which is why special care is required, if you like:
1. to remove System Check malware
2. to get back the data it has stolen
The program is a New Year’s gift from Russian hackers as its release was registered in the 2012 New Year night. It is a family malware that belongs to widely known strain of counterfeits commonly referred to as fake security defragmenters.
Besides denying access to important information and features the rogue generates inexhaustible stream of popups including fake program menu and numerous alerts dedicated to particular problems it has allegedly detected.
In order to ensure your system information and other precious data stored on your PC is intact, as well as to get rid of System Check fake security solution, click this link in order to launch free scanner that will ensure detection and elimination of every malicious entry, as well as enable restoring shortcuts and other data hidden by the rogue.

Use the foolwong activation code \ serial number to "activate" System Check and help removal:

1203978628012489708290478989147
System Check screenshot:



System Check manual removal guide:
Delete infected files:
%CommonAppData%\~
%CommonAppData%\~
%CommonAppData%\
%CommonAppData%\.exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
%Desktop%\System Check.lnk
%StartMenu%\Programs\System Check\
%StartMenu%\Programs\System Check\System Check.lnk
%StartMenu%\Programs\System Check\Uninstall System Check.lnk
%Temp%\smtmp\
%Temp%\smtmp\1
%Temp%\smtmp\1
%Temp%\smtmp\2
%Temp%\smtmp\3
%Temp%\smtmp\4
Delete infected registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'

 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

No comments: