Severity scale:  
  (64/100)

System Check. How to remove? (Uninstall guide)

removal by Ugnius Kiguolis - -   Also known as SystemCheck | Type: Rogue Antispyware
12

System Check is a fake defragmenter that shouldn't be left on your computer although you have never actually installed it on it. Its infiltration methods are based on trojans that come inside the system without any permission of a user asked. However, you can avoid finding this scam installed on your PC out of nowhere – just install registered version of anti-virus and anti-spyware and they will help you to catch it while infiltrating. System Check belongs to FakeSysDef family of fake defragmenters where the newest its member was System Fix. Just like this scam, System Check will also bombard you with annoying hard drive scanners and alerts claiming that there are numerous hard drive or RAM errors detected. However, all these messages are fake and you should simply ignore them. To save your machine, remove System Check from your computer which additionally tends to cause more problems for its victims.

System Check fake defragmenter is created for the only purpose – to rip you off. It does not require any user actions to get inside the system and then mess it up and all this is done unnoticeably for the victim. The most common way to let this malware to come is by downloading fake updates or visiting insecure websites that are compromised. When running inside your machine, System Check will be launched as soon as you reboot your PC and log into Windows. In addition, its victims usually report about continuous hard drive scanners and alerts that all report numerous issues detected, such as hard drive or ram problems:

Critical Error!
Damaged hard drive clusters detected. Private data is at risk.

Critical Error
RAM memory usage is critically high. RAM memory failure.

System Error
An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors.

If not removed from the system, System Check will generate numerous pop-ups and scanners informing about system problems that can be fixed only with a help of its license. However, purchasing System Check is the same as throwing your money away. In addition, it will keep displaying the same fake pop up ads based on fabricated results. It’s natural that some users may fall into purchasing this scam. If you have also purchased System Check, make sure you contact your credit card company to dispute the charges. In addition, remove System Check before it downloads more malware on your computer. Download a reputable anti-spyware program or automatic removal tool given below and get rid of System Check for good. Note that this malware can cause annoying redirections of your browser, so follow this guide 'What to do when Google/Yahoo/Bing results are redirecting?' if you are also facing this trouble.

The latest parasite names used by FakeHDD:
[newest id=”fakehdd”]

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove System Check you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall System Check. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing System Check (2012-04-26)
Malwarebytes Anti Malware
We have tested Malwarebytes Anti Malware's efficiency in removing System Check (2012-04-26)
Hitman Pro
We have tested Hitman Pro's efficiency in removing System Check (2012-04-26)
Webroot SecureAnywhere AntiVirus
We have tested Webroot SecureAnywhere AntiVirus's efficiency in removing System Check (2012-04-26)
System Check snapshot
System Check

System Check manual removal:

Kill processes:
[random].exe

Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain "Use FormSuggest" = 'Yes'

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "CertificateRevocation" = '0'

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnonBadCertRecving" = '0'

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesActiveDesktop "NoChangingWallPaper" = '1'

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" = '.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;'

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments "SaveZoneInformation" = '1'

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer "NoDesktop" = '1'

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = '1'

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun ".exe"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun ""

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem "DisableTaskMgr" = '1'

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "CheckExeSignatures" = 'no'

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced "Hidden" = '0'

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced "ShowSuperHidden" = '0'





Delete files:
%CommonAppData%[random].exe

%AppData%MicrosoftInternet ExplorerQuick LaunchSystem Check.lnk

%Desktop%System Check.lnk

%StartMenu%ProgramsSystem Check

%StartMenu%ProgramsSystem CheckSystem Check.lnk

%StartMenu%ProgramsSystem CheckUninstall System Check.lnk

%Temp%smtmp

%Temp%smtmp1

%Temp%smtmp1

%Temp%smtmp2

%Temp%smtmp3

%Temp%smtmp4

Removal guides in other languages


  • pasquale

    Please can you help me..this virus dosent go really away after run the antspyware and antivirus.i can see my files back but i cant open it..of not download..my email:

    • Rafael

      pasquale have youve gotten around this issue? Im in the same situation. edited the registry to eliminate several entries created by this but still unable to use the contents of my pc.

      thanks

  • MLM Software Company

    Thank you
    Your blog is very informative.
    MLM Software Company

  • steve keta

    Hey, guy thank you very much to help me!
    Now my PC is working properly.

    God Bless You

  • vanessa

    Hi!

    thank you very much for the post, it´s really helpfull!!! i would like to ask a question. I think I have deleted system check from my computer but on the process i clicked by mistake “buy now” on the page. Automatically a message of “congratulations for your purchase” came up but i hadn´t given any credit card details or any information. Now i am wondering if I have really purchased the program, if they could have taken my details from my hard drive or something to do the purchase????

  • Red

    Thanks, the registry-entries and the location of the files were very useful to check, if the software is really not on the system anymore!

  • Stan

    Do not delete any files just relax and take deep breaths,DONT FREAK OUT.If you can get into safemode with internet connection download Hitmanpro 3.6. Trust me ,it will fix it……..

  • Stan

    Hitmanpro will also get rid of ALL redirects for internet…

  • John

    Those SMTMP folders in the Temp folder contain the backups of the Start Menu shortcuts that this virus deletes from the main Start Menu. Dont delete those (the System Check one in the SMTMP folder can be tossed, though).

  • Jason

    The latest versions of this virus as of 2012/03/16 cannot be removed this way. They prevent access to all start menu contents and reboot the PC to allow a root kit to be installed that prevents even safe mode startup.

    • Mike A

      The only foolproof method for the version that came out as of 3/16/12 is to slave the infected HDD in another system and scan with a tool like malwarebites or similar. The infected system still must be recovered by running “unhide.exe” and rebuilding some other features manualy. Not a good bet for any but very experienced techs.

  • Tom

    I have got most features to work on Windos 7, but I still dont have sound? Does the System Check Virus remove sound from the speakers and the headphone jacks?

  • Jane

    I removed this from my husbands computer a couple of weeks ago so I recognized it when it popped up on my computer today. I know that it writes the files to the hard drive when the fake scan reboots so I havent done anything.

    Is there a way to prevent it from installing? The system check files havent been written to the hard drive so I suppose the registry hasnt been changed yet.I dont see anything suspicious in Task Manager.

    If I turn off the power without going through shut down is it possible it will go away?

    Any ideas would be helpful.

    Thanks!

  • tom

    i caught system check a while back. i got rid of it then, it came back in january and my computer was unusable for a while. after i calmed down i set it to not boot when windows loaded. after an hour or so of fidling my computer resumed usable status, except for some bidvisor browser hijacker that just randomly redirects me when it likes. theres some PC cd site and http://www.premiumtarot.com site it redirects me to. also get pop up advertising on some sites.

    • tom

      thats secure.bivertiser.com sorry. forgot to add theres a link to xiti.com on the tarot site, some web traffic company. maybe its all a scam i dunno.