Description of System Check virus and consequences of its residing on your PC’s
SystemCheck, otherwise spelled as System Check, is the very first fake system utility observed in 2012. It was reported already on the very first day of the year.
The program belongs to the group of malicious applications. They are sub-grouped into generations by visual characteristics, namely by what user can see if infected with the program. In case of the fake utility under review, the generation unities program that produces the same graphical elements as HDD Repair. Besides the two names already mentioned the generation includes several dozens of clones.
The names are changed as the program gains notoriety so that chances are increasing that user will eventually get necessary assistance. To get help in removing SystemCheck, click here in order that free scanner could launch and detect every malware, including the fake in question.
Technical Details and screenshots:
- Full name: System Check, System-Check, SystemCheck
- Type: Rogue Security Software, Trojan Horse
- Origin: Russian Federation
Signs of being infected with System Check
The adware seems to cast a spell on Windows desktop as it does not provide a single working shortcut soon after the program invasion. In fact, it is a consequence of the adware tricks. Fortunately, the damage can be helped as the rogue simply grabs the data and moves it into Temporary folder. If you abstain from cleaning it, the free scanner available here will help you in returning the data to its due location, as well as remove SystemCheck malware.
In the meantime, the above desktop disordering is observed prior to the popups generated by the fake optimizer, thus is a good preliminary sign of the malware invasion.
System Check automatical removal:
Get rid of SystemCheck fake optimization facility, as well as other malicious components detected as a part of your PC following the link below. The solution is a multi-purpose memory scanner and cleaner. Its designation below contains the adware name to emphasize the security solution is certainly able to rid your PC of its counterfeited optimizer.
Manual Removal of System Check:
Few cases have been observed in the wild when the fake system optimization suite was walking on its own, i.e. when its installation was the only malicious entry on scanned PC. Needless to say, multiple rogues require a number of detecting and cleaning actions so that is why deleting the adware using the above automated tool is preferable – but the final choice is always up to you! The above reasoning does not mean the manual is of improper quality or that it is silly to use it.
Remove System Check files and dll’s:
%AppData%\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
%StartMenu%\Programs\System Check\System Check.lnk
%StartMenu%\Programs\System Check\Uninstall System Check.lnk
Unregister System Check registry values:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘Yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ‘0’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ‘0’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ‘1’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ‘1’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoDesktop” = ‘1’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ‘1’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ‘1’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ‘0’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = ‘0’