System Check

By | June 19, 2012 | 0 Comment

System Check is a fake computer tool that carry out untrue scan on the computer and state that it found critical hard drive errors. It also informs several corrupted registry entries that can cause system failure. Moreover, it will identify critical errors in computer’s memory that needs immediate repair. All these reports are false. It is an imaginary act formed by malware author in order to persuade you to fix the PC through a paid version of System Check.

System Check Trojan spreads so fast. Since it was first seen on first quarter of 2012, the malware still exist until now. It is believed that this threat have infected huge number of computer ever since. Moreover, there are reports that many falls into the trap created by System Check. Many computer users wasted their money in buying a worthless program.

This malware is perhaps one of the most harmful programs that lurk up to this date. As soon as it is spotted on your computer, immediately run antivirus scan. You need to remove this threat before it can cause more damages to the computer. Some victim’s claims that System Check has managed to lock their files and it is now unusable. This malware can also delete your installed antivirus program to avoid removal. Therefore, you must not waste time. Remove System Check as soon as possible.

Type Rogue
Sub-Type FakeAV
OS Affected Windows XP, Windows Vista, Windows 7

What are the Symptoms of System Check virus Infection?

Obvious symptoms of this malware infection includes System Check scan when you start Windows. It will run a scan even without a command from computer user. See the image for your reference.

Fake Scan by System Check

It will modify Windows Registry and add the following entries:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘Yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ‘1’
‘.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoDesktop” = ‘1’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ‘1’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ‘1’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = ‘0’

The threat will drop the following malicious files:
%CommonAppData%\~
%CommonAppData%\~
%CommonAppData%\.exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
%StartMenu%\Programs\System Check\
%StartMenu%\Programs\System Check\System Check.lnk
%StartMenu%\Programs\System Check\Uninstall System Check.lnk
%Temp%\smtmp\

Leave a Reply

Your email address will not be published. Required fields are marked *