Remove SystemCop

SystemCop is a fake security program that uses deceptive means of informing a computer users on the security threats found. Pretending to be a legitimate antivirus program it will create and fabricate numerous viruses that it will report to have been infecting a system. Just like any of its kind, it will keep on showing alert messages either a pop-up or taskbar and tries to convince a user to pay for the registered version of the program by redirecting them to a fraudulent payment website when a button was clicked on its alert messages.

What are the Symptoms of this Rogue Program?

It scans computer and produce fake results.

SystemCop image

It will modify Windows Registry and add the following entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemCop
  • HKEY_LOCAL_MACHINE\SOFTWARE\SystemCop
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SYSTEMCOPSVC
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SYSTEMCOPSVC\0000
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SYSTEMCOPSVC\0000\Control
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SystemCopSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SystemCopSvc\Security
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SystemCopSvc\Enum
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SYSTEMCOPSVC
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SYSTEMCOPSVC\0000
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SYSTEMCOPSVC\0000\Control
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SystemCopSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SystemCopSvc\Security
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SystemCopSvc\Enum
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

The threat will drop the following malicious files:

  • %CommonDesktopDir%\SystemCop.lnk
  • %CommonPrograms%\SystemCop\1 SystemCop.lnk
  • %CommonPrograms%\SystemCop\2 Homepage.lnk
  • %CommonPrograms%\SystemCop\3 Uninstall.lnk
  • %Temp%\nsy2.tmp\nsProcess.dll
  • %Temp%\nsy2.tmp\nsSCM.dll
  • %ProgramFiles%\SystemCop Software\SystemCop\license.txt
  • %ProgramFiles%\SystemCop Software\SystemCop\SystemCop.exe
  • %ProgramFiles%\SystemCop Software\SystemCop\uninstall.exe
  • %Windir%\10525zr2619.bin
  • %Windir%\10582szy4aa9.dll
  • %Windir%\106z795y3c2.ocx
  • %Windir%\10895zp9101.exe
  • %Windir%\10931vi5usz59.cpl
  • %Windir%\10zf9p5rse1829.bin
  • %Windir%\1140s9ealz854.bin
  • %Windir%\11z55troj969.cpl
  • %Windir%\11z985roj7b0.dll
  • %Windir%\12040not5a-virus39z.bin
  • %Windir%\12231no9-z-v5rus35b.exe
  • %Windir%\124925ot9a-virus40bz.cpl
  • %Windir%\124959pyz9.ocx
  • %Windir%\12547viz9s535.cpl
  • %Windir%\129z1not-a-vir5s1d5.cpl
  • %Windir%\12z55t9o55c.ocx
  • %Windir%\1329bzckdoor561.exe
  • %Windir%\13529spazbot1b95.cpl
  • %Windir%\1391zpywar593.exe

How to Easily Remove SystemCop

1. Print this procedure as we need to close all programs running later.
2. Download AntiMalware Application here and save it to your Desktop.
3. Close all open applications.
4. Double-Click on the downloaded mbam-setup.exe to start the installation. If unable to execute, infections on computer is preventing it from running, rename the file mbam-setup.exe to anything (like myfile.exe)
5. Run the installation on the default settings. No changes are necessary.
6. Just before completing the installation, make sure that the following are marked check.
Update the program
Launch the program

7. The tool will run and update itself after installation. Close it after the update.

8. Restart your computer in SafeMode
– After Power-On the computer, just before Windows start, press F8
– From the selections, Select SafeMode

9. Click on the icon and start to Perform Full Scan to begin scanning your computer for SystemCop related files.
10. After scanning, a message will appear stating that the scan is completed successfully. Click OK.
11. Click Show Results and detected threats will be displayed.
12. Make sure that all threats are marked check, then click Remove Selected to begin removal of the malicious files.
13. Exit AntiMalware Apps and restart your computer.

14. SystemCop and all its files are now removed from your computer. To guard your computer from this threat and avoid future infections, you may want real-time protection from AntiMalware Apps.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>