Friday, January 20, 2012

How to Remove System Check

Please note: for all those worried about your data, it is still there!  System Check has just hidden it and I will cover how to get it back at the end of the removal instructions!

Of the fake anti-virus programs I have removed, System Check definitely tries to be the scariest!  I have never seen such a deluge of errors and warnings that range from hard drive failure to slow RAM and GPU problems.  But don’t worry, this can all be fixed for the low price of $84.50 if you purchase System Check!  If you have been conned into buying this program make sure you get your money back!  You should be able to call your credit card company and put in a dispute about the charge.

One of things I would like to point out first is the website where you can purchase System Check.  You will notice from the screen shot the impressive array of icons at the bottom of that page that would appear to show that System Checks website is safe; however, none of these icons can be clicked on like on a normal legitimate website, which would normally take you to a information page.

security-check-buy-options

Where did System Check come from?  In my case it came from a email sent by someone I know, who either has a virus problem or who’s email has been hacked.  The email contained a link to something I should check out, which coming from someone I know should be safe right?  In this case I knew even before clicking the link that it was not safe, but I decided to see what would happen anyway.  The website loaded Sun Java, which apparently has a security hole that is being exploited for the purpose of System Check.  Basically as soon as the website loaded, everything on my computer shutdown and almost all the icons on my desktop disappeared, also all the programs on the start menu disappeared as well. 

security-check-errors

And the next thing I see after all the error messages is System Check’s main window, which is scanning for errors:

security-check-main-screen

security-check-virus-screen

Now, how to remove System Check?

  1. Download and run RKill from: http://www.bleepingcomputer.com/download/anti-virus/rkill.  I was able to download this directly to my computer.  If you are not able to you can either download this on a second computer and transfer using flash driver or you can try Windows Safe Mode with Networking, you can find directions here: http://www.computer-skills.info/2012/01/how-to-boot-windows-into-safe-mode.html.
    Just to note when I ran RKill (I used the .exe version), I received several error messages and I thought I was going to have to try a different RKill, but RKill actually still worked and killed System Check.
  2. Next to remove system Check.  For this I am going to use MBAM, which can be downloaded at: http://www.malwarebytes.org/.  I recommend running a full scan first, this way hopefully you will not have to run a second scan.  When done scanning click Remove Selected, for me, MBAM wanted to restart once done.
    mbam-removing-system-check
    Once I restarted the computer, to my surprise System Check was still there, while inactive, it was not removed!  I did a scan with Norton’s Security Scanner: http://security.symantec.com/sscv6/WelcomePage.asp, which revealed additional threats.  I then used Norton’s Power Eraser: http://security.symantec.com/nbrt/npe.aspx, to remove the rest of the offending items.
  3. Now that System Check has been removed, you will probably notice that your data is still missing!  Do not worry, it is still there, System Check has simply hidden it.  To unhide it were are going to use a tool from Bleeping Computer called unhide: http://download.bleepingcomputer.com/grinler/unhide.exe.  Simply download and run unhide.exe and it should unhide all your data and programs.
  4. Also, on my system, System Check really messed up my Taskbar and Start Menu.  To restore the Start menu, right click on the Task Bar and click Properties.
    taskbar-and-start-menu-properties
    Under Taskbar buttons: change to Always Combine, hide labels.
    taskbar-and-start-menu-properties-window
    Next go to the Start Menu tab and first check both the Store and Display recently opened programs in the Start menu and Store and display recently opened items in the Start Menu and the taskbar.  Next click Customize…taskbar-and-start-menu-properties-start-menu-tab
    Under the Customization menu click Use Default Settings.  Click OK and click Ok again and your Start Menu should be back to normal.
    choosing-start-menu-items
  5. Next, I need to fix the Notification area of the Taskbar, instead of hiding inactive icons, it is showing everything.  To do this right click on the Taskbar, click properties and in the dialog box that opens click Customize under the Notification area.
    taskbar-and-start-menu-properties
    taskbar-and-start-menu-properties-window
    Under the Notification customization window, uncheck the option to Always show all icons and notifications on the taskbar, click OK and OK again when done.
    notification-icons-settings-in-taskbar
  6. Due to the fact that System Check loads additional unwanted software I recommend you follow my additional cleanup options here: http://www.computer-skills.info/2011/03/cleaning-aftermath-of-virus-part-1.html and if something still is not working right, you can find some additional help here: http://www.computer-skills.info/2011/03/cleaning-aftermath-of-virus-part-2.html

No comments:

Post a Comment