System Check and its malicious processes.

admin | February 16, 2012

System Check is not new computer infection; we have already submitted posts about it many times. System Check attacks computers with vigor. We do not stop warning all our blog readers to be careful while working in the Internet. Hackers employ up-to-date rootkit techniques to affect as much computers worldwide as possible. They changes their malicious product so often, that anti-virus programs can fail to detect the virus. That is the main issue, because virus does not stay still, it tricks users in such way. As soon as it penetrates into your PC it behaves to act like the decent program which can help you to find some threats and to eliminate them. It scans your system and detects a lot of threats, but do not panic the threat list generated by the virus, all these scan reports are pre-programmed and invented. So do not take them seriously.

System Check virus

System Check virus

Usually this unwanted app has the name consisting of a set of letters, it changes them every time. Trojan Killer anti-malware Lab has noticed such variants:

  • uhuknmwmqeyg.exe
  • i1oiwgZR6YQgEh.exe
  • E7M7LdSYQqtkqJ.exe
  • RhXKiTAQTdkfUsv.exe
  • 7xtBZJER3Pk9Zx.exe
  • 1WyYTyTogvhEBV.exe
  • dPQMMIWi7Ej1dc.exe
  • yhjAUdiGLNDELNe.exe
  • If you run into one of above-enumerated titles or some similar ones, probably your PC is infected with AV Security Essentials and it resides on your private territory. Do not panic, but do not postpone the system check for virus presence. Make sure to find decent removal solution. The effective removal of this infection is available for you by means of Gridinsoft Trojan Killer. Look through the removal tutorial stipulated below please.

    System Check automatic remover:

    System Check removal video guide:

    System Check manual removal:

    Delete System Check files:

    • %LocalAppData%
    • %LocalAppData%.exe
    • %LocalAppData%~
    • %LocalAppData%~
    • %StartMenu%ProgramsSystem Check
    • %StartMenu%ProgramsSystem CheckSystem Check.lnk
    • %StartMenu%ProgramsSystem CheckUninstall System Check.lnk
    • %Temp%smtmp
    • %Temp%smtmp1
    • %Temp%smtmp1
    • %Temp%smtmp2
    • %Temp%smtmp3
    • %Temp%smtmp4
    • %UserProfile%DesktopSystem Check.lnk


    Delete System Check registry entries:

    • HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain "Use FormSuggest" = 'Yes'
    • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "CertificateRevocation" = '0'
    • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnonBadCertRecving" = '0'
    • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesActiveDesktop "NoChangingWallPaper" = '1'
    • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" =
    • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments "SaveZoneInformation" = '1'
    • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer "NoDesktop" = '1'
    • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = '1'
    • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun ".exe"
    • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun ""
    • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem "DisableTaskMgr" = '1'
    • HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "CheckExeSignatures" = 'no'
    • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced "Hidden" = '0'
    • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced "ShowSuperHidden" = '0'
    • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerComDlg32LastVisitedMRU "MRUList"

1 Comment

  1. John W. says:

    Just a heads up, that “smtmp” folder contains your start menu shortcuts, etc, that are missing when this virus hits you. If you delete it, you will lose your start menu shortcuts.

Leave a comment

*