The newest branch on the FakeHDD family of rogues is called System Check and it has already started taking victims. Fake System Check tool is very similar to its siblings in its manner of operation on an infected machine, but it also has some additional pranks included in its bag of tricks.
Since this is not a legitimate system diagnostic software, its advertising methods are extremely malicious and aggressive. It sneaks into the targeted computers by exploiting vulnerabilities found in them. To do so, it uses hacked websites as a hiding place. The user downloads the rogue involuntarily simply by opening the compromised webpage. The other strategy for transmitting the rogue are some malevolent online scanners, advertising System Check. Therefore, it is recommended that you be very cautious when clicking on advertisements and if you want to do so, check online for any user reviews or comments on the advertised product.
 |
When System Check creeps into a PC, it configures itself to start automatically as soon as Windows starts. What follows is a whole bunch of fake pop-up alerts and notifications, all stating that there are some serious hard drive problems which have caused corruption and loss of data:
Hard drive clusters are partly damaged. Segment load failure.
Hard drive clusters are partly damaged. Segment load failure.
Critical Error
Hard drive critical error. Start a system diagnostics application to scan your hard disk for errors and performance problems.
Hard Drive Failure
The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system.
System Error
An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors.
These System Check pop-ups, though, are just the first part of a series of lies aimed at misleading the victim into thinking there are indeed some critical computer problems. When it achieves its purpose of scaring the user, the fake program promotes its phony licensed version as the best solution to the presumable problems.
The list of cons of System Check, however, does not end with the bogus alerts. It also displays error messages when the victim tries to launch programs or delete files and then its made-up scanning tool comes forth. At end of the scan, a counterfeit table of errors is presented. The user is prompted to click on “Fix Errors” and as a result of this action, fake System Check pretends to be repairing some of the errors. At the end of this made-up operation, it declares that only the full version of the software is capable of fixing all the errors.
The extra-treachery included in the scam called System Check is that the program deletes random shortcuts and stores their backups in the %Temp%\smtmp folder (hence, it is very important not to delete any files from this folder in case your computer is infected with this malware). What is more, the rogue blocks other programs from being launched. This is a desperate attempt to make it impossible for you to start your legitimate anti-virus tool that is most surely going to detect the malware. If you are persistent, however, and try to launch the particular application several times, you will eventually succeed.
As a result of a System Check infection, some of your folders’ content might disappear or be replaced. There is no need to worry – this is a reversible process since the data is only hidden, not deleted. Once you get rid of the infection, you can show the hidden files. Meanwhile, the deceitful warnings will continue to pop-up from various places, some of them from your Windows Taskbar:
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
System Check
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Low Disk Space
You are running very low disk space on Local Disk (C:).
Windows – No Disk
Exception Processing Message 0×0000013
Critical Error
Hard drive clusters are partly damaged. Segment load failure.
The most dangerous feature of this rogue is that it is capable of installing TDSS or ZeroAccess rootkits, which try to block any anti-virus programs.
|
|
In conclusion, everything produced by System Check, whether alerts or PC scans, is fraudulent. The mere fact that the program uses such aggressive advertising strategies is enough to make you feel there is something fishy about it. Despite the fact that some of its tricks might seem very scary, you should not let it deceive you into spending your money on the fake product. In case System Check has already succeeded in entering your computer system, you should immediately run a full scan of the PC with a genuine AV software that can locate and remove the malicious files.
System Check Manual Removal Instructions:
Stop These System Check Processes:
(Learn how to do this)
[RANDOM].exe
Find and Delete These System Check Files:
(Learn how to do this)
%UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
%CommonAppData%\[RANDOM]
%CommonAppData%\~[RANDOM]
%UserProfile%\Desktop\System Check.lnk
%CommonAppData%\[RANDOM].exe
%Temp%\smtmp\
%Temp%\smtmp\1
%Temp%\smtmp\2
%Temp%\smtmp\3
%Temp%\smtmp\4
Remove These System Check Registry Values:
(Learn how to do this)
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\USE FORMSUGGEST = Yes
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CERTIFICATEREVOCATION = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONBADCERTRECVING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONZONECROSSING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\3\1601 = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\STATE = 146944
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\CONTROL\SESSION MANAGER\PENDINGFILERENAMEOPERATIONS = \??\%CommonAppData%\[RANDOM].exe
Related posts:
