Removal instructions for System-Checker

Metallica · May 1, 2015

What is System-Checker?

The Malwarebytes research team has determined that System-Checker is adware. These adware applications display advertisements not originating from the sites you are browsing.

This one is a LSP hijacker.

How do I know if my computer is affected by System-Checker?

You may see this entry in your list of installed programs:

and this warning during install:

How did System-Checker get on my computer?

Adware applications use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove System-Checker?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

Please download Malwarebytes Anti-Malware to your desktop.
Double-click mbam-setup-version.exe and follow the prompts to install the program.
At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
Then click Finish.
If an update is found, you will be prompted to download and install the latest version.
Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.

Is there anything else I need to do to get rid of System-Checker?

No, Malwarebytes' Anti-Malware removes System-Checker completely.
You may be prompted twice to reboot after removal. Malwarebytes Anti-Malware needs to restore your connection after removing this LSP-hijacker.

How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the System-Checker adware. �It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

Technical details for experts

You will see these signs in a HijackThis log:

O10 - Unknown file in Winsock LSP: c:\windows\system32\scxy.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\scxy.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\scxy.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\scxy.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\scxy.dllO23 - Service: scxy - scsp - C:\Program Files\System-Checker\Files\scxy.exeO23 - Service: System checker Monitor (syschkrm) - Unknown owner - C:\Program Files\System-Checker\syschkrm.exeO23 - Service: System checker Service (syschkrs) - Unknown owner - C:\Program Files\System-Checker\syschkrs.exe

Possible signs in FRST logs:

 (scsp) C:\Program Files\System-Checker\Files\scxy.exe () C:\Program Files\System-Checker\syschkrs.exe () C:\Program Files\System-Checker\syschkrm.exe Winsock: Catalog9 01 C:\Windows\system32\scxy.dll [349872 2015-05-01] (scsp) Winsock: Catalog9 02 C:\Windows\system32\scxy.dll [349872 2015-05-01] (scsp) Winsock: Catalog9 03 C:\Windows\system32\scxy.dll [349872 2015-05-01] (scsp) Winsock: Catalog9 04 C:\Windows\system32\scxy.dll [349872 2015-05-01] (scsp) Winsock: Catalog9 23 C:\Windows\system32\scxy.dll [349872 2015-05-01] (scsp) R2 scxy; C:\Program Files\System-Checker\Files\scxy.exe [1936280 2015-04-01] (scsp) R2 syschkrm; C:\Program Files\System-Checker\syschkrm.exe [110080 2015-04-01] () [File not signed] R2 syschkrs; C:\Program Files\System-Checker\syschkrs.exe [186880 2015-04-01] () [File not signed]System-Checker (HKLM\...\System-Checker) (Version: 0.5 - System-Checker)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\scxy => ""="service"

An excerpt of the alterations made by the installer:

File system details  ---------------------------------------------    Adds the folder C:\Program Files\System-Checker       Adds the file syschkr.dat"="4/1/2015 8:19 PM, 709632 bytes, A       Adds the file syschkrm.exe"="4/1/2015 8:19 PM, 110080 bytes, A       Adds the file syschkrs.exe"="4/1/2015 8:19 PM, 186880 bytes, A       Adds the file System-Checker.exe"="2/16/2015 5:28 PM, 228352 bytes, A       Adds the file System-Checker.exe.config"="2/12/2015 5:22 PM, 193 bytes, A       Adds the file uninst.exe"="5/1/2015 4:06 PM, 277434 bytes, A    Adds the folder C:\Program Files\System-Checker\Files       Adds the file certsc.dll"="4/1/2015 12:35 PM, 373800 bytes, A       Adds the file freebl3.dll"="8/30/2013 11:11 AM, 303104 bytes, A       Adds the file libnspr4.dll"="8/30/2013 11:11 AM, 295424 bytes, A       Adds the file libplc4.dll"="8/30/2013 11:11 AM, 48640 bytes, A       Adds the file libplds4.dll"="8/30/2013 11:11 AM, 46080 bytes, A       Adds the file nss3.dll"="8/30/2013 11:11 AM, 854528 bytes, A       Adds the file nssckbi.dll"="8/30/2013 11:11 AM, 417280 bytes, A       Adds the file nssdbm3.dll"="8/30/2013 11:11 AM, 164352 bytes, A       Adds the file nssutil3.dll"="8/30/2013 11:11 AM, 135680 bytes, A       Adds the file scfp.sys"="4/1/2015 12:35 PM, 29792 bytes, A       Adds the file scfp64.sys"="4/1/2015 12:34 PM, 36768 bytes, A       Adds the file scfpi.exe"="4/1/2015 12:35 PM, 142432 bytes, A       Adds the file scjrt.sys"="4/1/2015 12:35 PM, 29792 bytes, A       Adds the file scsp.exe"="4/1/2015 12:35 PM, 405824 bytes, A       Adds the file scsp.ini"="7/19/2013 3:58 PM, 116 bytes, A       Adds the file scsp64.exe"="4/1/2015 12:35 PM, 353216 bytes, A       Adds the file scxy.dll"="4/1/2015 12:35 PM, 349872 bytes, A       Adds the file scxy.exe"="4/1/2015 12:35 PM, 1936280 bytes, A       Adds the file scxy.tlb"="4/1/2015 4:28 AM, 49040 bytes, A       Adds the file scxy64.dll"="4/1/2015 12:35 PM, 416552 bytes, A       Adds the file smime3.dll"="8/30/2013 11:11 AM, 132608 bytes, A       Adds the file softokn3.dll"="8/30/2013 11:11 AM, 230400 bytes, A       Adds the file sqlite3.dll"="8/30/2013 11:11 AM, 455168 bytes, A       Adds the file ssl3.dll"="8/30/2013 11:11 AM, 228352 bytes, A    In the existing folder C:\Windows\System32       Adds the file 29xyOff.ini"="5/1/2015 4:06 PM, 8856 bytes, A       Adds the file scxy.dll"="4/1/2015 12:35 PM, 349872 bytes, ARegistry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C82A1444-9C97-40F6-8490-6CB41A1B2091}]       "(Default)"="REG_SZ", "scxy"       "InstallingUser"="REG_SZ", "bQBiAGEAbQBwAGMAXABtAGEAbAB3AGEAcgBlAGIAeQB0AGUAcwAAAA=="       "kp1"="REG_DWORD", 1       "LaunchPermission"="REG_BINARY, ..L.\...0................................. ....... ...       "LocalService"="REG_SZ", "scxy"       "ServiceParameters"="REG_SZ", "-Service"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\scxy.exe]       "AppID"="REG_SZ", "{C82A1444-9C97-40F6-8490-6CB41A1B2091}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28AC1B19-B0BF-47DA-8AE1-98672E1AA3E7}\LocalServer32]       "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F46B0A9-78EF-4605-B148-A340B39EF1BB}\LocalServer32]       "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4241D5FB-9E6D-467E-97EC-92C4921ACB01}\LocalServer32]       "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7011DFCD-A5C0-46DA-A593-B018A039258C}\LocalServer32]       "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70284914-C308-4904-830E-D853CBCBC720}\LocalServer32]       "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90BF52CA-7FE3-4859-A82D-1D50F90C9AC0}\LocalServer32]       "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D94ABE89-BCBD-4CD9-86B6-032093E5EB58}\LocalServer32]       "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7B1AF6A-0C8F-4B16-909E-D0CCA7C2B6FB}\LocalServer32]       "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{04C7D782-D896-4B7C-8216-5A7AE5DC7736}]       "(Default)"="REG_SZ", "IDataController"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{04C7D782-D896-4B7C-8216-5A7AE5DC7736}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31AA0616-1339-48A7-9AC1-6129D6B4A1FE}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C37FA58-CD9E-42FD-B395-FDA1A84C4369}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7787831C-551E-4FF5-9C6A-A5684183EB3F}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9DAD1C60-3749-44D6-86B6-A5F5C573C350}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A6EE8EFB-0085-4B8A-871F-96DF2BC0D180}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AD8140BF-6355-4051-A0B1-2E69C0FF765C}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B2572374-DE97-4360-8F70-C7C4B281EA9E}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B4D03774-A43E-4A12-94F2-2AEF5AC4E945}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D3FC56E7-BB9F-4281-B8BE-5CFF5F65C1DC}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7D7E6DA-A99C-4E09-BDCC-4509E669A95C}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EDA21FDA-6107-43FA-A938-959955ADF842}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FCF8D7AC-579A-4023-94C9-F15342FACBBA}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.DataContainer]       "(Default)"="REG_SZ", "DataContainer Class"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.DataController]       "(Default)"="REG_SZ", "DataController Class"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.DataTable]       "(Default)"="REG_SZ", "DataTable Class"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.DataTableFields]       "(Default)"="REG_SZ", "DataTableFields Class"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.DataTableHolder]       "(Default)"="REG_SZ", "DataTableHolder Class"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.LSPLogic]       "(Default)"="REG_SZ", "LSPLogic Class"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.ReadOnlyManager]       "(Default)"="REG_SZ", "ReadOnlyManager Class"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.WatchDog]       "(Default)"="REG_SZ", "WatchDog Class"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.WFPController]       "(Default)"="REG_SZ", "WFPController Class"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ABC5B680-35F1-42E6-BAD8-E0DF5545C957}\1.0]       "(Default)"="REG_SZ", "scxy 1.0 Type Library"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ABC5B680-35F1-42E6-BAD8-E0DF5545C957}\1.0\0\win32]       "(Default)"="REG_SZ", "C:\Program Files\System-Checker\Files\scxy.tlb"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ABC5B680-35F1-42E6-BAD8-E0DF5545C957}\1.0\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ABC5B680-35F1-42E6-BAD8-E0DF5545C957}\1.0\HELPDIR]       "(Default)"="REG_SZ", "C:\Program Files\System-Checker\Files"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\System-Checker.exe]       "(Default)"="REG_SZ", "C:\Program Files\System-Checker\System-Checker.exe"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System-Checker]       "DisplayIcon"="REG_SZ", "C:\Program Files\System-Checker\System-Checker.exe"       "DisplayName"="REG_SZ", "System-Checker"       "DisplayVersion"="REG_SZ", "0.5"       "Publisher"="REG_SZ", "System-Checker"       "UninstallString"="REG_SZ", "C:\Program Files\System-Checker\uninst.exe"       "URLInfoAbout"="REG_SZ", "http://www.system-checker.com"    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\scxy]       "(Default)"="REG_SZ", "service"    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\scxy]       "DependOnService"="REG_MULTI_SZ, "RPCSS "       "DisplayName"="REG_SZ", "scxy"       "ErrorControl"="REG_DWORD", 1       "FailureActions"="REG_BINARY, ......................       "ImagePath"="REG_EXPAND_SZ, "C:\Program Files\System-Checker\Files\scxy.exe"       "ObjectName"="REG_SZ", "LocalSystem"       "Start"="REG_DWORD", 2       "Type"="REG_DWORD", 16    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\syschkrm]       "Description"="REG_SZ", "System checker Monitor"       "DisplayName"="REG_SZ", "System checker Monitor"       "ErrorControl"="REG_DWORD", 1       "ImagePath"="REG_EXPAND_SZ, "C:\Program Files\System-Checker\syschkrm.exe"       "ObjectName"="REG_SZ", "LocalSystem"       "Start"="REG_DWORD", 2       "Type"="REG_DWORD", 16    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\syschkrs]       "Description"="REG_SZ", "System checker Service"       "DisplayName"="REG_SZ", "System checker Service"       "ErrorControl"="REG_DWORD", 1       "ImagePath"="REG_EXPAND_SZ, "C:\Program Files\System-Checker\syschkrs.exe"       "ObjectName"="REG_SZ", "LocalSystem"       "Start"="REG_DWORD", 2       "Type"="REG_DWORD", 16

Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 5/1/2015Scan Time: 4:14:55 PMLogfile: mbamSystemChecker.txtAdministrator: YesVersion: 2.01.0.1004Malware Database: v2015.05.01.03Rootkit Database: v2015.04.21.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 287453Time Elapsed: 4 min, 18 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 3PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scxy.exe, 3408, Delete-on-Reboot, [88efcdc1e4a6ba7c3fead2787d899070]PUP.Optional.SystemChecker.A, C:\Program Files\System-Checker\syschkrm.exe, 2980, Delete-on-Reboot, [690ec1cd206a9b9b3607e2e7996a37c9]PUP.Optional.SystemChecker.A, C:\Program Files\System-Checker\syschkrs.exe, 3956, Delete-on-Reboot, [9ed9eaa4dfab91a547f7ba0feb18dd23]Modules: 12PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\scxy.dll, Delete-on-Reboot, [2a4dc1cd4347ad89eeb39ab70af823dd], PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\scxy.dll, Delete-on-Reboot, [2a4dc1cd4347ad89eeb39ab70af823dd], PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\scxy.dll, Delete-on-Reboot, [2a4dc1cd4347ad89eeb39ab70af823dd], PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\scxy.dll, Delete-on-Reboot, [2a4dc1cd4347ad89eeb39ab70af823dd], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\certsc.dll, Delete-on-Reboot, [df986d2131593df9ef3ab99115f1c53b], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\freebl3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\libnspr4.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\libplc4.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\libplds4.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\nss3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\nssutil3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\smime3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], Registry Keys: 19PUP.Optional.Winsock.HijackBoot, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\scxy, Quarantined, [88efcdc1e4a6ba7c3fead2787d899070], PUP.Optional.SystemChecker.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSCHKRM, Quarantined, [690ec1cd206a9b9b3607e2e7996a37c9], PUP.Optional.SystemChecker.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSCHKRS, Quarantined, [9ed9eaa4dfab91a547f7ba0feb18dd23], PUP.Optional.SystemChecker.A, HKCU\SOFTWARE\System-Checker, Quarantined, [5b1c7b134d3d1b1b6fca9237dd26da26], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\System-Checker, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\TYPELIB\{ABC5B680-35F1-42E6-BAD8-E0DF5545C957}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{04C7D782-D896-4B7C-8216-5A7AE5DC7736}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{31AA0616-1339-48A7-9AC1-6129D6B4A1FE}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{5C37FA58-CD9E-42FD-B395-FDA1A84C4369}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{7787831C-551E-4FF5-9C6A-A5684183EB3F}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{9DAD1C60-3749-44D6-86B6-A5F5C573C350}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{A6EE8EFB-0085-4B8A-871F-96DF2BC0D180}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{AD8140BF-6355-4051-A0B1-2E69C0FF765C}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2572374-DE97-4360-8F70-C7C4B281EA9E}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{B4D03774-A43E-4A12-94F2-2AEF5AC4E945}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{D3FC56E7-BB9F-4281-B8BE-5CFF5F65C1DC}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{D7D7E6DA-A99C-4E09-BDCC-4509E669A95C}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{EDA21FDA-6107-43FA-A938-959955ADF842}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{FCF8D7AC-579A-4023-94C9-F15342FACBBA}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], Registry Values: 3PUP.Optional.SystemChecker.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SCXY|ImagePath, C:\Program Files\System-Checker\Files\scxy.exe, Quarantined, [0374e9a55139f93d79c3d1f8c63d21df]PUP.Optional.SystemChecker.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSCHKRM|ImagePath, C:\Program Files\System-Checker\syschkrm.exe, Quarantined, [690ec1cd206a9b9b3607e2e7996a37c9]PUP.Optional.SystemChecker.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSCHKRS|ImagePath, C:\Program Files\System-Checker\syschkrs.exe, Quarantined, [9ed9eaa4dfab91a547f7ba0feb18dd23]Registry Data: 0(No malicious items detected)Folders: 2PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], Files: 33PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\scxy.dll, Delete-on-Reboot, [2a4dc1cd4347ad89eeb39ab70af823dd], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scxy.exe, Delete-on-Reboot, [88efcdc1e4a6ba7c3fead2787d899070], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\certsc.dll, Delete-on-Reboot, [df986d2131593df9ef3ab99115f1c53b], PUP.Optional.SystemCheck.A, C:\Users\{username}\Desktop\SystemChecker.exe, Quarantined, [37402965b1d95bdb425ec190b74b19e7], PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\29xyOff.ini, Quarantined, [d99e0a84731756e0ef505b6e0003e818], PUP.Optional.SystemChecker.A, C:\Program Files\System-Checker\syschkrm.exe, Delete-on-Reboot, [690ec1cd206a9b9b3607e2e7996a37c9], PUP.Optional.SystemChecker.A, C:\Program Files\System-Checker\syschkrs.exe, Delete-on-Reboot, [9ed9eaa4dfab91a547f7ba0feb18dd23], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\syschkr.dat, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\System-Checker.exe, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\System-Checker.exe.config, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\uninst.exe, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\freebl3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\libnspr4.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\libplc4.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\libplds4.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\nss3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\nssckbi.dll, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\nssdbm3.dll, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\nssutil3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scfp.sys, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scfp64.sys, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scfpi.exe, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scjrt.sys, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scsp.exe, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scsp.ini, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scsp64.exe, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scxy.dll, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scxy.tlb, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scxy64.dll, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\smime3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\softokn3.dll, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\sqlite3.dll, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\ssl3.dll, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], Physical Sectors: 0(No malicious items detected)(end)

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

Dynamically Blocks Malware Sites & Servers
Malware Execution Prevention

Save yourself the hassle and get protected.

Sign In

Removal instructions for System-Checker

Recommended Posts

Metallica

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information