What is System-Checker?
The Malwarebytes research team has determined that System-Checker is adware. These adware applications display advertisements not originating from the sites you are browsing.
This one is a LSP hijacker.
How do I know if my computer is affected by System-Checker?
You may see this entry in your list of installed programs:
and this warning during install:
How did System-Checker get on my computer?
Adware applications use different methods for distributing themselves. This particular one was bundled with other software.
How do I remove System-Checker?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- No, Malwarebytes' Anti-Malware removes System-Checker completely.
- You may be prompted twice to reboot after removal. Malwarebytes Anti-Malware needs to restore your connection after removing this LSP-hijacker.
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the System-Checker adware. �It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
You will see these signs in a HijackThis log:
O10 - Unknown file in Winsock LSP: c:\windows\system32\scxy.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\scxy.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\scxy.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\scxy.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\scxy.dll O23 - Service: scxy - scsp - C:\Program Files\System-Checker\Files\scxy.exe O23 - Service: System checker Monitor (syschkrm) - Unknown owner - C:\Program Files\System-Checker\syschkrm.exe O23 - Service: System checker Service (syschkrs) - Unknown owner - C:\Program Files\System-Checker\syschkrs.exePossible signs in FRST logs:
(scsp) C:\Program Files\System-Checker\Files\scxy.exe () C:\Program Files\System-Checker\syschkrs.exe () C:\Program Files\System-Checker\syschkrm.exe Winsock: Catalog9 01 C:\Windows\system32\scxy.dll [349872 2015-05-01] (scsp) Winsock: Catalog9 02 C:\Windows\system32\scxy.dll [349872 2015-05-01] (scsp) Winsock: Catalog9 03 C:\Windows\system32\scxy.dll [349872 2015-05-01] (scsp) Winsock: Catalog9 04 C:\Windows\system32\scxy.dll [349872 2015-05-01] (scsp) Winsock: Catalog9 23 C:\Windows\system32\scxy.dll [349872 2015-05-01] (scsp) R2 scxy; C:\Program Files\System-Checker\Files\scxy.exe [1936280 2015-04-01] (scsp) R2 syschkrm; C:\Program Files\System-Checker\syschkrm.exe [110080 2015-04-01] () [File not signed] R2 syschkrs; C:\Program Files\System-Checker\syschkrs.exe [186880 2015-04-01] () [File not signed] System-Checker (HKLM\...\System-Checker) (Version: 0.5 - System-Checker) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\scxy => ""="service"An excerpt of the alterations made by the installer:
File system details --------------------------------------------- Adds the folder C:\Program Files\System-Checker Adds the file syschkr.dat"="4/1/2015 8:19 PM, 709632 bytes, A Adds the file syschkrm.exe"="4/1/2015 8:19 PM, 110080 bytes, A Adds the file syschkrs.exe"="4/1/2015 8:19 PM, 186880 bytes, A Adds the file System-Checker.exe"="2/16/2015 5:28 PM, 228352 bytes, A Adds the file System-Checker.exe.config"="2/12/2015 5:22 PM, 193 bytes, A Adds the file uninst.exe"="5/1/2015 4:06 PM, 277434 bytes, A Adds the folder C:\Program Files\System-Checker\Files Adds the file certsc.dll"="4/1/2015 12:35 PM, 373800 bytes, A Adds the file freebl3.dll"="8/30/2013 11:11 AM, 303104 bytes, A Adds the file libnspr4.dll"="8/30/2013 11:11 AM, 295424 bytes, A Adds the file libplc4.dll"="8/30/2013 11:11 AM, 48640 bytes, A Adds the file libplds4.dll"="8/30/2013 11:11 AM, 46080 bytes, A Adds the file nss3.dll"="8/30/2013 11:11 AM, 854528 bytes, A Adds the file nssckbi.dll"="8/30/2013 11:11 AM, 417280 bytes, A Adds the file nssdbm3.dll"="8/30/2013 11:11 AM, 164352 bytes, A Adds the file nssutil3.dll"="8/30/2013 11:11 AM, 135680 bytes, A Adds the file scfp.sys"="4/1/2015 12:35 PM, 29792 bytes, A Adds the file scfp64.sys"="4/1/2015 12:34 PM, 36768 bytes, A Adds the file scfpi.exe"="4/1/2015 12:35 PM, 142432 bytes, A Adds the file scjrt.sys"="4/1/2015 12:35 PM, 29792 bytes, A Adds the file scsp.exe"="4/1/2015 12:35 PM, 405824 bytes, A Adds the file scsp.ini"="7/19/2013 3:58 PM, 116 bytes, A Adds the file scsp64.exe"="4/1/2015 12:35 PM, 353216 bytes, A Adds the file scxy.dll"="4/1/2015 12:35 PM, 349872 bytes, A Adds the file scxy.exe"="4/1/2015 12:35 PM, 1936280 bytes, A Adds the file scxy.tlb"="4/1/2015 4:28 AM, 49040 bytes, A Adds the file scxy64.dll"="4/1/2015 12:35 PM, 416552 bytes, A Adds the file smime3.dll"="8/30/2013 11:11 AM, 132608 bytes, A Adds the file softokn3.dll"="8/30/2013 11:11 AM, 230400 bytes, A Adds the file sqlite3.dll"="8/30/2013 11:11 AM, 455168 bytes, A Adds the file ssl3.dll"="8/30/2013 11:11 AM, 228352 bytes, A In the existing folder C:\Windows\System32 Adds the file 29xyOff.ini"="5/1/2015 4:06 PM, 8856 bytes, A Adds the file scxy.dll"="4/1/2015 12:35 PM, 349872 bytes, A Registry details ------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C82A1444-9C97-40F6-8490-6CB41A1B2091}] "(Default)"="REG_SZ", "scxy" "InstallingUser"="REG_SZ", "bQBiAGEAbQBwAGMAXABtAGEAbAB3AGEAcgBlAGIAeQB0AGUAcwAAAA==" "kp1"="REG_DWORD", 1 "LaunchPermission"="REG_BINARY, ..L.\...0................................. ....... ... "LocalService"="REG_SZ", "scxy" "ServiceParameters"="REG_SZ", "-Service" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\scxy.exe] "AppID"="REG_SZ", "{C82A1444-9C97-40F6-8490-6CB41A1B2091}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28AC1B19-B0BF-47DA-8AE1-98672E1AA3E7}\LocalServer32] "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F46B0A9-78EF-4605-B148-A340B39EF1BB}\LocalServer32] "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4241D5FB-9E6D-467E-97EC-92C4921ACB01}\LocalServer32] "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7011DFCD-A5C0-46DA-A593-B018A039258C}\LocalServer32] "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70284914-C308-4904-830E-D853CBCBC720}\LocalServer32] "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90BF52CA-7FE3-4859-A82D-1D50F90C9AC0}\LocalServer32] "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D94ABE89-BCBD-4CD9-86B6-032093E5EB58}\LocalServer32] "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7B1AF6A-0C8F-4B16-909E-D0CCA7C2B6FB}\LocalServer32] "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{04C7D782-D896-4B7C-8216-5A7AE5DC7736}] "(Default)"="REG_SZ", "IDataController" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{04C7D782-D896-4B7C-8216-5A7AE5DC7736}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31AA0616-1339-48A7-9AC1-6129D6B4A1FE}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C37FA58-CD9E-42FD-B395-FDA1A84C4369}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7787831C-551E-4FF5-9C6A-A5684183EB3F}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9DAD1C60-3749-44D6-86B6-A5F5C573C350}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A6EE8EFB-0085-4B8A-871F-96DF2BC0D180}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AD8140BF-6355-4051-A0B1-2E69C0FF765C}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B2572374-DE97-4360-8F70-C7C4B281EA9E}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B4D03774-A43E-4A12-94F2-2AEF5AC4E945}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D3FC56E7-BB9F-4281-B8BE-5CFF5F65C1DC}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7D7E6DA-A99C-4E09-BDCC-4509E669A95C}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EDA21FDA-6107-43FA-A938-959955ADF842}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FCF8D7AC-579A-4023-94C9-F15342FACBBA}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.DataContainer] "(Default)"="REG_SZ", "DataContainer Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.DataController] "(Default)"="REG_SZ", "DataController Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.DataTable] "(Default)"="REG_SZ", "DataTable Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.DataTableFields] "(Default)"="REG_SZ", "DataTableFields Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.DataTableHolder] "(Default)"="REG_SZ", "DataTableHolder Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.LSPLogic] "(Default)"="REG_SZ", "LSPLogic Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.ReadOnlyManager] "(Default)"="REG_SZ", "ReadOnlyManager Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.WatchDog] "(Default)"="REG_SZ", "WatchDog Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.WFPController] "(Default)"="REG_SZ", "WFPController Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ABC5B680-35F1-42E6-BAD8-E0DF5545C957}\1.0] "(Default)"="REG_SZ", "scxy 1.0 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ABC5B680-35F1-42E6-BAD8-E0DF5545C957}\1.0\0\win32] "(Default)"="REG_SZ", "C:\Program Files\System-Checker\Files\scxy.tlb" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ABC5B680-35F1-42E6-BAD8-E0DF5545C957}\1.0\FLAGS] "(Default)"="REG_SZ", "0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ABC5B680-35F1-42E6-BAD8-E0DF5545C957}\1.0\HELPDIR] "(Default)"="REG_SZ", "C:\Program Files\System-Checker\Files" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\System-Checker.exe] "(Default)"="REG_SZ", "C:\Program Files\System-Checker\System-Checker.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System-Checker] "DisplayIcon"="REG_SZ", "C:\Program Files\System-Checker\System-Checker.exe" "DisplayName"="REG_SZ", "System-Checker" "DisplayVersion"="REG_SZ", "0.5" "Publisher"="REG_SZ", "System-Checker" "UninstallString"="REG_SZ", "C:\Program Files\System-Checker\uninst.exe" "URLInfoAbout"="REG_SZ", "http://www.system-checker.com" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\scxy] "(Default)"="REG_SZ", "service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\scxy] "DependOnService"="REG_MULTI_SZ, "RPCSS " "DisplayName"="REG_SZ", "scxy" "ErrorControl"="REG_DWORD", 1 "FailureActions"="REG_BINARY, ...................... "ImagePath"="REG_EXPAND_SZ, "C:\Program Files\System-Checker\Files\scxy.exe" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\syschkrm] "Description"="REG_SZ", "System checker Monitor" "DisplayName"="REG_SZ", "System checker Monitor" "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, "C:\Program Files\System-Checker\syschkrm.exe" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\syschkrs] "Description"="REG_SZ", "System checker Service" "DisplayName"="REG_SZ", "System checker Service" "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, "C:\Program Files\System-Checker\syschkrs.exe" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 5/1/2015 Scan Time: 4:14:55 PM Logfile: mbamSystemChecker.txt Administrator: Yes Version: 2.01.0.1004 Malware Database: v2015.05.01.03 Rootkit Database: v2015.04.21.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Malwarebytes Scan Type: Threat Scan Result: Completed Objects Scanned: 287453 Time Elapsed: 4 min, 18 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 3 PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scxy.exe, 3408, Delete-on-Reboot, [88efcdc1e4a6ba7c3fead2787d899070] PUP.Optional.SystemChecker.A, C:\Program Files\System-Checker\syschkrm.exe, 2980, Delete-on-Reboot, [690ec1cd206a9b9b3607e2e7996a37c9] PUP.Optional.SystemChecker.A, C:\Program Files\System-Checker\syschkrs.exe, 3956, Delete-on-Reboot, [9ed9eaa4dfab91a547f7ba0feb18dd23] Modules: 12 PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\scxy.dll, Delete-on-Reboot, [2a4dc1cd4347ad89eeb39ab70af823dd], PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\scxy.dll, Delete-on-Reboot, [2a4dc1cd4347ad89eeb39ab70af823dd], PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\scxy.dll, Delete-on-Reboot, [2a4dc1cd4347ad89eeb39ab70af823dd], PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\scxy.dll, Delete-on-Reboot, [2a4dc1cd4347ad89eeb39ab70af823dd], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\certsc.dll, Delete-on-Reboot, [df986d2131593df9ef3ab99115f1c53b], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\freebl3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\libnspr4.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\libplc4.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\libplds4.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\nss3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\nssutil3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\smime3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], Registry Keys: 19 PUP.Optional.Winsock.HijackBoot, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\scxy, Quarantined, [88efcdc1e4a6ba7c3fead2787d899070], PUP.Optional.SystemChecker.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSCHKRM, Quarantined, [690ec1cd206a9b9b3607e2e7996a37c9], PUP.Optional.SystemChecker.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSCHKRS, Quarantined, [9ed9eaa4dfab91a547f7ba0feb18dd23], PUP.Optional.SystemChecker.A, HKCU\SOFTWARE\System-Checker, Quarantined, [5b1c7b134d3d1b1b6fca9237dd26da26], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\System-Checker, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\TYPELIB\{ABC5B680-35F1-42E6-BAD8-E0DF5545C957}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{04C7D782-D896-4B7C-8216-5A7AE5DC7736}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{31AA0616-1339-48A7-9AC1-6129D6B4A1FE}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{5C37FA58-CD9E-42FD-B395-FDA1A84C4369}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{7787831C-551E-4FF5-9C6A-A5684183EB3F}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{9DAD1C60-3749-44D6-86B6-A5F5C573C350}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{A6EE8EFB-0085-4B8A-871F-96DF2BC0D180}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{AD8140BF-6355-4051-A0B1-2E69C0FF765C}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2572374-DE97-4360-8F70-C7C4B281EA9E}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{B4D03774-A43E-4A12-94F2-2AEF5AC4E945}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{D3FC56E7-BB9F-4281-B8BE-5CFF5F65C1DC}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{D7D7E6DA-A99C-4E09-BDCC-4509E669A95C}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{EDA21FDA-6107-43FA-A938-959955ADF842}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{FCF8D7AC-579A-4023-94C9-F15342FACBBA}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], Registry Values: 3 PUP.Optional.SystemChecker.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SCXY|ImagePath, C:\Program Files\System-Checker\Files\scxy.exe, Quarantined, [0374e9a55139f93d79c3d1f8c63d21df] PUP.Optional.SystemChecker.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSCHKRM|ImagePath, C:\Program Files\System-Checker\syschkrm.exe, Quarantined, [690ec1cd206a9b9b3607e2e7996a37c9] PUP.Optional.SystemChecker.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSCHKRS|ImagePath, C:\Program Files\System-Checker\syschkrs.exe, Quarantined, [9ed9eaa4dfab91a547f7ba0feb18dd23] Registry Data: 0 (No malicious items detected) Folders: 2 PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], Files: 33 PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\scxy.dll, Delete-on-Reboot, [2a4dc1cd4347ad89eeb39ab70af823dd], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scxy.exe, Delete-on-Reboot, [88efcdc1e4a6ba7c3fead2787d899070], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\certsc.dll, Delete-on-Reboot, [df986d2131593df9ef3ab99115f1c53b], PUP.Optional.SystemCheck.A, C:\Users\{username}\Desktop\SystemChecker.exe, Quarantined, [37402965b1d95bdb425ec190b74b19e7], PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\29xyOff.ini, Quarantined, [d99e0a84731756e0ef505b6e0003e818], PUP.Optional.SystemChecker.A, C:\Program Files\System-Checker\syschkrm.exe, Delete-on-Reboot, [690ec1cd206a9b9b3607e2e7996a37c9], PUP.Optional.SystemChecker.A, C:\Program Files\System-Checker\syschkrs.exe, Delete-on-Reboot, [9ed9eaa4dfab91a547f7ba0feb18dd23], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\syschkr.dat, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\System-Checker.exe, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\System-Checker.exe.config, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\uninst.exe, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\freebl3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\libnspr4.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\libplc4.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\libplds4.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\nss3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\nssckbi.dll, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\nssdbm3.dll, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\nssutil3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scfp.sys, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scfp64.sys, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scfpi.exe, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scjrt.sys, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scsp.exe, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scsp.ini, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scsp64.exe, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scxy.dll, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scxy.tlb, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scxy64.dll, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\smime3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\softokn3.dll, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\sqlite3.dll, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\ssl3.dll, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], Physical Sectors: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention