Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for System-Checker

- - - - -
Started by Metallica , May 01 2015 09:37 AM

  • Please log in to reply
No replies to this topic

#1
Metallica
Posted 01 May 2015 - 09:37 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is System-Checker?

The Malwarebytes research team has determined that System-Checker is adware. These adware applications display advertisements not originating from the sites you are browsing.
This one is a LSP hijacker.

How do I know if my computer is affected by System-Checker?

You may see this entry in your list of installed programs:

warning4.png

and this warning during install:

main.png

How did System-Checker get on my computer?

Adware applications use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove System-Checker?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of System-Checker?
  • No, Malwarebytes' Anti-Malware removes System-Checker completely.
  • You may be prompted twice to reboot after removal. Malwarebytes Anti-Malware needs to restore your connection after removing this LSP-hijacker.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the System-Checker adware. �It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

protection1.png


Technical details for experts

You will see these signs in a HijackThis log:
O10 - Unknown file in Winsock LSP: c:\windows\system32\scxy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\scxy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\scxy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\scxy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\scxy.dll
O23 - Service: scxy - scsp - C:\Program Files\System-Checker\Files\scxy.exe
O23 - Service: System checker Monitor (syschkrm) - Unknown owner - C:\Program Files\System-Checker\syschkrm.exe
O23 - Service: System checker Service (syschkrs) - Unknown owner - C:\Program Files\System-Checker\syschkrs.exe
Possible signs in FRST logs:
 (scsp) C:\Program Files\System-Checker\Files\scxy.exe
 () C:\Program Files\System-Checker\syschkrs.exe
 () C:\Program Files\System-Checker\syschkrm.exe
 Winsock: Catalog9 01 C:\Windows\system32\scxy.dll [349872 2015-05-01] (scsp)
 Winsock: Catalog9 02 C:\Windows\system32\scxy.dll [349872 2015-05-01] (scsp)
 Winsock: Catalog9 03 C:\Windows\system32\scxy.dll [349872 2015-05-01] (scsp)
 Winsock: Catalog9 04 C:\Windows\system32\scxy.dll [349872 2015-05-01] (scsp)
 Winsock: Catalog9 23 C:\Windows\system32\scxy.dll [349872 2015-05-01] (scsp)
 R2 scxy; C:\Program Files\System-Checker\Files\scxy.exe [1936280 2015-04-01] (scsp)
 R2 syschkrm; C:\Program Files\System-Checker\syschkrm.exe [110080 2015-04-01] () [File not signed]
 R2 syschkrs; C:\Program Files\System-Checker\syschkrs.exe [186880 2015-04-01] () [File not signed]

System-Checker (HKLM\...\System-Checker) (Version: 0.5 - System-Checker)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\scxy => ""="service"
An excerpt of the alterations made by the installer:
File system details  
---------------------------------------------
    Adds the folder C:\Program Files\System-Checker
       Adds the file syschkr.dat"="4/1/2015 8:19 PM, 709632 bytes, A
       Adds the file syschkrm.exe"="4/1/2015 8:19 PM, 110080 bytes, A
       Adds the file syschkrs.exe"="4/1/2015 8:19 PM, 186880 bytes, A
       Adds the file System-Checker.exe"="2/16/2015 5:28 PM, 228352 bytes, A
       Adds the file System-Checker.exe.config"="2/12/2015 5:22 PM, 193 bytes, A
       Adds the file uninst.exe"="5/1/2015 4:06 PM, 277434 bytes, A
    Adds the folder C:\Program Files\System-Checker\Files
       Adds the file certsc.dll"="4/1/2015 12:35 PM, 373800 bytes, A
       Adds the file freebl3.dll"="8/30/2013 11:11 AM, 303104 bytes, A
       Adds the file libnspr4.dll"="8/30/2013 11:11 AM, 295424 bytes, A
       Adds the file libplc4.dll"="8/30/2013 11:11 AM, 48640 bytes, A
       Adds the file libplds4.dll"="8/30/2013 11:11 AM, 46080 bytes, A
       Adds the file nss3.dll"="8/30/2013 11:11 AM, 854528 bytes, A
       Adds the file nssckbi.dll"="8/30/2013 11:11 AM, 417280 bytes, A
       Adds the file nssdbm3.dll"="8/30/2013 11:11 AM, 164352 bytes, A
       Adds the file nssutil3.dll"="8/30/2013 11:11 AM, 135680 bytes, A
       Adds the file scfp.sys"="4/1/2015 12:35 PM, 29792 bytes, A
       Adds the file scfp64.sys"="4/1/2015 12:34 PM, 36768 bytes, A
       Adds the file scfpi.exe"="4/1/2015 12:35 PM, 142432 bytes, A
       Adds the file scjrt.sys"="4/1/2015 12:35 PM, 29792 bytes, A
       Adds the file scsp.exe"="4/1/2015 12:35 PM, 405824 bytes, A
       Adds the file scsp.ini"="7/19/2013 3:58 PM, 116 bytes, A
       Adds the file scsp64.exe"="4/1/2015 12:35 PM, 353216 bytes, A
       Adds the file scxy.dll"="4/1/2015 12:35 PM, 349872 bytes, A
       Adds the file scxy.exe"="4/1/2015 12:35 PM, 1936280 bytes, A
       Adds the file scxy.tlb"="4/1/2015 4:28 AM, 49040 bytes, A
       Adds the file scxy64.dll"="4/1/2015 12:35 PM, 416552 bytes, A
       Adds the file smime3.dll"="8/30/2013 11:11 AM, 132608 bytes, A
       Adds the file softokn3.dll"="8/30/2013 11:11 AM, 230400 bytes, A
       Adds the file sqlite3.dll"="8/30/2013 11:11 AM, 455168 bytes, A
       Adds the file ssl3.dll"="8/30/2013 11:11 AM, 228352 bytes, A
    In the existing folder C:\Windows\System32
       Adds the file 29xyOff.ini"="5/1/2015 4:06 PM, 8856 bytes, A
       Adds the file scxy.dll"="4/1/2015 12:35 PM, 349872 bytes, A

Registry details  
------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C82A1444-9C97-40F6-8490-6CB41A1B2091}]
       "(Default)"="REG_SZ", "scxy"
       "InstallingUser"="REG_SZ", "bQBiAGEAbQBwAGMAXABtAGEAbAB3AGEAcgBlAGIAeQB0AGUAcwAAAA=="
       "kp1"="REG_DWORD", 1
       "LaunchPermission"="REG_BINARY, ..L.\...0................................. ....... ...
       "LocalService"="REG_SZ", "scxy"
       "ServiceParameters"="REG_SZ", "-Service"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\scxy.exe]
       "AppID"="REG_SZ", "{C82A1444-9C97-40F6-8490-6CB41A1B2091}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28AC1B19-B0BF-47DA-8AE1-98672E1AA3E7}\LocalServer32]
       "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F46B0A9-78EF-4605-B148-A340B39EF1BB}\LocalServer32]
       "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4241D5FB-9E6D-467E-97EC-92C4921ACB01}\LocalServer32]
       "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7011DFCD-A5C0-46DA-A593-B018A039258C}\LocalServer32]
       "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70284914-C308-4904-830E-D853CBCBC720}\LocalServer32]
       "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90BF52CA-7FE3-4859-A82D-1D50F90C9AC0}\LocalServer32]
       "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D94ABE89-BCBD-4CD9-86B6-032093E5EB58}\LocalServer32]
       "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7B1AF6A-0C8F-4B16-909E-D0CCA7C2B6FB}\LocalServer32]
       "(Default)"="REG_SZ", ""C:\Program Files\System-Checker\Files\scxy.exe""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{04C7D782-D896-4B7C-8216-5A7AE5DC7736}]
       "(Default)"="REG_SZ", "IDataController"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{04C7D782-D896-4B7C-8216-5A7AE5DC7736}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31AA0616-1339-48A7-9AC1-6129D6B4A1FE}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C37FA58-CD9E-42FD-B395-FDA1A84C4369}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7787831C-551E-4FF5-9C6A-A5684183EB3F}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9DAD1C60-3749-44D6-86B6-A5F5C573C350}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A6EE8EFB-0085-4B8A-871F-96DF2BC0D180}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AD8140BF-6355-4051-A0B1-2E69C0FF765C}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B2572374-DE97-4360-8F70-C7C4B281EA9E}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B4D03774-A43E-4A12-94F2-2AEF5AC4E945}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D3FC56E7-BB9F-4281-B8BE-5CFF5F65C1DC}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7D7E6DA-A99C-4E09-BDCC-4509E669A95C}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EDA21FDA-6107-43FA-A938-959955ADF842}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FCF8D7AC-579A-4023-94C9-F15342FACBBA}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.DataContainer]
       "(Default)"="REG_SZ", "DataContainer Class"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.DataController]
       "(Default)"="REG_SZ", "DataController Class"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.DataTable]
       "(Default)"="REG_SZ", "DataTable Class"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.DataTableFields]
       "(Default)"="REG_SZ", "DataTableFields Class"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.DataTableHolder]
       "(Default)"="REG_SZ", "DataTableHolder Class"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.LSPLogic]
       "(Default)"="REG_SZ", "LSPLogic Class"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.ReadOnlyManager]
       "(Default)"="REG_SZ", "ReadOnlyManager Class"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.WatchDog]
       "(Default)"="REG_SZ", "WatchDog Class"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scxyLib.WFPController]
       "(Default)"="REG_SZ", "WFPController Class"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ABC5B680-35F1-42E6-BAD8-E0DF5545C957}\1.0]
       "(Default)"="REG_SZ", "scxy 1.0 Type Library"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ABC5B680-35F1-42E6-BAD8-E0DF5545C957}\1.0\0\win32]
       "(Default)"="REG_SZ", "C:\Program Files\System-Checker\Files\scxy.tlb"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ABC5B680-35F1-42E6-BAD8-E0DF5545C957}\1.0\FLAGS]
       "(Default)"="REG_SZ", "0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ABC5B680-35F1-42E6-BAD8-E0DF5545C957}\1.0\HELPDIR]
       "(Default)"="REG_SZ", "C:\Program Files\System-Checker\Files"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\System-Checker.exe]
       "(Default)"="REG_SZ", "C:\Program Files\System-Checker\System-Checker.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System-Checker]
       "DisplayIcon"="REG_SZ", "C:\Program Files\System-Checker\System-Checker.exe"
       "DisplayName"="REG_SZ", "System-Checker"
       "DisplayVersion"="REG_SZ", "0.5"
       "Publisher"="REG_SZ", "System-Checker"
       "UninstallString"="REG_SZ", "C:\Program Files\System-Checker\uninst.exe"
       "URLInfoAbout"="REG_SZ", "http://www.system-checker.com"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\scxy]
       "(Default)"="REG_SZ", "service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\scxy]
       "DependOnService"="REG_MULTI_SZ, "RPCSS "
       "DisplayName"="REG_SZ", "scxy"
       "ErrorControl"="REG_DWORD", 1
       "FailureActions"="REG_BINARY, ......................
       "ImagePath"="REG_EXPAND_SZ, "C:\Program Files\System-Checker\Files\scxy.exe"
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\syschkrm]
       "Description"="REG_SZ", "System checker Monitor"
       "DisplayName"="REG_SZ", "System checker Monitor"
       "ErrorControl"="REG_DWORD", 1
       "ImagePath"="REG_EXPAND_SZ, "C:\Program Files\System-Checker\syschkrm.exe"
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\syschkrs]
       "Description"="REG_SZ", "System checker Service"
       "DisplayName"="REG_SZ", "System checker Service"
       "ErrorControl"="REG_DWORD", 1
       "ImagePath"="REG_EXPAND_SZ, "C:\Program Files\System-Checker\syschkrs.exe"
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16
Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/1/2015
Scan Time: 4:14:55 PM
Logfile: mbamSystemChecker.txt
Administrator: Yes

Version: 2.01.0.1004
Malware Database: v2015.05.01.03
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Malwarebytes

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 287453
Time Elapsed: 4 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 3
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scxy.exe, 3408, Delete-on-Reboot, [88efcdc1e4a6ba7c3fead2787d899070]
PUP.Optional.SystemChecker.A, C:\Program Files\System-Checker\syschkrm.exe, 2980, Delete-on-Reboot, [690ec1cd206a9b9b3607e2e7996a37c9]
PUP.Optional.SystemChecker.A, C:\Program Files\System-Checker\syschkrs.exe, 3956, Delete-on-Reboot, [9ed9eaa4dfab91a547f7ba0feb18dd23]

Modules: 12
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\scxy.dll, Delete-on-Reboot, [2a4dc1cd4347ad89eeb39ab70af823dd], 
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\scxy.dll, Delete-on-Reboot, [2a4dc1cd4347ad89eeb39ab70af823dd], 
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\scxy.dll, Delete-on-Reboot, [2a4dc1cd4347ad89eeb39ab70af823dd], 
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\scxy.dll, Delete-on-Reboot, [2a4dc1cd4347ad89eeb39ab70af823dd], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\certsc.dll, Delete-on-Reboot, [df986d2131593df9ef3ab99115f1c53b], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\freebl3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\libnspr4.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\libplc4.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\libplds4.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\nss3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\nssutil3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\smime3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], 

Registry Keys: 19
PUP.Optional.Winsock.HijackBoot, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\scxy, Quarantined, [88efcdc1e4a6ba7c3fead2787d899070], 
PUP.Optional.SystemChecker.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSCHKRM, Quarantined, [690ec1cd206a9b9b3607e2e7996a37c9], 
PUP.Optional.SystemChecker.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSCHKRS, Quarantined, [9ed9eaa4dfab91a547f7ba0feb18dd23], 
PUP.Optional.SystemChecker.A, HKCU\SOFTWARE\System-Checker, Quarantined, [5b1c7b134d3d1b1b6fca9237dd26da26], 
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\System-Checker, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\TYPELIB\{ABC5B680-35F1-42E6-BAD8-E0DF5545C957}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{04C7D782-D896-4B7C-8216-5A7AE5DC7736}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{31AA0616-1339-48A7-9AC1-6129D6B4A1FE}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{5C37FA58-CD9E-42FD-B395-FDA1A84C4369}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{7787831C-551E-4FF5-9C6A-A5684183EB3F}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{9DAD1C60-3749-44D6-86B6-A5F5C573C350}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{A6EE8EFB-0085-4B8A-871F-96DF2BC0D180}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{AD8140BF-6355-4051-A0B1-2E69C0FF765C}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2572374-DE97-4360-8F70-C7C4B281EA9E}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{B4D03774-A43E-4A12-94F2-2AEF5AC4E945}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{D3FC56E7-BB9F-4281-B8BE-5CFF5F65C1DC}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{D7D7E6DA-A99C-4E09-BDCC-4509E669A95C}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{EDA21FDA-6107-43FA-A938-959955ADF842}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, HKLM\SOFTWARE\CLASSES\INTERFACE\{FCF8D7AC-579A-4023-94C9-F15342FACBBA}, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 

Registry Values: 3
PUP.Optional.SystemChecker.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SCXY|ImagePath, C:\Program Files\System-Checker\Files\scxy.exe, Quarantined, [0374e9a55139f93d79c3d1f8c63d21df]
PUP.Optional.SystemChecker.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSCHKRM|ImagePath, C:\Program Files\System-Checker\syschkrm.exe, Quarantined, [690ec1cd206a9b9b3607e2e7996a37c9]
PUP.Optional.SystemChecker.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSCHKRS|ImagePath, C:\Program Files\System-Checker\syschkrs.exe, Quarantined, [9ed9eaa4dfab91a547f7ba0feb18dd23]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], 

Files: 33
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\scxy.dll, Delete-on-Reboot, [2a4dc1cd4347ad89eeb39ab70af823dd], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scxy.exe, Delete-on-Reboot, [88efcdc1e4a6ba7c3fead2787d899070], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\certsc.dll, Delete-on-Reboot, [df986d2131593df9ef3ab99115f1c53b], 
PUP.Optional.SystemCheck.A, C:\Users\{username}\Desktop\SystemChecker.exe, Quarantined, [37402965b1d95bdb425ec190b74b19e7], 
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\29xyOff.ini, Quarantined, [d99e0a84731756e0ef505b6e0003e818], 
PUP.Optional.SystemChecker.A, C:\Program Files\System-Checker\syschkrm.exe, Delete-on-Reboot, [690ec1cd206a9b9b3607e2e7996a37c9], 
PUP.Optional.SystemChecker.A, C:\Program Files\System-Checker\syschkrs.exe, Delete-on-Reboot, [9ed9eaa4dfab91a547f7ba0feb18dd23], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\syschkr.dat, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\System-Checker.exe, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\System-Checker.exe.config, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\uninst.exe, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\freebl3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\libnspr4.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\libplc4.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\libplds4.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\nss3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\nssckbi.dll, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\nssdbm3.dll, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\nssutil3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scfp.sys, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scfp64.sys, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scfpi.exe, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scjrt.sys, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scsp.exe, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scsp.ini, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scsp64.exe, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scxy.dll, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scxy.tlb, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\scxy64.dll, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\smime3.dll, Delete-on-Reboot, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\softokn3.dll, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\sqlite3.dll, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 
PUP.Optional.Winsock.HijackBoot, C:\Program Files\System-Checker\Files\ssl3.dll, Quarantined, [a1d61f6f9cee2016081ecffa6c97ad53], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements

Back to Malware Removal Guides and Tutorials


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Malware Removal Guides and Tutorials

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.