What is SystemKeeperPro?
The Malwarebytes research team has determined that SystemKeeperPro is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
More information can be found on our Malwarebytes Labs blog.
How do I know if I am infected with SystemKeeperPro?
This is how the main screen of the sytem optimizer looks:
You will find these icons in your taskbar, startmenu, and on your desktop:
and see this warning during install:
and these screens during "operations":
You may see this entry in your list of installed programs:
How did SystemKeeperPro get on my computer?
These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their site.
How do I remove SystemKeeperPro?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
- Then click Finish.
- Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
- If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- No, Malwarebytes' Anti-Malware removes SystemKeeperPro completely.
We hope our application and this guide have helped you eradicate this system optimizer.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the SystemKeeperPro installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
and we block access to their domain:
Technical details for experts
You may see these entries in FRST logs:
() C:\Users\{username}\AppData\Roaming\SystemKeeperPro\SystemKeeperPro.exe
HKCU\...\Run: [SystemKeeperPro] => C:\Users\{username}\AppData\Roaming\SystemKeeperPro\SystemKeeperPro.exe [1615840 2016-08-11] ()
C:\Users\{username}\AppData\Roaming\skp
C:\Users\{username}\AppData\Roaming\SystemKeeperPro
C:\Users\{username}\Desktop\SystemKeeperPro.lnk
C:\Users\{username}\AppData\Roaming\SystemKeeperProUninst
C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SystemKeeperPro
SystemKeeperPro (HKCU\...\{742AFBBD-00FF-4811-B38D-004CF0620922}_is1) (Version: 12.1.0.26 - Monterix, LLC)Alterations made by the installer:File system details [View: All details] (Selection)
---------------------------------------------------
In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
Adds the file SystemKeeperPro.lnk"="12/12/2016 9:15 AM, 1011 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SystemKeeperPro
Adds the file Get Help.url"="11/16/2016 10:10 PM, 64 bytes, A
Adds the file SystemKeeperPro.lnk"="12/12/2016 9:15 AM, 1023 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\skp
Adds the file w3a3sge34sq.txt"="12/12/2016 9:15 AM, 16831 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\SystemKeeperPro
Adds the file aff.txt"="12/9/2016 3:23 PM, 11 bytes, A
Adds the file SystemKeeperPro.exe"="8/11/2016 4:23 PM, 1615840 bytes, A
Adds the file unins000.dat"="12/12/2016 9:15 AM, 52264 bytes, A
Adds the file unins000.exe"="12/12/2016 9:14 AM, 941024 bytes, A
Adds the file unins000.msg"="12/12/2016 9:15 AM, 11229 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\SystemKeeperProUninst
Adds the file botva2.dll"="3/1/2015 7:45 PM, 41984 bytes, HSA
Adds the file CloseBtn.png"="11/17/2016 2:37 PM, 676 bytes, HSA
Adds the file glow.png"="11/17/2016 2:27 PM, 2737 bytes, HSA
Adds the file ico.ico"="11/10/2016 1:45 PM, 1150 bytes, HSA
Adds the file innocallback.dll"="3/31/2006 5:34 PM, 65024 bytes, HSA
Adds the file installer_bg.png"="11/15/2016 2:28 PM, 135019 bytes, HSA
Adds the file ISSkin.dll"="11/4/2009 1:23 PM, 395184 bytes, HSA
Adds the file ProgressBackground.png"="11/15/2016 4:12 PM, 2884 bytes, HSA
Adds the file ProgressImg.png"="11/16/2016 10:29 AM, 2864 bytes, HSA
Adds the file Untitled3.cjstyles"="11/17/2016 2:33 PM, 807936 bytes, HSA
Adds the file wpidmap.dll"="11/25/2016 1:46 PM, 23040 bytes, HSA
In the existing folder C:\Users\{username}\Desktop
Adds the file SystemKeeperPro.lnk"="12/12/2016 9:15 AM, 1031 bytes, A
Registry details [View: All details] (Selection)
------------------------------------------------
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SystemKeeperPro"="REG_SZ", "C:\Users\{username}\AppData\Roaming\SystemKeeperPro\SystemKeeperPro.exe /ot"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{742AFBBD-00FF-4811-B38D-004CF0620922}_is1]
"DisplayIcon"="REG_SZ", "C:\Users\{username}\AppData\Roaming\SystemKeeperPro\unins000.exe"
"DisplayName"="REG_SZ", "SystemKeeperPro"
"DisplayVersion"="REG_SZ", "12.1.0.26"
"EstimatedSize"="REG_DWORD", 3940
"HelpLink"="REG_SZ", "http://www.systemkeeperpro.us/support/"
"Inno Setup: App Path"="REG_SZ", "C:\Users\{username}\AppData\Roaming\SystemKeeperPro"
"Inno Setup: Icon Group"="REG_SZ", "SystemKeeperPro"
"Inno Setup: Language"="REG_SZ", "english"
"Inno Setup: Setup Version"="REG_SZ", "5.5.1.ee1 (a)"
"Inno Setup: User"="REG_SZ", "{username}"
"InstallDate"="REG_SZ", "20161212"
"InstallLocation"="REG_SZ", "C:\Users\{username}\AppData\Roaming\SystemKeeperPro\"
"MajorVersion"="REG_DWORD", 12
"MinorVersion"="REG_DWORD", 1
"NoModify"="REG_DWORD", 1
"NoRepair"="REG_DWORD", 1
"Publisher"="REG_SZ", "Monterix, LLC"
"QuietUninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\SystemKeeperPro\unins000.exe" /SILENT"
"UninstallDataFile"="REG_SZ", "C:\Users\{username}\AppData\Roaming\SystemKeeperPro\unins000.dat"
"UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\SystemKeeperPro\unins000.exe""
"URLInfoAbout"="REG_SZ", "www.systemkeeperpro.us"
[HKEY_CURRENT_USER\Software\SystemKeeperPro]
"Activated"="REG_DWORD", 0
"AutoRun"="REG_DWORD", 1
"BackupDir"="REG_SZ", "Backup\"
"CloseToTray"="REG_DWORD", 1
"DemoFixTriesCnt"="REG_DWORD", 0
"ErrFixed"="REG_DWORD", 0
"ErrFound"="REG_DWORD", 0
"IDLang"="REG_DWORD", 0
"InstallID"="REG_SZ", ""
"LastDemoFixDatei"="REG_BINARY, ....
"LastFixDatei"="REG_BINARY, ....
"LastScanDatei"="REG_BINARY, ....
"LastSuccDemoFixDatei"="REG_BINARY, ....
"LastTrayMsgDatei"="REG_BINARY, ....
"MinAngPrcnt"="REG_BINARY, ....
"PhSuppNum"="REG_SZ", ""
"ProxyHost"="REG_SZ", ""
"ProxyLogin"="REG_SZ", ""
"ProxyPassw"="REG_SZ", ""
"ProxyPort"="REG_SZ", ""
"SerialNum"="REG_SZ", ""
"ShowTrayHints"="REG_DWORD", 1
Malwarebytes Anti-Malware log:Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 12/12/16
Scan Time: 9:24 AM
Logfile: mbamSystemKeeperPro.txt
Administrator: Yes
-Software Information-
Version: 3.0.4.1269
Components Version: 1.0.39
Update Package Version: 1.0.697
License: Premium
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: METALLICA-PC\{username}
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 351017
Time Elapsed: 8 min, 36 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
-Scan Details-
Process: 1
PUP.Optional.SystemKeeperPro, C:\USERS\METALLICA\APPDATA\ROAMING\SYSTEMKEEPERPRO\SYSTEMKEEPERPRO.EXE, Quarantined, [2748], [351883],1.0.697
Module: 1
PUP.Optional.SystemKeeperPro, C:\USERS\METALLICA\APPDATA\ROAMING\SYSTEMKEEPERPRO\SYSTEMKEEPERPRO.EXE, Quarantined, [2748], [351883],1.0.697
Registry Key: 1
PUP.Optional.SystemKeeperPro, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{742AFBBD-00FF-4811-B38D-004CF0620922}_is1, Delete-on-Reboot, [2748], [351883],1.0.697
Registry Value: 1
PUP.Optional.SystemKeeperPro, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SystemKeeperPro, Delete-on-Reboot, [2748], [351883],1.0.697
Data Stream: 0
(No malicious items detected)
Folder: 4
PUP.Optional.SystemKeeperPro, C:\USERS\METALLICA\APPDATA\ROAMING\SystemKeeperPro, Delete-on-Reboot, [2748], [351883],1.0.697
PUP.Optional.SystemKeeperPro, C:\USERS\METALLICA\APPDATA\ROAMING\SystemKeeperProUninst, Delete-on-Reboot, [2748], [351884],1.0.697
PUP.Optional.SystemKeeperPro, C:\USERS\METALLICA\APPDATA\ROAMING\SKP, Delete-on-Reboot, [2748], [351890],1.0.697
PUP.Optional.SystemKeeperPro, C:\USERS\METALLICA\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SYSTEMKEEPERPRO, Delete-on-Reboot, [2748], [351882],1.0.697
File: 23
PUP.Optional.SystemKeeperPro, C:\USERS\METALLICA\APPDATA\ROAMING\SYSTEMKEEPERPRO\SYSTEMKEEPERPRO.EXE, Delete-on-Reboot, [2748], [351883],1.0.697
PUP.Optional.SmartKeeperPro, C:\USERS\METALLICA\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\SYSTEMKEEPERPRO.LNK, Delete-on-Reboot, [2749], [351879],1.0.697
PUP.Optional.SystemKeeperPro, C:\Users\{username}\AppData\Roaming\SystemKeeperPro\aff.txt, Delete-on-Reboot, [2748], [351883],1.0.697
PUP.Optional.SystemKeeperPro, C:\Users\{username}\AppData\Roaming\SystemKeeperPro\rawlog.txt, Delete-on-Reboot, [2748], [351883],1.0.697
PUP.Optional.SystemKeeperPro, C:\Users\{username}\AppData\Roaming\SystemKeeperPro\unins000.dat, Delete-on-Reboot, [2748], [351883],1.0.697
PUP.Optional.SystemKeeperPro, C:\Users\{username}\AppData\Roaming\SystemKeeperPro\unins000.exe, Delete-on-Reboot, [2748], [351883],1.0.697
PUP.Optional.SystemKeeperPro, C:\Users\{username}\AppData\Roaming\SystemKeeperPro\unins000.msg, Delete-on-Reboot, [2748], [351883],1.0.697
PUP.Optional.SystemKeeperPro, C:\Users\{username}\AppData\Roaming\SystemKeeperProUninst\botva2.dll, Delete-on-Reboot, [2748], [351884],1.0.697
PUP.Optional.SystemKeeperPro, C:\Users\{username}\AppData\Roaming\SystemKeeperProUninst\CloseBtn.png, Delete-on-Reboot, [2748], [351884],1.0.697
PUP.Optional.SystemKeeperPro, C:\Users\{username}\AppData\Roaming\SystemKeeperProUninst\glow.png, Delete-on-Reboot, [2748], [351884],1.0.697
PUP.Optional.SystemKeeperPro, C:\Users\{username}\AppData\Roaming\SystemKeeperProUninst\ico.ico, Delete-on-Reboot, [2748], [351884],1.0.697
PUP.Optional.SystemKeeperPro, C:\Users\{username}\AppData\Roaming\SystemKeeperProUninst\innocallback.dll, Delete-on-Reboot, [2748], [351884],1.0.697
PUP.Optional.SystemKeeperPro, C:\Users\{username}\AppData\Roaming\SystemKeeperProUninst\installer_bg.png, Delete-on-Reboot, [2748], [351884],1.0.697
PUP.Optional.SystemKeeperPro, C:\Users\{username}\AppData\Roaming\SystemKeeperProUninst\ISSkin.dll, Delete-on-Reboot, [2748], [351884],1.0.697
PUP.Optional.SystemKeeperPro, C:\Users\{username}\AppData\Roaming\SystemKeeperProUninst\ProgressBackground.png, Delete-on-Reboot, [2748], [351884],1.0.697
PUP.Optional.SystemKeeperPro, C:\Users\{username}\AppData\Roaming\SystemKeeperProUninst\ProgressImg.png, Delete-on-Reboot, [2748], [351884],1.0.697
PUP.Optional.SystemKeeperPro, C:\Users\{username}\AppData\Roaming\SystemKeeperProUninst\Untitled3.cjstyles, Delete-on-Reboot, [2748], [351884],1.0.697
PUP.Optional.SystemKeeperPro, C:\Users\{username}\AppData\Roaming\SystemKeeperProUninst\wpidmap.dll, Delete-on-Reboot, [2748], [351884],1.0.697
PUP.Optional.SystemKeeperPro, C:\USERS\METALLICA\APPDATA\ROAMING\SKP\RAWLIST.DAT, Delete-on-Reboot, [2748], [351890],1.0.697
PUP.Optional.SystemKeeperPro, C:\USERS\METALLICA\DESKTOP\SYSTEMKEEPERPRO.LNK, Delete-on-Reboot, [2748], [351880],1.0.697
PUP.Optional.SystemKeeperPro, C:\USERS\METALLICA\DESKTOP\SYSTEMKEEPERPROINST.EXE, Delete-on-Reboot, [2748], [351887],1.0.697
PUP.Optional.SystemKeeperPro, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SystemKeeperPro\Get Help.url, Delete-on-Reboot, [2748], [351882],1.0.697
PUP.Optional.SystemKeeperPro, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SystemKeeperPro\SystemKeeperPro.lnk, Delete-on-Reboot, [2748], [351882],1.0.697
Physical Sector: 0
(No malicious items detected)
(end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention
Back to top
Sign In
Create Account
