When one of many fake hard drive defragmenters attacks a computer it starts to brainwash users with its various bogus system errors. It would not seize to tell about memory, hard drive and GPU problems. Nothing reported by this malware tool should be treated as serious by you. The program simply tries to convince you that your computer has so many bugs that you need to buy the full version of this fake system optimizer in order to have all those alleged errors repaired. However, purchasing the registered or commercial version of this bogus system tool is a totally useless experience on user’s part. Such programs are not able to fix real (serious) bugs.
System Check virus is the example of the above-mentioned fake HDD tool. When it gets installed successfully to the infected computer it amends the registry in order to be launched automatically each time you launch Windows. This is done without your consent, approval or authorization, just as the very installation of this malady. You would not be able to actually uninstall this malicious software via Control Panel so easily as you are used to with other programs that are legitimate. This cannot be the case with System Check and other similar pests. Once launched, it would give you various reports about system errors. Below is the example of such fake bug notice:
GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system failure
If you see this notification to be originated by System Check virus and similar malwares, no doubt, they must be ignored. Do you remember what we told you in the first paragraph? This program tries to scare you into purchasing its commercial version, which is as useless as the trial one. Moreover, it does create the serious problem for your computer. The virus hides all your data and relocates them to other places that are also hidden. This is also done to scare users and to prompt them into purchasing the hoax, after it promises to fix all fake errors. Stay away from effecting the payment for System Check bogus system optimizer. Ignore its fake message about your GPU RAM temperature being critically high. Your PC does not need any urgent RAM memory optimization to prevent system failure. What you need is to remove the virus naming itself as System Check (or similar threat). For this purpose please follow these removal instructions with detailed description of all the necessary steps of virus removal process. Finally, pay attention to this guide to recover your missing or hidden data after malware persistency on your computer. Install the powerful anti-virus software that would be able to protect you from such malwares and their attacks.
Screenshot of fake error presented by malware:
GPU RAM temperature is critically high
List of fake HDD virus files:
- %CommonAppData%\~[random]
- %CommonAppData%\~[random]
- %CommonAppData%\[random]
- %CommonAppData%\[random].exe
- %AppData%\Microsoft\Internet Explorer\Quick Launch\[Fake HDD name].lnk
- %Desktop%\[Fake HDD name].lnk
- %StartMenu%\Programs\[Fake HDD name]\
- %StartMenu%\Programs\[Fake HDD name]\[Fake HDD name].lnk
- %StartMenu%\Programs\[Fake HDD name]\Uninstall [Fake HDD name].lnk
- %Temp%\smtmp\
- %Temp%\smtmp\1
- %Temp%\smtmp\1
- %Temp%\smtmp\2
- %Temp%\smtmp\3
- %Temp%\smtmp\4
List of fake HDD virus entries:
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘Yes’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoDesktop” = ’1′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]“
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = ’0′
File Location Implications:
%Desktop% implies that the file is located straight on your PC’s desktop. The full and detailed location is C:\DOCUMENTS AND SETTINGS\Current User\Desktop\ for Windows 2000/XP, and C:\Users\Current User\Desktop\ for Windows Vista and Windows 7.
%Temp% stands for the Windows Temp folder. By default, it has the location C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\Current User\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\Current User\AppData\Local\Temp for Windows Vista and Windows 7.
%AppData% means the current users Application Data folder. By default, it has the location C:\Documents and Settings\Current User\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\Current User\AppData\Roaming.
%StartMenu% stands for the Windows Start Menu. For Windows 95/98/ME the location is C:\windows\start menu\, for Windows XP, Vista, NT, 2000 and 2003 it stands for C:\Documents and Settings\Current User\Start Menu\, and for Windows Vista/7 it is C:\Users\Current User\AppData\Roaming\Microsoft\Windows\Start Menu.
%CommonAppData% means the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it has the location C:\Documents and Settings\All Users\Application Data\, and for Windows Vista/7 it is C:\ProgramData.
