System Scan is the new malware that follows after System Check fake hard drive defragmenter. This is a fake system optimization tool that brings no good news for users of infected PCs. First of all, the very presence of this infection on the computer is the bad news in its very essence. Secondly, the malware would report very many errors to persist on the infected machine. These errors are fake, they are used to scare users into believing that something terrible is going with their computers. The virus then wants to persuade you to buy its licensed version in order to have those fake bugs fixed. Remember that this application is a fake system optimizer and it reports HDD, memory and system errors that aren’t peculiar for your computer. There is nothing to worry about from what the hoax reports to you. What you must be concerned of is the issue of System Scan virus removal. It should be effective and successful, but not many sites tell you how exactly to accomplish this goal. If you continue reading this article you will find out all that you need to get rid of the above-mentioned malware and to restore your missing and hidden files, folders, shortcuts, icons and programs.
As we mentioned previously, when System Scan virus first attacks the computer it gets installed with the feature of executing itself with each PC startup. The window of this malware would come up once you launch your PC. You would also encounter many other windows, popups, warnings and scary notifications of this malware as it runs its fake scan of your system. Below please find the quotes from fake system, HDD and memory errors reported by System Scan virus.
Windows detected a hard disk problem
A potential disk failure may cause loss of files, applications and documents stored on the hard disk. It’s highly recommended to scan and solve HDD problems before continue using this PC.
Critical Error
Hard drive critical error. Start a system diagnostics application to scan your hard disk for errors and performance problems.
Critical Error
Windows OS can’t detect a free hard drive space. Hard drive error
Hard drive clusters are partly damaged. Segment load failure
RAM memory reliability is extremely low. This problem may cause system failure
- Disk drive C:\ is unreadable
- C:\System32\drivers is damaged. This problem may cause a system failure.
- System files are damaged. System is unstable.
- Drive C initializing error
- Hard drive rotational speed decreased by 20%
- Damaged hard drive clusters detected. Private data is at risk. Restore is required
- Hard drive rotational speed exceeds system limits and may cause a system failure
- Hard drive space less than technical limits
- RAM memory speed decreased significantly and may cause a system failure
- RAM Memory temperature is 83ºC. Optimization is required for normal RAM functioning
- GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system failure
- Hard drive does not correspond to system requests
- The problem may cause errors while loading your operating system
- Boot sector of the hard drive is damaged
The primary purpose of the hoax is to convince you to effect the payment for its full version. However, purchasing the registration key for this program would not be the good decision on your part. In this case you will simply waste your money and will not get rid of real problems. Your problem is System Scan virus and the lack of powerful security software, resulting in virus and spyware attacks on your system. Instead of obeying the instructions of malware developers please remove this virus using the legitimate, decent and reputable anti-virus software. Running security program doesn’t recover your files. In order to see your data again please follow these simple but effective manual file recovery instructions.
How to download and run letigimate anti-virus software:
- On your keyboard push “Windows” key and hold it (without releasing). This “Windows” key is to the right of “Ctrl” key in the left part of your keyboard. Then strike “R” key and release them all. In other words, this is called “Win + R” keyboard combination (hotkey).
- In the respective field insert “iexplore.exe”. Press “OK”. This would open Internet Explorer, and so you will be able to download any security software of your choice.
- Save the installer to your desktop and then install it, or install it right away.
- Now run the malware remover and remove all threats detected by it.
Malware modifications brought into the system:
List of System Scan virus files:
- %CommonAppData%\~[random]
- %CommonAppData%\~[random]
- %CommonAppData%\[random]
- %CommonAppData%\[random].exe
- %AppData%\Microsoft\Internet Explorer\Quick Launch\System Scan.lnk
- %Desktop%\System Scan.lnk
- %StartMenu%\Programs\System Scan\
- %StartMenu%\Programs\System Scan\System Scan.lnk
- %StartMenu%\Programs\System Scan\Uninstall System Scan.lnk
- %Temp%\smtmp\
- %Temp%\smtmp\1
- %Temp%\smtmp\1
- %Temp%\smtmp\2
- %Temp%\smtmp\3
- %Temp%\smtmp\4
List of System Scan virus entries:
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘Yes’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoDesktop” = ’1′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]“
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = ’0′
File Location Remarks and Explanations:
%Desktop% implies that the file is located straight on your PC’s desktop. The full and detailed location is C:\DOCUMENTS AND SETTINGS\\Desktop\ for Windows 2000/XP, and C:\Users\ \Desktop\ for Windows Vista and Windows 7.
%Temp% stands for the Windows Temp folder. By default, it has the location C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\ \AppData\Local\Temp for Windows Vista and Windows 7.
%AppData% means the current users Application Data folder. By default, it has the location C:\Documents and Settings\\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\ \AppData\Roaming.
%StartMenu% stands for the Windows Start Menu. For Windows 95/98/ME the location is C:\windows\start menu\, for Windows XP, Vista, NT, 2000 and 2003 it stands for C:\Documents and Settings\\Start Menu\, and for Windows Vista/7 it is C:\Users\ \AppData\Roaming\Microsoft\Windows\Start Menu.
%CommonAppData% means the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it has the location C:\Documents and Settings\All Users\Application Data\, and for Windows Vista/7 it is C:\ProgramData.
