System Fix is a fake disk defragmentation software which acts like your best friend and backstabber at the same time. This software is not the first one of its kind but this rogue family is spreading similar products like System Restore, Windows Repair, System Repair and many others since a long time. All these products have same user interface but a different name. Scammers change rogue product's name regularly to avoid detection from antivirus products.
System Fix advertises itself as a very powerful software and once you install it in your computer, It will take over your computer and force you to purchase full version of System Fix. System Fix virus will hide all the desktop icons as well as all software products from "Programs" menu in your computer. It will also hide all the files on your computer and make you feel like there is no file on your hard disk. If you get worried and buy this software, your money is gone.
This software actually doesn't delete files from your computer but just hides them temporarily. If you buy this software and enter the activation key, It will un-hide all the files once again. However you don't need to buy this software since you can remove it very easily and restore your computer's original functionality. Here is a screen shot of System Fix doing a fake scan and showing bogus results :
System Fix Will show bogus alerts like :
Critical Error
Windows can't find hard disk space. Hard drive error
Critical Error!
Windows was unable to save all the data for the file \System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
System Fix
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Activation Reminder
System Fix Activation
How To Remove System Fix Virus
4. After downloading, install Spyware Doctor and update its virus database. Now do a Full Scan of your computer and Spyware Doctor will automatically identify and remove System fix from your computer. You'll be surprised to know how many threats are living in your computer without out knowledge.
5. Now you need to unhide all the files and change their attributes. To do that, you can use a utility called Unhide which is created by Bleeping Computer. Download Unhide Utility Here.
After removing the threats in Safe Mode, reboot your computer in Normal mode and everything will return back to normal without doing anything else on your part. Video Of System Fix doing a fake scan :
B) Manual removal - Complicated and Risky Way For System Fix Removal
Manual removal is only recommended for people with good computer skills. If you are not well versed with computers, we recommend that you don't take any risk and proceed with automatic removal method. Manual remove method is not as effective as automatic removal method.
Manual removal method doesn't guarantee complete disinfection of the virus and in worst cases, you may even damage your system files with your own hands. If you know how to deal with a rogue like this, follow these steps at your own risk :
Follow these manual removal steps at your own risk :
1. First of all, you need to end active proess of System Fix virus. To do that you can Download Process Explorer or a similar utility.
2. After ending active process of System Fix rogue, now your need to find its executable files and delete them from your computer. System Fix creates random files on your computer and you need to look for suspicious files in these folders :
%AppData%\ldr.ini
%AppData%\<random>\
Don't delete any file from your computer If you don't know what you are doing. One mistake can have serious negative impact on your computer.
3. After removing System Fix files, now you need to edit the registry and remove malicious keys which are running System Fix at startup. To run Registry Editor, Click on Start-->Run, type "regedit" and press OK button. Now remove the right registry entry from this tree :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "<random>"
Now restart your computer and check If System Fix pops-up in your computer. If it does, you might want to follow automatic removal method instead.
System Fix advertises itself as a very powerful software and once you install it in your computer, It will take over your computer and force you to purchase full version of System Fix. System Fix virus will hide all the desktop icons as well as all software products from "Programs" menu in your computer. It will also hide all the files on your computer and make you feel like there is no file on your hard disk. If you get worried and buy this software, your money is gone.
This software actually doesn't delete files from your computer but just hides them temporarily. If you buy this software and enter the activation key, It will un-hide all the files once again. However you don't need to buy this software since you can remove it very easily and restore your computer's original functionality. Here is a screen shot of System Fix doing a fake scan and showing bogus results :
System Fix Will show bogus alerts like :
Critical Error
Windows can't find hard disk space. Hard drive error
Critical Error!
Windows was unable to save all the data for the file \System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
System Fix
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Activation Reminder
System Fix Activation
How To Remove System Fix Virus
You can remove System Fix easily provided you follow the right method. This rogue software hides everything in your computer and If you are not expert with computers, you'll find it very hard to access legitimate programs like your antivirus software and other similar products. We are outlining two removal methods below and you can choose one which fits you best.
A) Automatic Removal - Easiest Method To Remove System FixAs the name implies, this removal method is easiest, safest and most effective method to remove system fix virus from your computer. All you need to is scan your computer and fix the threats. Here is what you need to do to remove System Fix easily :
1. First of all, restart your computer and press "F8" key repeatedly to access Windows Startup Menu.
2. From this menu, please select "Safe Mode With Networking" and press Enter.
3. After booting your computer in Safe Mode with Networking mode, download Spyware Doctor by clicking the button below :
1. First of all, restart your computer and press "F8" key repeatedly to access Windows Startup Menu.
2. From this menu, please select "Safe Mode With Networking" and press Enter.
3. After booting your computer in Safe Mode with Networking mode, download Spyware Doctor by clicking the button below :
5. Now you need to unhide all the files and change their attributes. To do that, you can use a utility called Unhide which is created by Bleeping Computer. Download Unhide Utility Here.
After removing the threats in Safe Mode, reboot your computer in Normal mode and everything will return back to normal without doing anything else on your part. Video Of System Fix doing a fake scan :
B) Manual removal - Complicated and Risky Way For System Fix Removal
Manual removal is only recommended for people with good computer skills. If you are not well versed with computers, we recommend that you don't take any risk and proceed with automatic removal method. Manual remove method is not as effective as automatic removal method.
Manual removal method doesn't guarantee complete disinfection of the virus and in worst cases, you may even damage your system files with your own hands. If you know how to deal with a rogue like this, follow these steps at your own risk :
Follow these manual removal steps at your own risk :
1. First of all, you need to end active proess of System Fix virus. To do that you can Download Process Explorer or a similar utility.
2. After ending active process of System Fix rogue, now your need to find its executable files and delete them from your computer. System Fix creates random files on your computer and you need to look for suspicious files in these folders :
%AppData%\ldr.ini
%AppData%\<random>\
Don't delete any file from your computer If you don't know what you are doing. One mistake can have serious negative impact on your computer.
3. After removing System Fix files, now you need to edit the registry and remove malicious keys which are running System Fix at startup. To run Registry Editor, Click on Start-->Run, type "regedit" and press OK button. Now remove the right registry entry from this tree :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "<random>"
Now restart your computer and check If System Fix pops-up in your computer. If it does, you might want to follow automatic removal method instead.
Thank you for this article. It was useful it letting me know how serious this infection can be.
ReplyDeleteFor what it's worth:
I have a terminal server environment (Windows 2008 R2) with many users logging in as standard users and heavily locked down profiles. I do not allow users to install programs but this little guy did plant himself in the c:\ProgramData folder and a few other folders and files in the user roaming folder.
I did not see any traces of installation in the registry or add/remove programs.
My first step for removal was to stop the process trees running within the user's remote desktop session via Task Manager.
I then found in the programdata folder several files (very random naming but identically named, about 5 or 6 of them, IIRC) that were from the time and date I expected so I deleted them.
A few hours later, I have not seen files or processes return.
/fingers crossed
Yeah, so the thing is, when all your icons are hidden, it's not possible to download that software. I image that most people who read this article are, like me, accessing it from a different computer.
ReplyDeleteThank you, thank you, thank you....
ReplyDeleteI did not use either of these methods to rid myself of the virus - instead rolled back to a known good restoration point.
However, after that I still couldn't see my library files. I tried restoring the folders etc and then I found your unhide.exe. Worked a treat. Many thanks!