Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trying to remove System Check


  • This topic is locked This topic is locked
4 replies to this topic

#1 KoaMogu

KoaMogu

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 26 January 2012 - 07:41 PM

I'm trying to remove System Check from my friend's PC (Windows Vista 32bit).
With following removal directions of this site, I already did these things, but still PC works bad, can't update Malwarebytes and redirected to different site when use browser...

On Safe mode with network
1) run rkill -> detected c:\windows\system32\comime.exe
2) run tdsskiller -> detected and cured c:\windows\system32\DRIVERS\i8042prt.sys (virus.win32.ZAccess.k)
Rebooted on normal mode
-> can't connect internet
Rebooted on Safe mode with network
3) run rkill -> detected c:\windows\system32\comime.exe
4) run tdsskiller -> no detection
5) installed Malwarebytes -> can't update
6) run Malwarebytes with 12/24/2011 database -> detected and removed 5 files (of Rogue.FakeAlert, Adware.Agent, Adware.Seekmo, Adware.Agent, Trojan.Agent)
Rebooted on Safe mode with network
-> can't update Malwarebytes
Start preparation for help
7) installed and run defogger -> HKCU\~\Run values & HKLM\~\Run values retrieved
8) run dds -> black screen flashed very quickly but no result file was shown
9) run gmer -> stopped working and automatically closed

I don't know how to ask help now, but I hope the above information would help some...

BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:11 PM

Posted 29 January 2012 - 01:16 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Do you still need help? If so, I must inform you about one of the infections you've found:

Backdoor warning

I hate to give you bad news, but one or more of the identified infections is a backdoor trojan - Zero Access Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has probably been killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 KoaMogu

KoaMogu
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 29 January 2012 - 04:56 PM

Hello Casey_boy, thank you for your comment!

And thank you for your sincere advise. I completely understand how potencially dangerous this computer is still even if we can fix backdoor functionality at once...
I don't want my friend to risk his personal and financial critical information at any reason. We definitely should avoid it.
So I'll recommend him (no, have him) to back up his data and format HDD and do clean installation of windows.
I can help him to do clean installation and restoration data and settings, that would be happier for me than struggling with this dangerous computer any more.

Again, thank you for your comment and always trying to help people in need. I really appreciate you guys' contribution!!

#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:11 PM

Posted 29 January 2012 - 06:20 PM

OK :)

I'll close this topc now then. Best of luck with the reformat and reinstallation.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:11 PM

Posted 29 January 2012 - 06:20 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users