Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Care virus - how to remove?


  • Please log in to reply
7 replies to this topic

#1 UniJay83

UniJay83

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 30 August 2016 - 12:17 PM

OS is Win 7. Malware is called System Care by globalpcworks.com

 

Unfortunately a very computer-unsavvy friend accidentally clicked on a fake download link and installed this maltware rather than the legitimate link I sent to him (partly my fault I guess - even if the program is called something completely different...). Now "System Care" has installed and obviously is pretending to be a legitimate anti-virus software with alerts.

 

I've ran MWB in both normal and safe mode and it removed various PUP threats in normal mode but didn't pick up anything in safe mode. I didn't even think to run AVG and haven't had time so far, I will get back onto this tomorrow. The program still remains after the MWB removals.

 

When I click Uninstall program on System Care a pop up window appears in the centre of the screen asking to either upgrade the service or 'No, uninstall'. The uninstall button does nothing when clicked. Not only that but the pop up window permanently stays in the centre of the screen, it cannot be closed and can't be ended as a process, only a restart removes it. It pops up each time an uninstall is attempted.

 

At the moment the program does not seem to be preventing me from downloading or running anti-virus or anti-malware software, but I guess that will be a matter of time. Currently I can't even uninstall it.

 

Sorry if this is in the wrong forum. Any ideas would be appreciated. I only have a lower-moderate grasp of computers myself.



BC AdBot (Login to Remove)

 


#2 Kuszotke

Kuszotke

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 30 August 2016 - 02:25 PM

Uninstall this piece of badword with Revo Uninstaller.



#3 UniJay83

UniJay83
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 31 August 2016 - 05:24 AM

Uninstall this piece of badword with Revo Uninstaller.

I've given this a try but unfortunately when I try to uninstall using the software it creates the same pop up window and won't let me progress any further. Very annoying.

 

AVG Premium found nothing.



#4 UniJay83

UniJay83
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 31 August 2016 - 05:53 AM

OK I said I was a bit slow myself - ending the process again once the pop up window appeared got rid of it, allowing me to uninstall the malware program. I have just deleted the bolded registry items and leftover files and folders. I'll run MWB again in safe mode to ensure it has finally gone.



#5 UniJay83

UniJay83
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 31 August 2016 - 06:18 AM

Latest is that I thought I had successfully uninstalled the malware. MWB found nothing, thought all was ok. Restarted, started Chrome back up and it was unresponsive, black screen. Seconds later a new "System Care" desktop icon appeared and it had installed itself again.

 

Any ideas?


Edited by UniJay83, 31 August 2016 - 06:19 AM.


#6 kaljukass

kaljukass

  • Banned
  • 291 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 31 August 2016 - 07:20 AM

This is well known malware, now You must find all files and folders, what are made. Any antivirus or malware software will not help You. The best way is look by data, when it was modified or created. Usually they make folders in %ProgramData%, %LocalAppData% and %AppData%, but may be also other places and the files and folders may be hidden.

Changes can also be in the registry.


Edited by kaljukass, 31 August 2016 - 07:23 AM.


#7 UniJay83

UniJay83
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 31 August 2016 - 07:33 AM

I ended up checking ALL items listed in Revo Uninstaller and removing, and also ran ADWCleaner which found even more. Additionally I searched for more files with associated names but it didn't find any additional results.

 

Not had the malware return since, fingers crossed.



#8 Kuszotke

Kuszotke

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 01 September 2016 - 02:46 PM

Hope we helped and the issue won't come back. Consider using software like Malwarebytes Anti-exploit, Stinger (RealProtect), simply a good av (i'd recommend 360 Total Security, it informs me every time a program wants to do suspicious stuff, for example create start-up items, edit the registry etc.) or just be more careful next time!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users