Jump to content
vwl

System Check -- nasty, nasty

Recommended Posts

Somewhere in my perigrinations on the internet, I acquired a vicious malware program called System Check. It may be a relatively new malware program since my various malware and virus checkers didn't catch it or, in the case of Windows Defender and McAfee, eliminated it temporarily.

The symptoms start with System Check starting up immediately upon bootup into Windows 7. Then it gives a number of varying messages about how your hard disk is corrupte, is running hot, etc., etc., and the program offers to fix the problem. The program cannot be deleted or closed down, partly because it disables Task Manager.

The program produces a limited Start menu, with most options not listed. It disables malware utilities, Task Manager, and I think System Restore. It removes the Internet Explorer icon and program listing. I was able to delete the program file from the Program Data directory, but it reemerged with a new name. Really frustrating.

Ultimately, I got onto the internet by typing 'ie' in the "search programs and files area" and downloaded SuperAntiSpyWare, ran it, and System Check was eliminated. I was so grateful to the anti-spyware program that I bought a for-pay version. After System Restore to an earlier version -- maybe it was needed -- I reran the spyware program, and it found another virus-affected file. I don't know if it was another instance of the nasty malware, but it might have been. I'll do a few scans in the next few day to make sure everything stays cleaned up.

Beware the ides of System Check.

Link to comment

I came across that on a client's machine and took the best part of a day to get rid of it. Tried a lot of techniques that didn't work, eventually made a rescue disk from the AVG website and booted the machiine with it. It uses Linux to scan the hard drive, thus ensuring no Windows viruses can be running and defeating the scan. That worked. Malware is becoming cleverer and harder to defeat, which requires that anti-virus software et al is cleverer in turn, which, I suspect, results in slower system performance because the AV resident shield is holding up every disk and memory operation while it checks it. Makes me want to go back to Linux...

Link to comment

Now that we have bootsector virii, even reformatting your hard drive and reinstalling a shiny new copy of windows won't work if you're unlucky enough to have obtained one of these lovely nasties.. The virus lives in the bootsector of your hard drive, the tiny area used to tell your computer where to find the operating system to start booting from. It doesn't get touched by a wipe or reformat. So you can freshly reinstall windows and still have a virus.

You need a special utility (like GMER) to clean one of these out. Or just buy a new hard drive. Or take a flame thrower to your computer and then drive a monster truck over it.

Link to comment

The most common vector these days for most of them is as Trojan Horses. In other words, they're disguised as something else that you think is safe. A lot of them infect your computer when you click on those buttons on various websites that proclaim, "Your computer is infected! Click here to clean!" or some variant. Those aren't virus cleaners. They're viruses. Never, ever, click on anything like this. The only thing you should be using to clean your system is your known and trusted utilities.

The sketchier the website, the more likely they will be rife with these kind of things.

Other common vectors are vulnerabilities in web browsers or email programs. Stay up to date with those programs, and use something known to be fairly trusted, such as firefox, chrome, thunderbird, etc. Or use gmail or something similar for email.

Never open any email attachment from an unknown source. And never open any unexpected attachment from a known source without checking it with your virus checker first, since even trusted sources may, unbeknownst to them, have their computer infected.

Always run your virus checker and keep your definitions up to date, something known to be actually useful such as Security Essentials or Avast, not something expensive and relatively useless such as MacAfee.

Or, just run linux and avoid 99% of all of these issues.

Link to comment

With respect to System Check, I got warnings from Windows Defender and McAfee, I had those programs clean the viruses out, but I didn't immediately reboot. I don't know if that delay was enough to allow the malware to spawn. Maybe somebody who knows more about computers and viruses could answer that question.

I believe my virus checkers have been on constantly.

Link to comment

It's not exactly the delay, but rather many of the nutjobs who write these viruses are sadly very smart people. They hide bits of the virus in other areas, such as your registry or hidden in other benign looking processes. The virus checker will find the "main" part of the virus and delete it, but the other part of the virus will then notice this and immediately put those pieces back. And vice versa--if the other part gets deleted first, then the second part will replace the first part. Or, you can delete the file from the hard drive, but since the process is already running in memory, it will simply write it back.

For these, you need to run a standalone virus checker, where you boot from a CD or USB stick, so windows isn't actually running when you delete them, that way there's no process running to immediately write 'em back.

Seriously though, aside from the odd exception, the best and easiest way to avoid almost all of these things is to stay away from the seedy underside of the internet. There's a reason why many teens' computers are absolutely the most virus filled things in existence---all the porn sites, and they don't know better than not to click on clever, catchy, and colorful looking buttons on websites offering stuff too good to be true due to lack of experience.

Edit: I forgot another common virus vector: If you use questionable peer-to-peer file downloading programs for music or movies and whatnot. Many of these are full of viruses themselves, and many of the things you download on these networks are also full of viruses. If you download stuff like this, use a known safe client written with a GNU license and be careful what you download.

Link to comment

Thanks. I have Security Essentials and Malwarebites Anti-Malware running. I used to use AVG, but it slowed my computer to the point of frustration. I don't use it any longer.

I don't open unwanted email links. I use gmail, and it seems pretty safe.

I don't know what I'd do if my computer suddently crashed and I lost everything I had on it and the backkup systems failed. I guess I'd have to rely on antidepressants. I've seen where I can get a great deal on those in the internet.

C

Link to comment
Or, just run linux and avoid 99% of all of these issues.

It's never too late to switch to the Mac!

I don't know what I'd do if my computer suddently crashed and I lost everything I had on it and the backkup systems failed.

Cole, if you ever have this problem, go to a library or Internet cafe, send me an email, and I'll help out. Trust me, I've helped casual acquaintances to whom I owe a lot less than you! I'd be glad to help out for free.

Sometimes, the best solution to a massive virus attack is just to back everything up, put in a brand-new (cheap) drive, re-install windows, put all the necessary anti-virus/spam/adware tools on it, re-install your applications, and carefully copy over all your data files. We refer to this as "the scorched Earth policy." This will work 100%, and takes half an afternoon at best.

Just make sure you have at least a couple of backups handy. They can save your life, especially in the event of Udder Disaster. Happy-Cow.gif

Link to comment

Backups are all important... we back up all the AwesomeDude website files both those posted and waiting to be posted as well as forums database files after Weekend and Mid-week updates. These backups are kept on the main production PC, another on an external hard drive and finally a USB flash drive which can be put in a backpack and carried out over land if and when the 'Big One' hits Southern California!

Link to comment

Backups are all important... we back up all the AwesomeDude website files both those posted and waiting to be posted as well as forums database files after Weekend and Mid-week updates. These backups are kept on the main production PC, another on an external hard drive and finally a USB flash drive which can be put in a backpack and carried out over land if and when the 'Big One' hits Southern California!

Backups are especially important for anyone who has work on a computer they simply couldn't bear to lose. Like, say, an author. If you care at all about your work, your ideas, your written thoughts, your failed starts, your random notes and observations about the crazyness of life around you, and everything else, you have multiple backups. On another computer, on a usb drive, on a cloud computing server like Dropbox, somewhere, anywhere. Just remember: if your house burns down and all your backups are in that house, it's not really much of a backup.

Link to comment

I have an automatic backup (Genie) that runs every night, creating a differential file that has only what's been added and changed in the past 24 hours. Each month I do a new full backup. I keep the current full backup with it's daily differential files and the prior month's files as well.

I have Malwarebytes (paid version) running on my PC. It seems to trap a lot of crapola, and it auto updates itself several times a day. I also run the latest version of Norton Internet Security. Malwarebytes and Norton coexist without any conflicts. I haven't had any virus or trojan that's gotten through. Yet.

Colin :icon_geek:

Link to comment

I have an automatic backup (Genie) that runs every night, creating a differential file that has only what's been added and changed in the past 24 hours. Each month I do a new full backup. I keep the current full backup with it's daily differential files and the prior month's files as well.

I have Malwarebytes (paid version) running on my PC. It seems to trap a lot of crapola, and it auto updates itself several times a day. I also run the latest version of Norton Internet Security. Malwarebytes and Norton coexist without any conflicts. I haven't had any virus or trojan that's gotten through. Yet.

Colin :icon_geek:

I neglected to mention that my in-house backups are done by FolderClone Pro... but the twice weekly downloads from the site of both the entire site plus database are done manually. Yes, they have earthquakes in Mesa, Arizona where the site servers are located!

For authors... a cloud-based extra backup would be useful... but the size would be impractical for a site the size of AD... unless we had a full 'backup site' located in another state or perhaps country.... hmmmmm

Mike

Link to comment

I have Avast anti virus and find it catches most things. But I periodically check all the drives with Malwarebytes. The reason I use Avast (free version) is because it doesn't slow my computer down like Nortons or AVG does.

One of the things that seems to be not well known is that Malwarebytes will detect invaders better, if you boot Windows into Safe Mode (without network) and run Malwarebytes from there. Several acquaintances have managed to restore their Windows without further problems after I told them to do this. Make sure you do an update for Malwarebytes before running it in Safe mode if possible.

I see that Malwarebytes has a new version available which looks like it addresses new virii.

http://www.malwarebytes.org/products/malwarebytes_free

Link to comment

I came across that on a client's machine and took the best part of a day to get rid of it. Tried a lot of techniques that didn't work, eventually made a rescue disk from the AVG website and booted the machiine with it. It uses Linux to scan the hard drive, thus ensuring no Windows viruses can be running and defeating the scan. That worked. Malware is becoming cleverer and harder to defeat, which requires that anti-virus software et al is cleverer in turn, which, I suspect, results in slower system performance because the AV resident shield is holding up every disk and memory operation while it checks it. Makes me want to go back to Linux...

I agree with he Linux thinking. I switched 3 years ago and am ever so thankful. I love it!

Link to comment

System check and quite a few others get into your system via a Java exploit. You know that little orange icon that tells you a new version of Java is available - the one you always ignore? Yeah, update that and keep it updated. It's one of the most common vectors of infection on your PC.

Java updates are, in my opinion, equally as important as windows update and much easier to ignore. Microsoft will get a report of a vulnerability that Java can exploit and take weeks to patch it. The Java boys patch the exploit often much sooner than Microsoft does, usually making the Microsoft patch irrelevant.

Link to comment

I just got hit by this:

http://www.spywarevoid.com/remove-security-shield-2011-securityshield2011-removal-guide.html

similar to system check. when in normal mode it would not allow me to open any specialty anti-virus or spyware programs, including malmarebytes (sp). microsoft security esentials could not locate the program (it let it in, so not a suprise). the program also would not allow me to open any web browsers.

Ended up rebooting into safe mode with networking enabled. Malwarebytes was able to run, but could not find anything (probably because security shield was not loaded). ended up doing a system restore to 3 days prior. Problem solved....for now.

Link to comment

It actually hit while I was doing a google search for a spare tire kit for my car (new car didn't come with a spare). Pretty boring stuf.

The only downloads I have done recently have been software updates, and I always do those directly from the program.

apparantly the auto spell checker isn't working anymore.....I'll have to remember where that option was.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...