Have you contracted the “System Care Antivirus” virus that asks for reg key / registration code? A window opens right after startup and says you’ve got all sorts of viruses that need cleaning up. It won’t let you run any programs like MSE in normal mode and says that every webpage you go to is a security risk. Can’t remove “System Care Antivirus” rogue anti-spyware program from Windows 7 and Windows 8?
What is “System Care Antivirus”? How to Remove?
The Fake “System Care Antivirus” virus is a new malware attack that acts as a legitimate anti-virus program and tricks the user into purchasing a “license” for this fake anti-virus software. As soon as this virus becomes installed on the PC it will pop up a message that looks exactly like a real virus warning message. Not like the police virus, it won’t lock your computer, but “System Care Antivirus” Rogue Anti-Spyware (looks like AVASoft Professional Antivirus) appears to be performing a live scan on the PC and will then display a detailed list of Trojans, malwares, and spywares that it is detected on the computer. The threats appear to be serious and they are all classified as very dangerous, leaving the computer extremely vulnerable. Then, the user is greeted with a message saying that the license must be purchased in order for the anti-virus software to remove all of the threats.
Some PC users will catch on that it is a fake program and see that the Fake “System Care Antivirus” virus has attacked them, but some individuals will think that it is real and pay the fee. If this is the case, then it is important to immediately contact the credit card company and file a chargeback and also make sure that the card is cancelled and a new number issued. Since the hackers have the payment details it can result in future credit card fraud.
If a user does submit his or her credit card information thinking that they are activating the full version of the virus removal software the warning messages will not stop. The only way to make it stop and to return the PC to full operation is to remove all of the virus files. This must be done manually to ensure that they are all removed. Leaving just one infected file behind can result in serious problems down the road. You can read below to learn how to fully remove the “System Care Antivirus” Virus from your computer and regain full control of the PC.
Notice: Cannot stop this program from popping up constantly? Contact YooSecurity Online PC Expert right away for some assistance if you don’t know how to remove “SystemCare Antivirus” rogue program. Manual removal will be suggested here as it’s guaranteed on a complete removal (advanced computers skills required).
“System Care Antivirus” Rogue Screenshot
Warning! The site you are trying to visit may harm your computer!
System Care Antivirus Warning! 38 infections found
System Care Antivirus Firewall has blocked a program from accessing the internet
How Did I Get The “SystemCareAntivirus” Rogue Anti-spyware?
So, where does this attack stem from? The majority of computer users pick it up by visiting malicious websites. As soon as the user picks up the virus it starts to unpack and install within the system. The hackers target file sharing sites because of the large amount of traffic that these sites receive as well as the fact that most users on these sites will freely click on links without fearing or even thinking about a possible virus attack. They can hide the Fake “System Care Antivirus” virus within download files, and these include documents, videos, audio, and software.
The warning message stating that the software needs to be registered looks like:
Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.
Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.
Security Monitor: WARNING!
Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk.
To get rid of unwanted spyware and keep your computer safe your need to update your current security software.
Click Yes to download official intrusion detection system (IDS software).
Spyware.IEMonster activity detected. This is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs.
System Care Antivirus Firewall Alert
SystemCare Antivirus Firewall has blocked a program from accessing the Internet.
Internet Explorer Internet Browser is infected with worm SVCHOST.Stealth.Keyloger. This worm is trying to send your credit card details using Internet Explorer Internet Browser to connect to remote host.
System Care Antivirus Warning
Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss.
Click here to block unauthorised modification by removing threats (Recommended)
Your security setting level puts your computer at risk!
Activate System Care Antivirus, and enable safe web surfing (recommended).
Ignore warning and visit that site in the current state (Not recommended)
Warning!
Your PC is still infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details.
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC.
Click here to remove them immediately with “System Care Antivirus”.
Are you seeking on the internet for a better software to uninstall “SystemCare Antivirus” virus? It is believed that this rogue software could disable real antivirus from functioning well. That is why you can’t run any virus removal tools to clean out this malware.
Is There A Good Removal Tool For “System Care Antivirus” Spyware? No!!!
What is the best way to clean out the bullshit from your system as no virus removal tool can delete the rogue software? It seems there is a way to stop the fake alerts from popping up and blocking the computer. Type in the activation code: AA39854W-77213CE and this will stop the alerts, although the virus will remain. It is important that all of the “System Care Antivirus” virus files are removed manually to make sure that the system is completely cleaned out. Follow the manual removal instructions located below in order to get rid of this attack.
Step 1: Try to plug out the internet cable then restart your computer normally. After you can see the desktop, plug in the cable again. If the virus doesn’t pop up, you can continue from step 3. (If it’s wireless connection, turn off/on instead of plugging in/out cable)
Step 2: If you can’t seem to be able to access any applications under regular mode instead of getting this unwanted pop up constantly, please restart the infected computer and put it into Safe mode with Networking before processing step 3. To do this, please keep pressing F8 key before windows launches until you get there shown as below(If your OS is Windows 8, please check here for details).:
Step 3: Press Ctrl+Alt+Del keys to open the Task manager to stop the progress of Fake “System Care Antivirus” Virus. Because the name will be changed fast, it will be displayed with different names with random letters.
Step 4: Delete all the files related to “System Care Antivirus” malware from registry editor and other places.
%AppData%\Programs\[]”rnd”
%AllUsersProfile%\Application Data\””
%AllUsersProfile%\Application Data\””[]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[rnd].exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “rnd”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell “”
Step 5: After you are done in searching for the registry items, the next step you need to do is to reboot your personal computer back to regular mode. This is the time where you can already use your computer free from “System Care Antivirus” rogue software. Once you notice that there are still some registry entries related to malware that haven’t been detected, this is also the time you need to do the entire process all over again.
Video Guide to Remove “SystemCare Antivirus” Fake AV From Registry Editor
Please bear in mind:
The virus will display the message and fake virus search results each time the computer is turned on. While there isn’t a way to make it fully go away without removing “System Care Antivirus” virus, there is a way to stop the pop up from being displayed over and over. If the following registration key is typed in it will stop the fake alerts from popping up: 0W000-000B0-00T00-E0020. This does NOT remove the virus, it only stops the fake warning form continuously opposing up, giving you the chance to remove the virus files completely.
The only way to be certain that the virus is removed in full is to perform a manual removal. This involves searching through each directory and folder to make sure that there are not any files linked to the Fake “SystemCareAntivirus” virus. Detailed removal instructions can be found above that will guide you through the complete removal of “System Care Antivirus” virus. Take your time to make sure that it is done correctly in order to avoid any future issues.
Special Tips: Failed to get rid of “SystemCare Antivirus” virus completely from your computer? To avoid damaging your computer, please contact YooSecurity experts 24/7 online in time for professional assistance.
Published by Tony Shepherd & last updated on April 9, 2013 5:15 pm
Leave a Reply
You must be logged in to post a comment.