How to remove System Care Antivirus virus (Removal Guide)

Photo of author

Written by: Stelian

Published on:

System Care Antivirus  is a computer virus (Rogue.WinWebSec), which pretends to be a legitimate security program and claims that malware has been detected on your computer. If you try to remove these infections, System Care Antivirus will state that you need to buy its full version before being able to do so.
[Image: System Care Antivirus virus]

System Care Antivirus targets users browsing Internet websites, and rely on social engineering to deliver its payload. This infection is promoted through web sites that have been hacked with scripts that try to install the software by exploiting vulnerabilities on your computer. It is also promoted through Trojans that pretend to be legitimate programs that are required to view an online video, but instead install the infection.

Once installed, System Care Antivirus will display fake security alerts that are designed to think that your data is at risk or that your computer is severely infected.These messages may include:

Security Monitor: WARNING!
Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk.
To get rid of unwanted spyware and keep your computer safe your need to update your current security software.
Click Yes to download official intrusion detection system (IDS software).

Spyware.IEMonster activity detected. This is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs.
Click here to remove it immediately with System Care Antivirus.

System Care Antivirus Firewall Alert
System Care Antivirus Firewall has blocked a program from accessing the Internet.
Internet Explorer Internet Browser is infected with worm SVCHOST.Stealth.Keyloger. This worm is trying to send your credit card details using Internet Explorer Internet Browser to connect to remote host.

System Care Antivirus Warning
Your PC is still infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid theft of your credit card details.
Click here to activate protection.

System Care Antivirus Warning
Your PC is still infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid theft of your credit card details.

Warning: Your computer is infected
Detected spyware infection!
Click this message to install the last update of security software…

System Care Antivirus Warning
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC.
Click here to remove them immediately with System Care Antivirus.

In reality, none of the reported issues are real, and are only used to scare you into buying System Care Antivirus and stealing your personal financial information.

As part of its self-defense mechanism, System Care Antivirus has disabled the Windows system utilities, including the Windows  Task Manager and Registry Editor, and will block you from running certain programs that could lead to its removal.
This rogue antivirus has also modified your Windows files associations, and now whenever you are trying to open a program, System Care Antivirus will block this operation and display a bogus notification in which will report that the file is infected.

Warning!
Application cannot be executed. The file taskmgr.exe infected.
Please activate your antivirus software.

If your computer is infected with System Care Antivirus virus, then you are seeing the following screens:
[Image: System Care Antivirus 3.7.32 virus]

[Image: System Care Antivirus Firewall Alert]

[Image: System Care Antivirus Warning]
System Care Antivirus is a scam, and you should ignore any alerts that this malicious software might generate.
Under no circumstance should you buy System Care Antivirus as this could lead to identity theft, and if you have, you should contact your bank and dispute the charge stating that the program is a scam and a computer virus.

Registration codes for System Care Antivirus
As an optional step,you can use any of the following license keys to register System Care Antivirus and stop the fake alerts.
System Care Antivirus Activation code: AA39754E-715219CE
Please keep in mind that entering the above registration code will NOT remove System Care Antivirus from your computer , instead it will just stop the fake alerts so that you’ll be able to complete our removal guide more easily.

System Care Antivirus – Virus Removal Guide

This page is a comprehensive guide, which will remove the System Care Antivirus infection from your your computer. Please perform all the steps in the correct order. If you have any questions or doubt at any point, STOP and ask for our assistance.
STEP 1: Start your computer in Safe Mode with Networking
STEP 2: Remove System Care Antivirus virus with Malwarebytes Anti-Malware Free
STEP 3: Remove System Care Antivirus rootkit with RogueKiller
STEP 4:  Remove System Care Antivirus infection with HitmanPro

STEP 1 : Start your computer in Safe Mode with Networking

  1. Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
  2. When the computer starts you will see your computer’s hardware being listed. When you see this information start to gently tap the F8 key repeatedly until you are presented with the Windows XP, Vista or 7 Advanced Boot Options.
    [Image: F8 key]
    If you are using Windows 8, press the Windows key + C, and then click Settings. Click Power, hold down Shift on your keyboard and click Restart, then click on Troubleshoot and select Advanced options. In the Advanced Options screen, select Startup Settings, then click on Restart.
  3. If you are using Windows XP, Vista or 7 in the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.
    [Image: Safemode.jpg]\
    If you are using Windows 8, press 5  on your keyboard to Enable Safe Mode with Networking.
    Windows will start in Safe Mode with Networking.

STEP 2: Remove System Care Antivirus virus with Malwarebytes Anti-Malware FREE

The Malwarebytes Chameleon utility will allow us to install and run a scan with Malwarebytes Anti-Malware Free without being blocked by System Care Antivirus.

  1. Right click on your browser icon, and select Run As or Run as Administrator. This should allow your browser to open so that we can then download Malwarebytes Chameleon.
    [Image: Starting web browse on infected computer]
    If you’ll see a “Warning! The site you are trying visit may harm your computer!” message in your web browser window, you can safely click on the Ignore warnings and visit that site in the current state (not recommended) link, because this a bogus alert from System Care Antivirus.
  2. Download Malwarebytes Chameleon  from the below link, and extract it to a folder in a convenient location.
    MALWAREBYTES CHAMELEON DOWNLOAD LINK  (This link will open a new web page from where you can download Malwarebytes Chameleon)
    [Image: Extract Malwarebytes Chameleon utility]
  3. Make certain that your infected computer is connected to the internet and then open the Malwarebytes Chameleon folder, and double-click on the svchost.exe file.
    [Image: Double click on svchost.exe]
    IF Malwarebytes Anti-Malware will not start, double-click on the other renamed files until you find one will work, which will be indicated by a black DOS/command prompt window.
  4. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you.
    Malwarebytes Chameleon press key
  5. Once it has done this, it will update Malwarebytes Anti-Malware, and you’ll need to click OK when it says that the database was updated successfully.
    Malwarebytes Chameleon updating its database
  6. Malwarebytes Anti-Malware will now attempt to kill all the malicious process associated with System Care Antivirus.Please keep in mind that this process can take up to 10 minutes, so please be patient.
    Malwarebytes Chameleon killing malware
  7. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan for System Care Antivirus malicious files as shown below.
    [Image: Malwarebytes Anti-Malware scanning for System Care Antivirus]
  8. Upon completion of the scan, click on Show Result
    [Image: Malwarebytes Anti-Malware scan results]
  9. You will now be presented with a screen showing you the malware infections that Malwarebytes Anti-Malware has detected.
    Make sure that everything is Checked (ticked),then click on the Remove Selected button.
    [Image:Malwarebytes removing virus]
  10. After your computer will start in Windows regular mode, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats

STEP 3: Remove System Care Antivirus rootkit with RogueKiller

RogueKiller is a utility that will scan for the System Care Antivirus rootkit, registry keys and any other malicious files on your computer.

  1. You can download the latest official version of RogueKiller from the below link.
    ROGUEKILLER DOWNLOAD LINK (This link will automatically download RogueKiller on your computer)
  2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds,  then click on the Scan button to perform a system scan.
    [Image: RogueKiller scaning for System Care Antivirus virus]
  3. After the scan has completed, press the Delete button to remove System Care Antivirus malicious registry keys or files.
    [Image: RogueKiller Detele button]

STEP 4: Remove System Care Antivirus infection with HitmanPro

HitmanPro is a cloud on-demand scanner, which will scan your computer with 5 antivirus engines (Emsisoft, Bitdefender, Dr. Web, G-Data and Ikarus) for the System Care Antivirus infection.

  1. You can download HitmanPro from the below link:
    HITMANPRO DOWNLOAD LINK (This link will open a web page from where you can download HitmanPro)
  2. Double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows). When the program starts you will be presented with the start screen as shown below.
    HitmanPro scanner
    Click on the Next button, to install HitmanPro on your computer.
    HitmanPro installation
  3. HitmanPro will now begin to scan your computer for System Care Antivirus trojan.
    HitmanPro detecting for System Care Antivirus virus
  4. When it has finished it will display a list of all the malware that the program found as shown in the image below. Click on the Next button, to remove System Care Antivirus virus.
    HitmanPro scan results
  5. Click on the Activate free license button to begin the free 30 days trial, and remove all the malicious files from your computer.
    [Image: HitmanPro 30 days activation button]

Your computer should now be free of the System Care Antivirus infection. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes Anti-Malware to protect against these types of threats in the future, and perform regular computer scans with HitmanPro.
If you are still experiencing problems while trying to remove System Care Antivirus from your machine, please start a new thread in our Malware Removal Assistance forum.

10 Rules to Avoid Online Scams

Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.

  1. Stop and verify before you click, log in, download, or pay.

    warning sign

    Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).

    If you already clicked: close the page, do not enter passwords, and run a malware scan.

  2. Keep your operating system, browser, and apps updated.

    updates guide

    Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.

    If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.

  3. Use layered protection: antivirus plus an ad blocker.

    shield guide

    Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.

    If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.

  4. Install apps, software, and extensions only from official sources.

    install guide

    Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.

    If you already installed something suspicious: uninstall it, restart, and scan again.

  5. Treat links and attachments as untrusted by default.

    cursor sign

    Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.

    If you entered credentials: change the password immediately and enable 2FA.

  6. Shop safely: research the store, then pay with protection.

    trojan horse

    Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.

    If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.

  7. Crypto rule: never pay a “fee” to withdraw or recover money.

    lock sign

    Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.

    If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.

  8. Secure your accounts with unique passwords and 2FA (start with email).

    lock sign

    Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.

    If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.

  9. Back up important files and keep one backup offline.

    backup sign

    Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.

    If you suspect infection: do not connect backup drives until the system is clean.

  10. If you think you are a victim: stop losses, document evidence, and escalate fast.

    warning sign

    Move quickly. Speed matters for disputes, account recovery, and limiting damage.

    • Stop payments and contact: do not send more money or respond to the scammer.
    • Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
    • Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
    • Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
    • Scan your device: remove suspicious apps or extensions, then run a full malware scan.
    • Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
    • Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.

These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.

116 thoughts on “How to remove System Care Antivirus virus (Removal Guide)”

  3. I followed the directions to a T and they worked perfectly!!!!! A BIG THUMBS UP!!!!!! Thank you for all the help. When I am finished can I delete the programs downloaded or leave them on my machine?

  4. Hello ,
    Can you please run a scan with Combofix and post the logs here so that I can get an idea on what’s going on:

    You can download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop

    Close any open browsers.

    Very Important!!!> Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.

    WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

    Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

    If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    1. Double click on ComboFix.exe & follow the prompts.

    2. Accept the disclaimer and allow to update if it asks

    3. When finished, it shall produce a log for you.

    Notes:

    Do not mouse-click Combofix’s window while it is running. That may cause it to stall.

    Do not “re-run” Combofix. If you have a problem, reply back for further instructions.

    If after the reboot you get errors about programs being marked for deletion then reboot, that will cure it.

    Please post the Combofix, so that I can get an idea on what’s going on.
    Next, please run a scan with HitmanPro and Malwarebytes, then let me know how is your computer running.

  5. Hello,
    Lets run a scan with these tools:
    STEP 1: Run a scan with ESET Online Scanner

    1.Download ESET Online Scanner utility.

    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).

    3.Check Yes, I accept the Terms of Use, then click the Start button.

    4.Check Scan archives and push the Start button.

    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    6. When the scan completes, click on the Finish button.

    STEP 2: Run a scan with Kaspersky Virus Removal Tool:

    1. You can download from Kaspersky Virus Removal Tool from here : http://www.kaspersky.com/antivirus-removal-tool?form=1

    2. Double click the setup file to run it, then follow the onscreen prompts until it is installed

    Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:

    System Memory

    Hidden startup objects

    Disk boot sectors

    Local Disk (C:)

    Also any other drives (Removable that you may have)

    3. Then click on Actions on the left hand side

    4. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked

    5. Click on Automatic Scan, then click the Start Scanning button, to run the scan.

    Stay safe!

  6. It says running mbam please wait and never continue forward I have waited for it for more than 10 minutes now

    • Hello,
      Make sure that you do not have any other programs opened when Chameleon is running, and check for the Malwarebytes Anti-Malware window on your desktop.
      Please try again to start Malwarebytes in Chameleon Mode, and if you will still have issues, then I’ll reply you with additional instructions.

  7. Hello Paco,
    Make sure that you do not have any other programs opened when Chameleon is running, and check for the Malwarebytes Anti-Malware window on your desktop.
    Please try again to start Malwarebytes in Chameleon Mode, and if you will still have issues, then I’ll reply you with additional instructions.

  8. Hello,
    Yes, you can delete those left over icons, and just to be on the safe side, please run a scan with the following utilities:
    STEP 1: Run a scan with ESET Online Scanner

    1.Download ESET Online Scanner utility.

    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).

    3.Check Yes, I accept the Terms of Use, then click the Start button.

    4.Check Scan archives and push the Start button.

    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    6. When the scan completes, click on the Finish button.

    STEP 2: Run a scan with Kaspersky Virus Removal Tool:

    1. You can download from Kaspersky Virus Removal Tool from here : http://www.kaspersky.com/antivirus-removal-tool?form=1

    2. Double click the setup file to run it, then follow the onscreen prompts until it is installed

    Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:

    System Memory

    Hidden startup objects

    Disk boot sectors

    Local Disk (C:)

    Also any other drives (Removable that you may have)

    3. Then click on Actions on the left hand side

    4. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked

    5. Click on Automatic Scan, then click the Start Scanning button, to run the scan.

    Stay safe!

Comments are closed.

Previous

Remove System Protection “designed to protect” virus (Removal Guide)

Next

Remove FaceSmooch virus (Uninstall Guide)