How to remove System Care Antivirus virus (Removal Guide)

116 thoughts on “How to remove System Care Antivirus virus (Removal Guide)”

1. Excellent instructions. Safe and easy. Thanks a million <3

2. Thank you. Great job. Smashed the virus out.

3. I followed the directions to a T and they worked perfectly!!!!! A BIG THUMBS UP!!!!!! Thank you for all the help. When I am finished can I delete the programs downloaded or leave them on my machine?

4. Hello ,
   Can you please run a scan with Combofix and post the logs here so that I can get an idea on what’s going on:

   You can download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

   VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop

   Close any open browsers.

   Very Important!!!> Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.

   WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

   Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

   If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

   1. Double click on ComboFix.exe & follow the prompts.

   2. Accept the disclaimer and allow to update if it asks

   3. When finished, it shall produce a log for you.

   Notes:

   Do not mouse-click Combofix’s window while it is running. That may cause it to stall.

   Do not “re-run” Combofix. If you have a problem, reply back for further instructions.

   If after the reboot you get errors about programs being marked for deletion then reboot, that will cure it.

   Please post the Combofix, so that I can get an idea on what’s going on.
   Next, please run a scan with HitmanPro and Malwarebytes, then let me know how is your computer running.

5. Hello,
   Lets run a scan with these tools:
   STEP 1: Run a scan with ESET Online Scanner

   1.Download ESET Online Scanner utility.

   ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

   2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).

   3.Check Yes, I accept the Terms of Use, then click the Start button.

   4.Check Scan archives and push the Start button.

   5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

   6. When the scan completes, click on the Finish button.

   STEP 2: Run a scan with Kaspersky Virus Removal Tool:

   1. You can download from Kaspersky Virus Removal Tool from here : http://www.kaspersky.com/antivirus-removal-tool?form=1

   2. Double click the setup file to run it, then follow the onscreen prompts until it is installed

   Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:

   System Memory

   Hidden startup objects

   Disk boot sectors

   Local Disk (C:)

   Also any other drives (Removable that you may have)

   3. Then click on Actions on the left hand side

   4. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked

   5. Click on Automatic Scan, then click the Start Scanning button, to run the scan.

   Stay safe!

6. Hello,
   Make sure that you do not have any other programs opened when Chameleon is running, and check for the Malwarebytes Anti-Malware window on your desktop.
   Please try again to start Malwarebytes in Chameleon Mode, and if you will still have issues, then I’ll reply you with additional instructions.

7. It says running mbam please wait and never continue forward I have waited for it for more than 10 minutes now

8. Hello Paco,
   Make sure that you do not have any other programs opened when Chameleon is running, and check for the Malwarebytes Anti-Malware window on your desktop.
   Please try again to start Malwarebytes in Chameleon Mode, and if you will still have issues, then I’ll reply you with additional instructions.

9. Hello,
   Yes, you can delete those left over icons, and just to be on the safe side, please run a scan with the following utilities:
   STEP 1: Run a scan with ESET Online Scanner

   1.Download ESET Online Scanner utility.

   ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

   2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).

   3.Check Yes, I accept the Terms of Use, then click the Start button.

   4.Check Scan archives and push the Start button.

   5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

   6. When the scan completes, click on the Finish button.

   STEP 2: Run a scan with Kaspersky Virus Removal Tool:

   1. You can download from Kaspersky Virus Removal Tool from here : http://www.kaspersky.com/antivirus-removal-tool?form=1

   2. Double click the setup file to run it, then follow the onscreen prompts until it is installed

   Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:

   System Memory

   Hidden startup objects

   Disk boot sectors

   Local Disk (C:)

   Also any other drives (Removable that you may have)

   3. Then click on Actions on the left hand side

   4. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked

   5. Click on Automatic Scan, then click the Start Scanning button, to run the scan.

   Stay safe!

10. Thank you!

11. thank u … it is work well..

12. Hello,
    Lets run these scans:

    STEP 1: Run a scan with ESET Rogue Application Remover

    1. Download the ESET Rogue Application Remover by clicking the appropriate link for your system version below

    For 32-bit (x86) – http://download.eset.com/special/ERARemover_x86.exe

    For 64-bit (x64) – http://download.eset.com/special/ERARemover_x64.exe

    2.Save the file to your Desktop. When the download completes, navigate to the file, right-click it and select Run as administrator.

    3.Click Accept to accept the End-User License Agreement (EULA).

    4. Please be patience while this utility scans for malware, then press any key on your keyboard to exit the tool.

    STEP 2: Run a scan with Kaspersky Virus Removal Tool:

    1. You can download from Kaspersky Virus Removal Tool from here : http://www.kaspersky.com/antivirus-removal-tool?form=1

    2. Double click the setup file to run it, then follow the onscreen prompts until it is installed

    Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:

    System Memory

    Hidden startup objects

    Disk boot sectors

    Local Disk (C:)

    Also any other drives (Removable that you may have)

    3. Then click on Actions on the left hand side

    4. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked

    5. Click on Automatic Scan, then click the Start Scanning button, to run the scan.

    STEP 3: Run a scan with ESET Online Scanner

    1.Download ESET Online Scanner utility.

    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).

    3.Check Yes, I accept the Terms of Use, then click the Start button.

    4.Check Scan archives and push the Start button.

    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    6. When the scan completes, click on the Finish button.

    Next please run scan with Malwarebytes Anti-Malware, HitmanPro and RogueKiller. Waiting your reply to see how everything is going.

    Stay safe!

13. Hello Emily,
    Yes, you can try to perform these scans in Windows regular mode, it should work.
    Stay safe!

14. If I do all these steps besides safe mode will it work? I can’t get my computer to work In safe mode.

15. Stelian, a mayor tumbs up for your detailed explanations. I shared this site on facebook, but I would like to recommend your site to people with autism on a site I’m building. For starters it will be in Dutch, but I hope to go global one day.
    Thanks to this I’m back to my normal routines in the morning. Didn’t think I could recover my laptop in just 1 day. So thanks a million.

16. Hello Steve,
    This infection does not have keylogging capabilities, and should not damage your machine. Do not buy this fake antivirus, and remove this infection as soon as possible.

    Stay safe!

17. Hello Syed,
    Lets run these scans:

    STEP 1: Run a scan with ESET Rogue Application Remover

    1. Download the ESET Rogue Application Remover by clicking the appropriate link for your system version below

    For 32-bit (x86) – http://download.eset.com/special/ERARemover_x86.exe

    For 64-bit (x64) – http://download.eset.com/special/ERARemover_x64.exe

    2.Save the file to your Desktop. When the download completes, navigate to the file, right-click it and select Run as administrator.

    3.Click Accept to accept the End-User License Agreement (EULA).

    4. Please be patience while this utility scans for malware, then press any key on your keyboard to exit the tool.

    STEP 2: Run a scan with Kaspersky Virus Removal Tool:

    1. You can download from Kaspersky Virus Removal Tool from here : http://www.kaspersky.com/antivirus-removal-tool?form=1

    2. Double click the setup file to run it, then follow the onscreen prompts until it is installed

    Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:

    System Memory

    Hidden startup objects

    Disk boot sectors

    Local Disk (C:)

    Also any other drives (Removable that you may have)

    3. Then click on Actions on the left hand side

    4. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked

    5. Click on Automatic Scan, then click the Start Scanning button, to run the scan.

    STEP 3: Run a scan with ESET Online Scanner

    1.Download ESET Online Scanner utility.

    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).

    3.Check Yes, I accept the Terms of Use, then click the Start button.

    4.Check Scan archives and push the Start button.

    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    6. When the scan completes, click on the Finish button.

    Next please run scan with Malwarebytes Anti-Malware, HitmanPro and RogueKiller. Waiting your reply to see how everything is going.

    Stay safe!

18. Thanks so much!

19. Thank you very much for this detailed guide.
    After my first reboot “system care antivirus” showed up again and i had to close it using task manager that this time worked like a charm. All the best. From Russia with Love.

20. Brilliant. I am now back in action. Many thanks.

21. Hello Dave,
    Malwarebytes Anti-Malware and HitmanPro are both good on-demand scanners, so I would suggest that you keep them installed, and perform regular scan with them.
    The other tools can be uninstalled/deleted from your computer.
    To remove Combofix please follow this instructions:
    1.Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
    2.In the Run box, type in ComboFix /Uninstall (Notice the space between the “x” and “/”) then click OK
    3.Follow the prompts on the screen
    4.A message should appear confirming that ComboFix was uninstalled.

    Delete the following folders: (If they exist)
    C:ComboFix
    C:Qoobox

    Stay safe! :)

22. Hello Sherry,
    You’ve got a pretty nasty infection on this machine. It’s a ZeroAccess rootkit which has corrupted your Windows Defender settings.
    To remove this infection, please follow the instructions from this guide: http://malwaretips.com/blogs/file-contained-a-virus-and-was-deleted-removal/

    Stay safe!

23. Hello,

    Please run these two tools:

    STEP 1: Run a scan with AdwCleaner

    1. Download AdwCleaner from here: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

    2.Close all open programs and internet browsers.

    3.Double click on adwcleaner.exe to run the tool.

    4.Click on Delete,then confirm each time with Ok.

    STEP 2: Run a scan with Junkware Removal Tool

    1.Download Junkware Removal Tool to your desktop from the below link:

    JUNKWARE REMOVAL TOOL : http://thisisudax.org/download…

    2. Double-click on the JRT.exe icon to start this utility.

    3. The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system’s specifications

    Next run a scan with ESET Online Scanner and Kaspersky Virus Removal Tool as seen in my previous reply.

    Then please clean out your System Restore point as seen here: http://windows.microsoft.com/en-us/windows7/delete-a-restore-point

    Stay safe!

24. Hello Dave,
    You can post it here, and I’ll take a look.
    Or better yet, you can post the log into our Malware Removal Assistance forum.. there we can focus better on the malware remova process, if it will need more steps: http://malwaretips.com/Forum-Malware-Removal-Assistance

    Your choice! Stay safe!:D

25. Hi Stelian and thanks, the Combofix log is quite big, how should I post this onto the site? Can it be emailed to you as it seems to have info about our computer on it? In the mean time, we’re going to run the scans with HitmanPro and Malwarebytes.

26. Hello Sarfi,
    Hello here is a guide which should help you – http://malwaretips.com/blogs/windows-8-safe-mode-with-networking/

    Did you try to run Malwarebytes Chameleon in Windows regular mode, in many cases there is no need for Safe Mode with Networking.

    Another good solution is to manually disable this infection, and scan with the tools recommend in this guide:
    1. First of all, go to your Desktop and right click the System Care Antivirus.lnk shortcut file and select Properties.

    2.Select Shortcut tab. Find the location of System Care Antivirus executable file (target location). It should be a randomly named file. Simply click the Open file location button.
    If you cannot see the folder, you may need to enable Show hidden files and folders as seen here: http://blogs.msdn.com/b/zxue/archive/2012/03/08/win8-howto-19-show-hidden-files-folders-and-drives.aspx

    3. Browser to the executable file. Rename it, for instance to 123.exe. Restart your computer.

    4. Scan your computer with Malwarebytes, RogueKiller and HitmanPro.

27. Hello Dave,
    Can you please run a scan with Combofix and post the logs here so that I can get an idea on what’s going on:

    You can download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop

    Close any open browsers.

    Very Important!!!> Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.

    WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

    Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

    If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    1. Double click on ComboFix.exe & follow the prompts.

    2. Accept the disclaimer and allow to update if it asks

    3. When finished, it shall produce a log for you.

    Notes:

    Do not mouse-click Combofix’s window while it is running. That may cause it to stall.

    Do not “re-run” Combofix. If you have a problem, reply back for further instructions.

    If after the reboot you get errors about programs being marked for deletion then reboot, that will cure it.

    Please post the Combofix, so that I can get an idea on what’s going on.
    Next, please run a scan with HitmanPro and Malwarebytes, then let me know how is your computer running.

28. Hello Tony,
    Good luck, and stay safe! If you need any help…. I’m here!:)

29. Thanks a lot for this thorough guide. I tried many others before but couldn’t get rid of SystemCare until I got to your page. I gladly make a donation.

30. Hello Forrest,
    Can you please try to download Rkill and run this program, then go ahead and perform the Malawrebytes scan.
    You can download Rkill from the below link: http://www.bleepingcomputer.com/download/rkill/

    When at the download page, click on the Download Now button labeled iExplore.exe download link. When you are prompted where to save it, please save it on your desktop.
    Once it is downloaded, double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with this infection.
    . If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by System Care Antivirus when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again.

    Good luck!

31. Hello,
    Lets try to run these two scans:

    STEP 1: Run a scan with ESET Online Scanner

    1.Download ESET Online Scanner utility.

    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).

    3.Check Yes, I accept the Terms of Use, then click the Start button.

    4.Check Scan archives and push the Start button.

    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    6. When the scan completes, click on the Finish button.

    STEP 2: Run a scan with Kaspersky Virus Removal Tool:

    1. You can download from Kaspersky Virus Removal Tool from here : http://www.kaspersky.com/antivirus-removal-tool?form=1

    2. Double click the setup file to run it, then follow the onscreen prompts until it is installed

    Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:

    System Memory

    Hidden startup objects

    Disk boot sectors

    Local Disk (C:)

    Also any other drives (Removable that you may have)

    3. Then click on Actions on the left hand side

    4. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked

    5. Click on Automatic Scan, then click the Start Scanning button, to run the scan.

    Then run again a scan with HitmanPro and RogueKiller as see on this guide.

    Good luck!

32. Hey! Greetings from Venezuela. Thanks for the help, everything is easy, fast and free.

33. Thank you so much – one of the most helpful sites of this kind I’ve ever found. I will definitely share and recommend. Could you offer the possibility to donate via PayPal? I’m generally willing to donate money for helpful free software etc., and have done so in the past, but I don’t like paying with credit cards. I think a lot of people might be more likely to do it if they could do so with a simple click via PayPal. Just an idea… Thanks again, and keep up the good work!

34. Hello Minnie,

    Lets try to run these two scans:

    STEP 1: Run a scan with ESET Online Scanner

    1.Download ESET Online Scanner utility.

    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).

    3.Check Yes, I accept the Terms of Use, then click the Start button.

    4.Check Scan archives and push the Start button.

    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    6. When the scan completes, click on the Finish button.

    STEP 2: Run a scan with Kaspersky Virus Removal Tool:

    1. You can download from Kaspersky Virus Removal Tool from here : http://www.kaspersky.com/antivirus-removal-tool?form=1

    2. Double click the setup file to run it, then follow the onscreen prompts until it is installed

    Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:

    System Memory

    Hidden startup objects

    Disk boot sectors

    Local Disk (C:)

    Also any other drives (Removable that you may have)

    3. Then click on Actions on the left hand side

    4. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked

    5. Click on Automatic Scan, then click the Start Scanning button, to run the scan.

    Then run again a scan with HitmanPro, and if it will detect any traces of malware, save the log and post it back here so that I can take a look.
    Then, we will manually remove any left over file.
    Good luck!

35. Hello! Thank you for the help so far.
    At the moment I have a problem. Hitman Pro has expired for me, i used again your method like 2 months ago and now i cannot use it to remove the virus. Is there any other program that i could use ?

36. I was in the middle of an Online class. While looking for a .vce viewer on CNET, I got System CareD. You saved my puter from a certain re-image. Thx sooo much.

37. Hello Mary,
    That’s strange. Can you please try again to download HitmanPro.
    Here are the direct download links:
    HitmanPro 32-bit: http://dl.surfright.nl/HitmanPro.exe
    HitmanPro 64-bit: http://dl.surfright.nl/HitmanPro_x64.exe

    Next, please run a scan with the following tools:
    STEP 1: Run a scan with ESET Online Scanner
    1.Download ESET Online Scanner utility.
    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3.Check Yes, I accept the Terms of Use, then click the Start button.
    4.Check Scan archives and push the Start button.
    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    6. When the scan completes, click on the Finish button.

    STEP 2: Run a scan with Kaspersky Virus Removal Tool:

    1. You can download from Kaspersky Virus Removal Tool from here : http://www.kaspersky.com/antivirus-removal-tool?form=1
    2. Double click the setup file to run it, then follow the onscreen prompts until it is installed
    Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
    System Memory
    Hidden startup objects
    Disk boot sectors
    Local Disk (C:)
    Also any other drives (Removable that you may have)
    3. Then click on Actions on the left hand side
    4. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
    5. Click on Automatic Scan, then click the Start Scanning button, to run the scan

38. Thank you – worked perfectly, much appreciated

39. Hello Rookie,
    You can press the Windows key + R key to open up the Run command, from there just type iexplore.exe to open Internet Explorer.

    Alternatively, you can try to download Malwarebytes while using Windows regular more. If you cannot open your browser, you can either use the activation code ( AA39754E-715219CE) from this guide or you can right-click on your browser icon and select “Run as Administrator”

    Good luck!

40. Hi Thanks for posting this blog. My computer is infected and I’m trying to follow your instructions. My computer has been restarted in the Safe, networking mode, but my IE icon is gone. I only have the iexplore.lnk How do I get to the next step?

41. Hello,
    That’s strange. :)
    HitmanPro has a free 30 days trial for home users, only those who are using a corporate or business computer will not get the free trial.
    If HitmanPro has detected trojans on your computer, then you still have an infected machine. Lets try to remove this infection:
    STEP 1: Run a scan with Emsisoft Emergency Kit.
    1. Please download the latest official version of Emsisoft Emergency Kit.
    EMSISOFT EMERGENCY KIT DOWNLOAD LINK (This link will open a download page in a new window from where you can download Emsisoft Emergency Kit)
    2. After the download process will finish , you’ll need to unpack EmsisoftEmergencyKit.zip and then double click onEmergencyKitScanner.bat
    3. A pop-up will prompt you to update Emsisoft Emergency Kit , please click the “Yes” button.After the Update process has completed , put the mouse cursor over the “Menu” tab on the left and click-on “Scan PC”.
    4. Select “Smart scan” and click-on the below “SCAN” button.When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects’ button.

    STEP 2: Run a scan with Eset Online Scanner.
    1.Download ESET Online Scanner utility.
    ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).

    3.Check Yes, I accept the Terms of Use, then click the Start button.
    4.Check Scan archives and push the Start button.
    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    When the scan completes, push Finish

    STEP 3: Next please run Junkware Removal Tool

    1.Download Junkware Removal Tool to your desktop from the below link:

    JUNKWARE REMOVAL TOOL:http://thisisudax.org/download…

    2. Double-click on the JRT icon. For Windows Vista, 7 or 8 users, right-click the file and select Run as Administrator.

    3. The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system’s specifications.

    NEXT, run again a scan with HitmanPro. If it will still detect malware on your machine, post the log from this scanner. (you can get the log by clicking on the “save log” button, once the scan is completed)

    Good luck!

42. Hello,
    Cookies are harmless, so your computer should be clean. Do you have any issues at this point?

43. This worked fabulous. Our clients computers are back online and working with no issues.
    As a computer pro I highly recommend this to all with computer issues.
    “-Kernel Popcorn”

44. Tank you very much, it worked and I so happy I didnt lost any Of my doc and works on the PC. You are a hero.

45. God bless u I am so poor and I could not afford to repair my Pc and I found this thank u so much guys I hope everyone who needs this guide finds it :P:P:P

46. Hello Benny,
    Once you have started your computer in Safe Mode, did you run a scan with Rkill and Malwarebytes?

47. Hello,
    Avast Free Antivirus and COMODO Internet Security Free are both great free options, which will provide a high level of security for your computer.
    I do recommend that you read this guide >> http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ < < so that you'll learn how to avoid future infections!
    Anyway ,you should really start a thread in our Security Configuration forum as you need to build a layered security config: http://malwaretips.com/Forum-Security-Configuration-Wizard

48. Hello! So glad you wrote this blog. Hit some bumps. Computer keeps turning off by itself durong Malware Quick Scan. What do I do? Thanks!!!!

49. Hmmm, here is the official page: http://www.eset.com/us/online-scanner/

    You don’t need to buy ESET to perform a scan. Just click on the Run ESET Online Scanner button

50. Great stuff :)

    By the way, ESET didn’t start the scan… just took me to a site to buy. It installed fine and i clicked the free trial but just opened up a webpage

    Cheers,
    Matt

51. Hello Matt,

    I’m currently using COMODO Internet Security, it’s a free and awesome program. However you should always keep in mind that computer security starts with YOU.

    I have written awhile ago, a guide on how to stay safe online. If you have the time, I would suggest that you read it: http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/

52. Hi Stelian

    Fantastic support mate.

    I have been using Avast internet security and this malware got past it because i opened a suspect file in an email (my own fault)

    What would you recommend as good protection for a single ‘work from home’ PC?

    Cheers,
    Matt

53. Hello Steph,
    You have some residual damage from the ZeroAccess rootkit.
    Please run this ESET repair tool: http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

    Then, if you are still experiencing problems, start a thread in our Malware Removal Assistance forum, to check for additional malware: http://malwaretips.com/Forum-Malware-Removal-Assistance

54. Hello Matt,
    That System Care Antivirus icon is just a left over shortcut, and basically it’s harmless, but right-click on it, and select Delete to remove it.

    And for your peace of mind, you can run a scan with ESET Online Scanner:

    1.Download ESET Online Scanner utility.

    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).

    3.Check Yes, I accept the Terms of Use, then click the Start button.

    4.Check Scan archives and push the Start button.

    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    When the scan completes, click on the Finish button.

    Stay safe!

55. Hi Stelian. Great tutorial and a relief that someone has managed to combat these terrible malware.
    My only problem is that i still habe the “System Care Antivirus’ shortcut icon on my desktop. What is the best way to remove this?
    Thanks,
    Matt

56. Hello,
    Those should be just some left over files, which you can delete. However for your peace of mind, you can run a scan with the below tools:
    STEP 1: Run a scan with ESET Online Scanner
    1.Download ESET Online Scanner utility.
    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3.Check Yes, I accept the Terms of Use, then click the Start button.
    4.Check Scan archives and push the Start button.
    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    6. When the scan completes, click on the Finish button.

    STEP 2: Run a scan with Kaspersky Virus Removal Tool:

    1. You can download from Kaspersky Virus Removal Tool from here : http://www.kaspersky.com/antivirus-removal-tool?form=1
    2. Double click the setup file to run it, then follow the onscreen prompts until it is installed
    Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
    System Memory
    Hidden startup objects
    Disk boot sectors
    Local Disk (C:)
    Also any other drives (Removable that you may have)
    3. Then click on Actions on the left hand side
    4. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
    5. Click on Automatic Scan, then click the Start Scanning button, to run the scan

57. Hello,

    Most likely you have a ZeroAccess rootkit on your computer.

    Can you please run a scan with Combofix and post the logs here so that I can get an idea on what’s going on:

    You can download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop

    Close any open browsers.

    Very Important!!!> Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.

    WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

    Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

    If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    1. Double click on ComboFix.exe & follow the prompts.

    2. Accept the disclaimer and allow to update if it asks

    3. When finished, it shall produce a log for you.

    Notes:

    Do not mouse-click Combofix’s window while it is running. That may cause it to stall.

    Do not “re-run” Combofix. If you have a problem, reply back for further instructions.

    If after the reboot you get errors about programs being marked for deletion then reboot, that will cure it.

58. Lets run the below scans:
    Run a scan with RogueKiller
    1. Please download the latest official version of RogueKiller.
    RogueKiller Download Link : http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
    2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.
    3. After the scan has completed, press the Delete button to remove any malicious registry keys.
    Run a scan with ESET Online Scanner
    1.Download ESET Online Scanner utility.
    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3.Check Yes, I accept the Terms of Use, then click the Start button.
    4.Check Scan archives and push the Start button.
    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    6. When the scan completes, click on the Finish button.

59. Hello Mandie,

    The scans time depend on the size of your hard drive, and on the specs of your machine. Usually a quick scan it should not take more than 10-15 minutes, but with an infected computer, you never know.

    Lets run these two scans, to remove check for any other malware that may be present on your computer:
    Run a scan with RogueKiller
    1. Please download the latest official version of RogueKiller.
    RogueKiller Download Link : http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
    2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.
    3. After the scan has completed, press the Delete button to remove any malicious registry keys.
    Run a scan with ESET Online Scanner
    1.Download ESET Online Scanner utility.
    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3.Check Yes, I accept the Terms of Use, then click the Start button.
    4.Check Scan archives and push the Start button.
    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    6. When the scan completes, click on the Finish button.

    Waiting for your reply to see if you have managed to remove this infection!

60. Hello Dan,
    It really looks like you have a nasty ZeroAccess rootkit, I would advise you to start a thread in our Malware Removal Assistance : http://malwaretips.com/Forum-Malware-Removal-Assistance : forum, as this infection is quite hard to remove.
    Nevertheless, if you really want to try a quick fix, you can run a scan with RogueKiller:

    1. Please download the latest official version of RogueKiller.
    RogueKiller Download Link : http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

    2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.

    3. After the scan has completed, press the Delete button to remove any malicious registry keys.

    Waiting for your reply to see if you have managed to remove this infection!

61. Hello KK,
    Please close the Malwarebytes Chameleon window, the download RKILL (which will be renamed as iexplore.exe) from here: http://www.bleepingcomputer.com/download/rkill/dl/11/
    This utility will kill all the System Care Antivirus malicious process, so that you’ll be able to perform a scan with Malwarebytes Anti-Malware.
    Run the Malwarebytes scan, then please try to perform a scan with RogueKiller:

    1. Please download the latest official version of RogueKiller.
    RogueKiller Download Link : http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

    2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.

    3. After the scan has completed, press the Delete button to remove any malicious registry keys.

    Waiting for your reply to see if you have managed to remove this infection!

62. Stelian–you saved my biscuits! I gladly make a donation and I hope your business prospers because of your willingness to help people.

63. Huge thanks for being the antidote to the malicious people who create viruses. Your instructions were clear enough for a theatre gal like me to follow without fear of screwing something up, and kind enough to be free! I’m so grateful. Cheers,
    Katie

64. Hello Grant,
    Can you please run a scan with Combofix and post the logs here so that I can get an idea on what’s going on:

    You can download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.
    ComboFix must be renamed before you download to your Desktop

    Close any open browsers.

    Very Important!!!> Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.

    WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

    Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

    If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    1. Double click on ComboFix.exe & follow the prompts.

    2. Accept the disclaimer and allow to update if it asks

    3. When finished, it shall produce a log for you.

    Notes:

    Do not mouse-click Combofix’s window while it is running. That may cause it to stall.

    Do not “re-run” Combofix. If you have a problem, reply back for further instructions.

    If after the reboot you get errors about programs being marked for deletion then reboot, that will cure it.

65. Hello Jn,
    Even if you “uninstall” System Care Antivirus, the malicious files would still be on your computer. I do recommend that you run all the scan, so that all the removal malicious files are removed! Stay safe! :D

66. wao..thanx for given guideline…..thnk you so much

67. Hello,
    Is this the same computer that got infected? What software or drivers did you recently installed? What’s the error code on the BSOD?

68. Hello,
    Yes, email spam is a one way in which victims are infected with this rogue software. Basically, you’ll receive an email which looks like being from DHL, FedEX or a similar company, stating that attached to this email is a summary report for your order. Of course, there is no order, and the attachment is just an infected file.

    Stay safe! :)

69. THANK YOU SO MUCH STELIAN, I JUST KNOW THE BASICS I THINK I HAVE THIS TROJAN FROM AN EMAIL! WHAT DO YOU THINK?THANK YOU GOD BLESS YOU!IRO FROM GREECE

70. Yes, System Care Antivirus 3.7.33 is basically the same infection as the previous builds. Just follow the steps from this guide, and if you need any help, you just ask! :)
    Good luck!

71. Will this work on 3.7.33 also?

72. Hello Ben,
    Did you run the HitmanPro scan as see in the guide?
    Can you please try to perform a scan with RogueKiller:

    1. Please download the latest official version of RogueKiller.

    RogueKiller Download Link : http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

    2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.

    3. After the scan has completed, press the Delete button to remove any malicious registry keys.

    Waiting for your reply to see if you have managed to remove this infection! Good luck!

73. Hi I have ran the malwarebytes program twice but the system care antivirus thing pops up after awhile. Any idea how to solve this issue?

74. Great! if you ever need any help with malware related issues, we are always here!
    Stay safe!

75. Hello Laura,
    Avast Free Antivirus and COMODO Internet Security Free are both great free options! If you are looking for a paid program, then ESET Smart Security or Avast Internet Security are good choices.
    I do recommend that you read this guide >> http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ < < so that you'll learn how to avoid future infections!
    Anyway ,you should really start a thread in our Security Configuration forum as you need to build a layered security config: http://malwaretips.com/Forum-Security-Configuration-Wizard

76. It worked! Thank you!!

77. Thanks, I’m in the process of stage 2.
    What program should I download to protect myself from further viruses entering my computer? I had AVG and it stopped working, so I’ve been using Avira – but that didn’t seem to save me!

78. Hello,

    Can you please download RKILL (renamed as iexplore or Winlogon) : http://www.bleepingcomputer.com/download/rkill/

    Run this program to kill the malicious process, then after Rkill will display the removal log, download Malwarebytes and HitmanPro and run a scan.

79. When i download hitman, it give me the same message, it downloads then immediately deletes the new program. I have started it in safe mode and entered the temporary activation key!

80. Hello Grant,
    Can you please try to start HitmanPro in ForceBreach Mode?

    To start HitmanPro in Force Breach mode, hold down the left CTRL key when you start HitmanPro and all non-essential processes are terminated, including the malware process: http://www.youtube.com/watch?v=m6eRWTv2STk

    Then, please try to perform a scan with RogueKiller:

    STEP 1: Run a scan with RogueKiller

    1. Please download the latest official version of RogueKiller.
    RogueKiller Download Link : http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

    2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.

    3. After the scan has completed, press the Delete button to remove any malicious registry keys.

    Waiting for your reply to see if you have managed to remove this infection!

81. Hello, I have tried to download malwarebytes chameleon and the download from bleepingcomputer.com in safe networking mode and the virus deletes it and will not let it install?

82. I did all 3 steps and my computer is CLEAN!!!!! THANK YOU SO MUCH YOUR HE BEST!!!

83. Hello Leslie,

    Yes, if you performed all the steps from this guide, your computer should now be clean. That System Care Antivirus icon is just a left over files, and basically it’s harmless, but right-click on it, and select Delete to remove it.

    And for your peace of mind, you can run a scan with ESET Online Scanner:

    1.Download ESET Online Scanner utility.

    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).

    3.Check Yes, I accept the Terms of Use, then click the Start button.

    4.Check Scan archives and push the Start button.

    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    When the scan completes, click on the Finish button.

84. I still have a System Care Antivirus icon on my desktop. Will this go away if the problem is really gone?

85. I used hitman pro to remove system care antivirus, and it solved my issues in 8min16s. Thank you

86. Worked great. Straight and to the point. Thank you, sir.

87. Thanks! You’ve been very helpful to me. ^^

88. Hello Eli,
    Yes, Malwarebytes Anti-Malware Free will scan your files and folders, as well as the Windows registry. You should have a Malwarebytes Anti-Malware log on your desktop, in which you can view what this program has removed from your computer.
    Stay safe! :)

89. Thank you! It really worked out for me! I have a question: If you remove the System Care Antivirus by using, for example, the Malwarebytes Anti-Malware software, does it deletes the Malware from the Windows Registry (regedit) too? In case there was something there.

90. This infection was very nasty. I have visited 3 other websites before finding your guide.
    Thank you so much Stelian!:D

91. Thank you!! It worked perfectly!! Thank you!!!!!!!!!

92. Hello James,

    You most likely have a ZeroAccess rootkit on this machine. Can you please try to start HitmanPro in ForceBreach Mode?

    To start HitmanPro in Force Breach mode, hold down the left CTRL key when you start HitmanPro and all non-essential processes are terminated, including the malware process: http://www.youtube.com/watch?v=m6eRWTv2STk

    Then, please try to perform a scan with RogueKiller:

    STEP 1: Run a scan with RogueKiller

    1. Please download the latest official version of RogueKiller.
    RogueKiller Download Link : http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

    2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.

    3. After the scan has completed, press the Delete button to remove any malicious registry keys.

93. I cant get to the safe mode. I pressed and held and tapped the f8 button but it wont let me go to that page. So i cant download anything. Any thoughts? Thanks

94. Hello Mark,

    Malwarebytes Chameleon, it’s an utility which makes the installation of Malwarebytes Anti-Malware Free on infected computer much more easier.

    Malwarebytes Anti-Malware Free (the scanner that we have used to remove this infection), is a free on-demand scanner which will NOT run in real-time (will not protect your computer from malware), but it can be used whenever you want to check and remove malware. I do recommend that you keep this product installed on your computer, and perform weekly malware scans.

    Malwarebytes Anti-Malware PRO, is a paid product which will add real-time protection to your computer. The benefit of purchasing the consumer PRO license is the advantage of scheduled updating and scanning plus the security of our RealTime Protection Module. The realtime protection module uses the advanced heuristic scanning technology which monitors your system to keep it safe and secure by blocking unwanted downloads or executable files from running.

    Another important feature is our malicious website blocking, meaning that sites known to be malicious will not load on your system thereby avoiding a potential malware infestation.

    The PRO version also updates its database incrementally, meaning downloading updates will use far less bandwidth over your internet connection and take much less time to complete.

    Hopefully, I made some sense! Stay safe!

95. Hello John,

    You most likely have a ZeroAccess rootkit on this machine. Can you please try to start HitmanPro in ForceBreach Mode?

    To start HitmanPro in Force Breach mode, hold down the left CTRL key when you start HitmanPro and all non-essential processes are terminated, including the malware process: http://www.youtube.com/watch?v=m6eRWTv2STk

    Then, please try to perform a scan with RogueKiller:

    STEP 1: Run a scan with RogueKiller

    1. Please download the latest official version of RogueKiller.
    RogueKiller Download Link : http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

    2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.

    3. After the scan has completed, press the Delete button to remove any malicious registry keys.

96. Please try to start your computer in Safe Mode with Networking, and perform the Malwarebytes scan, as seen in this guide: http://malwaretips.com/blogs/remove-system-care-antivirus-virus/

    In addition, to make the malware removal process easier, you can use this System Care Antivirus Activation code: AA39754E-715219CE .

    Waiting for your reply. Stay safe!

97. Keeps blocking download saying programs are virus deleted

98. Thanks, worked great. This blog was the first up on my Google search, I visited two others before returning to yours and following the steps. Once again, thanks.

99. Hello David,

    Please try to start your computer in Safe Mode with Networking, and perform the Malwarebytes scan, as seen in this guide: http://malwaretips.com/blogs/remove-system-care-antivirus-virus/

    In addition, to make the malware removal process easier, you can use this System Care Antivirus Activation code: AA39754E-715219CE .

    Waiting for your reply. Stay safe!

100. ok thanks for your advice :)

101. Hello,
     Malwarebytes is a very powerful scanner, and can remove this infection by itself.
     However, for your peace of mind, I would advise you to run the other scans. The HitmanPro and Emsisoft scan will not take more than 10 minutes each to complete.
     Stay safe!

102. I got infected with this last night – have only done step 1 above & PC seems to be working fine now – do I need to do steps 2 & 3 as well?

103. Really good stuff! Seems like Step 1 did it – so far !

104. this was so easy and so great! I was trapped until I found this site. I was barely able to get online and it tried to block me every time I tried to get to this site. It even said google chrome was a virus. Thank-you for getting me out of the trap!!!!

105. thanks boss :)

106. Thank you very much!

107. HitmanPro removed System care Antivirus in safe mode. It worked

108. Thank you. Great job…….kudos.

109. Thanks…almost fell for it.nearly paid

110. thank you! one of my co-workers didn’t bother putting any anti-virus on their PC and got stuck with this junk! easy guide to follow and got things going again.

     thanks again!

111. Massive thanks! You saved me a lit of time, money and insanity. Really good of you to do this.

112. Thank you!

113. WOW! All I can say is thank you!!

114. Thanks for the info. To the point and easy to follow steps. Able to have full control again over my pc (yes even with my limited skills) with no more outside interference from malware. Glad to have guys out there to assist when asked, and give the correct relevant information. Good job Stelian.

115. Awesome! Thanks very much!

116. Thank you!!:D