How to remove System Care Antivirus virus (Removal Guide)

System Care Antivirus  is a computer virus (Rogue.WinWebSec), which pretends to be a legitimate security program and claims that malware has been detected on your computer. If you try to remove these infections, System Care Antivirus will state that you need to buy its full version before being able to do so.
[Image: System Care Antivirus virus]

System Care Antivirus targets users browsing Internet websites, and rely on social engineering to deliver its payload. This infection is promoted through web sites that have been hacked with scripts that try to install the software by exploiting vulnerabilities on your computer. It is also promoted through Trojans that pretend to be legitimate programs that are required to view an online video, but instead install the infection.

Once installed, System Care Antivirus will display fake security alerts that are designed to think that your data is at risk or that your computer is severely infected.These messages may include:

Security Monitor: WARNING!
Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk.
To get rid of unwanted spyware and keep your computer safe your need to update your current security software.
Click Yes to download official intrusion detection system (IDS software).

Spyware.IEMonster activity detected. This is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs.
Click here to remove it immediately with System Care Antivirus.

System Care Antivirus Firewall Alert
System Care Antivirus Firewall has blocked a program from accessing the Internet.
Internet Explorer Internet Browser is infected with worm SVCHOST.Stealth.Keyloger. This worm is trying to send your credit card details using Internet Explorer Internet Browser to connect to remote host.

System Care Antivirus Warning
Your PC is still infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details.
Click here to activate protection.

System Care Antivirus Warning
Your PC is still infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details.

Warning: Your computer is infected
Detected spyware infection!
Click this message to install the last update of security software…

System Care Antivirus Warning
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC.
Click here to remove them immediately with System Care Antivirus.

In reality, none of the reported issues are real, and are only used to scare you into buying System Care Antivirus and stealing your personal financial information.

As part of its self-defense mechanism, System Care Antivirus has disabled the Windows system utilities, including the Windows  Task Manager and Registry Editor, and will block you from running certain programs that could lead to its removal.
This rogue antivirus has also modified your Windows files associations, and now whenever you are trying to open a program, System Care Antivirus will block this operation and display a bogus notification in which will report that the file is infected.

Warning!
Application cannot be executed. The file taskmgr.exe infected.
Please activate your antivirus software.

If your computer is infected with System Care Antivirus virus, then you are seeing the following screens:
[Image: System Care Antivirus 3.7.32 virus]

[Image: System Care Antivirus Firewall Alert]

[Image: System Care Antivirus Warning]
System Care Antivirus is a scam, and you should ignore any alerts that this malicious software might generate.
Under no circumstance should you buy System Care Antivirus as this could lead to identity theft, and if you have, you should contact your bank and dispute the charge stating that the program is a scam and a computer virus.

Registration codes for System Care Antivirus
As an optional step,you can use any of the following license keys to register System Care Antivirus and stop the fake alerts.
System Care Antivirus Activation code: AA39754E-715219CE
Please keep in mind that entering the above registration code will NOT remove System Care Antivirus from your computer , instead it will just stop the fake alerts so that you’ll be able to complete our removal guide more easily.

System Care Antivirus – Virus Removal Guide

This page is a comprehensive guide, which will remove the System Care Antivirus infection from your your computer. Please perform all the steps in the correct order. If you have any questions or doubt at any point, STOP and ask for our assistance.
STEP 1: Start your computer in Safe Mode with Networking
STEP 2: Remove System Care Antivirus virus with Malwarebytes Anti-Malware Free
STEP 3: Remove System Care Antivirus rootkit with RogueKiller
STEP 4:  Remove System Care Antivirus infection with HitmanPro

STEP 1 : Start your computer in Safe Mode with Networking

  1. Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
  2. When the computer starts you will see your computer’s hardware being listed. When you see this information start to gently tap the F8 key repeatedly until you are presented with the Windows XP, Vista or 7 Advanced Boot Options.
    [Image: F8 key]
    If you are using Windows 8, press the Windows key + C, and then click Settings. Click Power, hold down Shift on your keyboard and click Restart, then click on Troubleshoot and select Advanced options. In the Advanced Options screen, select Startup Settings, then click on Restart.
  3. If you are using Windows XP, Vista or 7 in the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.
    [Image: Safemode.jpg]\
    If you are using Windows 8, press 5  on your keyboard to Enable Safe Mode with Networking.
    Windows will start in Safe Mode with Networking.

STEP 2: Remove System Care Antivirus virus with Malwarebytes Anti-Malware FREE

The Malwarebytes Chameleon utility will allow us to install and run a scan with Malwarebytes Anti-Malware Free without being blocked by System Care Antivirus.

  1. Right click on your browser icon, and select Run As or Run as Administrator. This should allow your browser to open so that we can then download Malwarebytes Chameleon.
    [Image: Starting web browse on infected computer]
    If you’ll see a “Warning! The site you are trying visit may harm your computer!” message in your web browser window, you can safely click on the Ignore warnings and visit that site in the current state (not recommended) link, because this a bogus alert from System Care Antivirus.
  2. Download Malwarebytes Chameleon  from the below link, and extract it to a folder in a convenient location.
    MALWAREBYTES CHAMELEON DOWNLOAD LINK  (This link will open a new web page from where you can download Malwarebytes Chameleon)
    [Image: Extract Malwarebytes Chameleon utility]
  3. Make certain that your infected computer is connected to the internet and then open the Malwarebytes Chameleon folder, and double-click on the svchost.exe file.
    [Image: Double click  on svchost.exe]
    IF Malwarebytes Anti-Malware will not start, double-click on the other renamed files until you find one will work, which will be indicated by a black DOS/command prompt window.
  4. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you.
    Malwarebytes Chameleon press key
  5. Once it has done this, it will update Malwarebytes Anti-Malware, and you’ll need to click OK when it says that the database was updated successfully.
    Malwarebytes Chameleon updating its database
  6. Malwarebytes Anti-Malware will now attempt to kill all the malicious process associated with System Care Antivirus.Please keep in mind that this process can take up to 10 minutes, so please be patient.
    Malwarebytes Chameleon killing malware
  7. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan for System Care Antivirus malicious files as shown below.
    [Image: Malwarebytes Anti-Malware scanning for System Care Antivirus]
  8. Upon completion of the scan, click on Show Result
    [Image: Malwarebytes Anti-Malware scan results]
  9. You will now be presented with a screen showing you the malware infections that Malwarebytes Anti-Malware has detected.
    Make sure that everything is Checked (ticked),then click on the Remove Selected button.
    [Image:Malwarebytes removing virus]
  10. After your computer will start in Windows regular mode, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats

STEP 3: Remove System Care Antivirus rootkit with RogueKiller

RogueKiller is a utility that will scan for the System Care Antivirus rootkit, registry keys and any other malicious files on your computer.

  1. You can download the latest official version of RogueKiller from the below link.
    ROGUEKILLER DOWNLOAD LINK (This link will automatically download RogueKiller on your computer)
  2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds,  then click on the Scan button to perform a system scan.
    [Image: RogueKiller scaning for System Care Antivirus virus]
  3. After the scan has completed, press the Delete button to remove System Care Antivirus malicious registry keys or files.
    [Image: RogueKiller Detele button]

STEP 4: Remove System Care Antivirus infection with HitmanPro

HitmanPro is a cloud on-demand scanner, which will scan your computer with 5 antivirus engines (Emsisoft, Bitdefender, Dr. Web, G-Data and Ikarus) for the System Care Antivirus infection.

  1. You can download HitmanPro from the below link:
    HITMANPRO DOWNLOAD LINK (This link will open a web page from where you can download HitmanPro)
  2. Double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows). When the program starts you will be presented with the start screen as shown below.
    HitmanPro scanner
    Click on the Next button, to install HitmanPro on your computer.
    HitmanPro installation
  3. HitmanPro will now begin to scan your computer for System Care Antivirus trojan.
    HitmanPro detecting for System Care Antivirus virus
  4. When it has finished it will display a list of all the malware that the program found as shown in the image below. Click on the Next button, to remove System Care Antivirus virus.
    HitmanPro scan results
  5. Click on the Activate free license button to begin the free 30 days trial, and remove all the malicious files from your computer.
    [Image: HitmanPro 30 days activation button]

Your computer should now be free of the System Care Antivirus infection. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes Anti-Malware to protect against these types of threats in the future, and perform regular computer scans with HitmanPro.
If you are still experiencing problems while trying to remove System Care Antivirus from your machine, please start a new thread in our Malware Removal Assistance forum.

IT’S YOUR TURN TO HELP!

If we have managed to help you with your computer issues, then it's your duty to let other people know that this article will help them!
You can share this article on Facebook,Twitter or Google Plus by using the below buttons.

THE 411 ON ME

FC Barcelona fan, Starbucks addicted and super geek.
I am the creator and owner of MalwareTips.com
My area of expertise includes malware removal and computer forensics. I'm active in the various online anti-malware communities where I do researches for new malware threats as they are released.
I live in Bucharest (Romania), where I run my own local computer repair shop.
I repair both hardware and other operating systems related issues, however most of my business is malware related problems.

Follow me on Google Plus

You can follow me on Google Plus, and I will try to keep you informed with the latest computer infections and malware threats!

SUPPORT MALWARETIPS! (OPTIONAL)

All our malware removal guides and utilities are completely free of charge.
We do not request any kind of money in exchange for our services, however if you like to support us with our hardware maintenance costs, you can make a small donation. Any amount is appreciated, and will support our fight against malware.
  • OptiMum

    Excellent instructions. Safe and easy. Thanks a million <3

  • Hans

    Thank you. Great job. Smashed the virus out.

  • TheZman

    I followed the directions to a T and they worked perfectly!!!!! A BIG THUMBS UP!!!!!! Thank you for all the help. When I am finished can I delete the programs downloaded or leave them on my machine?

  • http://malwaretips.com/ Stelian Pilici

    Hello ,
    Can you please run a scan with Combofix and post the logs here so that I can get an idea on what’s going on:

    You can download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop

    Close any open browsers.

    Very Important!!!> Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.

    WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

    Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

    If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    1. Double click on ComboFix.exe & follow the prompts.

    2. Accept the disclaimer and allow to update if it asks

    3. When finished, it shall produce a log for you.

    Notes:

    Do not mouse-click Combofix’s window while it is running. That may cause it to stall.

    Do not “re-run” Combofix. If you have a problem, reply back for further instructions.

    If after the reboot you get errors about programs being marked for deletion then reboot, that will cure it.

    Please post the Combofix, so that I can get an idea on what’s going on.
    Next, please run a scan with HitmanPro and Malwarebytes, then let me know how is your computer running.

  • http://malwaretips.com/ Stelian Pilici

    Hello,
    Lets run a scan with these tools:
    STEP 1: Run a scan with ESET Online Scanner

    1.Download ESET Online Scanner utility.

    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).

    3.Check Yes, I accept the Terms of Use, then click the Start button.

    4.Check Scan archives and push the Start button.

    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    6. When the scan completes, click on the Finish button.

    STEP 2: Run a scan with Kaspersky Virus Removal Tool:

    1. You can download from Kaspersky Virus Removal Tool from here : http://www.kaspersky.com/antivirus-removal-tool?form=1

    2. Double click the setup file to run it, then follow the onscreen prompts until it is installed

    Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:

    System Memory

    Hidden startup objects

    Disk boot sectors

    Local Disk (C:)

    Also any other drives (Removable that you may have)

    3. Then click on Actions on the left hand side

    4. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked

    5. Click on Automatic Scan, then click the Start Scanning button, to run the scan.

    Stay safe!

  • Dice

    It says running mbam please wait and never continue forward I have waited for it for more than 10 minutes now

    • http://malwaretips.com/ Stelian Pilici

      Hello,
      Make sure that you do not have any other programs opened when Chameleon is running, and check for the Malwarebytes Anti-Malware window on your desktop.
      Please try again to start Malwarebytes in Chameleon Mode, and if you will still have issues, then I’ll reply you with additional instructions.

  • http://malwaretips.com/ Stelian Pilici

    Hello Paco,
    Make sure that you do not have any other programs opened when Chameleon is running, and check for the Malwarebytes Anti-Malware window on your desktop.
    Please try again to start Malwarebytes in Chameleon Mode, and if you will still have issues, then I’ll reply you with additional instructions.

  • http://malwaretips.com/ Stelian Pilici

    Hello,
    Yes, you can delete those left over icons, and just to be on the safe side, please run a scan with the following utilities:
    STEP 1: Run a scan with ESET Online Scanner

    1.Download ESET Online Scanner utility.

    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).

    3.Check Yes, I accept the Terms of Use, then click the Start button.

    4.Check Scan archives and push the Start button.

    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    6. When the scan completes, click on the Finish button.

    STEP 2: Run a scan with Kaspersky Virus Removal Tool:

    1. You can download from Kaspersky Virus Removal Tool from here : http://www.kaspersky.com/antivirus-removal-tool?form=1

    2. Double click the setup file to run it, then follow the onscreen prompts until it is installed

    Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:

    System Memory

    Hidden startup objects

    Disk boot sectors

    Local Disk (C:)

    Also any other drives (Removable that you may have)

    3. Then click on Actions on the left hand side

    4. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked

    5. Click on Automatic Scan, then click the Start Scanning button, to run the scan.

    Stay safe!

  • nima

    Thank you!

  • dinesh

    thank u … it is work well..

  • http://malwaretips.com/ Stelian Pilici

    Hello,
    Lets run these scans:

    STEP 1: Run a scan with ESET Rogue Application Remover

    1. Download the ESET Rogue Application Remover by clicking the appropriate link for your system version below

    For 32-bit (x86) – http://download.eset.com/special/ERARemover_x86.exe

    For 64-bit (x64) – http://download.eset.com/special/ERARemover_x64.exe

    2.Save the file to your Desktop. When the download completes, navigate to the file, right-click it and select Run as administrator.

    3.Click Accept to accept the End-User License Agreement (EULA).

    4. Please be patience while this utility scans for malware, then press any key on your keyboard to exit the tool.

    STEP 2: Run a scan with Kaspersky Virus Removal Tool:

    1. You can download from Kaspersky Virus Removal Tool from here : http://www.kaspersky.com/antivirus-removal-tool?form=1

    2. Double click the setup file to run it, then follow the onscreen prompts until it is installed

    Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:

    System Memory

    Hidden startup objects

    Disk boot sectors

    Local Disk (C:)

    Also any other drives (Removable that you may have)

    3. Then click on Actions on the left hand side

    4. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked

    5. Click on Automatic Scan, then click the Start Scanning button, to run the scan.

    STEP 3: Run a scan with ESET Online Scanner

    1.Download ESET Online Scanner utility.

    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).

    3.Check Yes, I accept the Terms of Use, then click the Start button.

    4.Check Scan archives and push the Start button.

    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    6. When the scan completes, click on the Finish button.

    Next please run scan with Malwarebytes Anti-Malware, HitmanPro and RogueKiller. Waiting your reply to see how everything is going.

    Stay safe!

  • Emily

    If I do all these steps besides safe mode will it work? I can’t get my computer to work In safe mode.

    • http://malwaretips.com/ Stelian Pilici

      Hello Emily,
      Yes, you can try to perform these scans in Windows regular mode, it should work.
      Stay safe!

  • Mikz

    Stelian, a mayor tumbs up for your detailed explanations. I shared this site on facebook, but I would like to recommend your site to people with autism on a site I’m building. For starters it will be in Dutch, but I hope to go global one day.
    Thanks to this I’m back to my normal routines in the morning. Didn’t think I could recover my laptop in just 1 day. So thanks a million.

  • http://malwaretips.com/ Stelian Pilici

    Hello Steve,
    This infection does not have keylogging capabilities, and should not damage your machine. Do not buy this fake antivirus, and remove this infection as soon as possible.

    Stay safe!

  • http://malwaretips.com/ Stelian Pilici

    Hello Syed,
    Lets run these scans:

    STEP 1: Run a scan with ESET Rogue Application Remover

    1. Download the ESET Rogue Application Remover by clicking the appropriate link for your system version below

    For 32-bit (x86) – http://download.eset.com/special/ERARemover_x86.exe

    For 64-bit (x64) – http://download.eset.com/special/ERARemover_x64.exe

    2.Save the file to your Desktop. When the download completes, navigate to the file, right-click it and select Run as administrator.

    3.Click Accept to accept the End-User License Agreement (EULA).

    4. Please be patience while this utility scans for malware, then press any key on your keyboard to exit the tool.

    STEP 2: Run a scan with Kaspersky Virus Removal Tool:

    1. You can download from Kaspersky Virus Removal Tool from here : http://www.kaspersky.com/antivirus-removal-tool?form=1

    2. Double click the setup file to run it, then follow the onscreen prompts until it is installed

    Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:

    System Memory

    Hidden startup objects

    Disk boot sectors

    Local Disk (C:)

    Also any other drives (Removable that you may have)

    3. Then click on Actions on the left hand side

    4. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked

    5. Click on Automatic Scan, then click the Start Scanning button, to run the scan.

    STEP 3: Run a scan with ESET Online Scanner

    1.Download ESET Online Scanner utility.

    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).

    3.Check Yes, I accept the Terms of Use, then click the Start button.

    4.Check Scan archives and push the Start button.

    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    6. When the scan completes, click on the Finish button.

    Next please run scan with Malwarebytes Anti-Malware, HitmanPro and RogueKiller. Waiting your reply to see how everything is going.

    Stay safe!

  • Bob

    Thanks so much!

  • D

    Thank you very much for this detailed guide.
    After my first reboot “system care antivirus” showed up again and i had to close it using task manager that this time worked like a charm. All the best. From Russia with Love.

  • Terryb

    Brilliant. I am now back in action. Many thanks.

  • http://malwaretips.com/ Stelian Pilici

    Hello Dave,
    Malwarebytes Anti-Malware and HitmanPro are both good on-demand scanners, so I would suggest that you keep them installed, and perform regular scan with them.
    The other tools can be uninstalled/deleted from your computer.
    To remove Combofix please follow this instructions:
    1.Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
    2.In the Run box, type in ComboFix /Uninstall (Notice the space between the “x” and “/”) then click OK
    3.Follow the prompts on the screen
    4.A message should appear confirming that ComboFix was uninstalled.

    Delete the following folders: (If they exist)
    C:ComboFix
    C:Qoobox

    Stay safe! :)

  • http://malwaretips.com/ Stelian Pilici

    Hello Sherry,
    You’ve got a pretty nasty infection on this machine. It’s a ZeroAccess rootkit which has corrupted your Windows Defender settings.
    To remove this infection, please follow the instructions from this guide: http://malwaretips.com/blogs/file-contained-a-virus-and-was-deleted-removal/

    Stay safe!

  • http://malwaretips.com/ Stelian Pilici

    Hello,

    Please run these two tools:

    STEP 1: Run a scan with AdwCleaner

    1. Download AdwCleaner from here: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

    2.Close all open programs and internet browsers.

    3.Double click on adwcleaner.exe to run the tool.

    4.Click on Delete,then confirm each time with Ok.

    STEP 2: Run a scan with Junkware Removal Tool

    1.Download Junkware Removal Tool to your desktop from the below link:

    JUNKWARE REMOVAL TOOL : http://thisisudax.org/download

    2. Double-click on the JRT.exe icon to start this utility.

    3. The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system’s specifications

    Next run a scan with ESET Online Scanner and Kaspersky Virus Removal Tool as seen in my previous reply.

    Then please clean out your System Restore point as seen here: http://windows.microsoft.com/en-us/windows7/delete-a-restore-point

    Stay safe!

  • http://malwaretips.com/ Stelian Pilici

    Hello Sarfi,
    Hello here is a guide which should help you – http://malwaretips.com/blogs/windows-8-safe-mode-with-networking/

    Did you try to run Malwarebytes Chameleon in Windows regular mode, in many cases there is no need for Safe Mode with Networking.

    Another good solution is to manually disable this infection, and scan with the tools recommend in this guide:
    1. First of all, go to your Desktop and right click the System Care Antivirus.lnk shortcut file and select Properties.

    2.Select Shortcut tab. Find the location of System Care Antivirus executable file (target location). It should be a randomly named file. Simply click the Open file location button.
    If you cannot see the folder, you may need to enable Show hidden files and folders as seen here: http://blogs.msdn.com/b/zxue/archive/2012/03/08/win8-howto-19-show-hidden-files-folders-and-drives.aspx

    3. Browser to the executable file. Rename it, for instance to 123.exe. Restart your computer.

    4. Scan your computer with Malwarebytes, RogueKiller and HitmanPro.

  • http://malwaretips.com/ Stelian Pilici

    Hello Dave,
    Can you please run a scan with Combofix and post the logs here so that I can get an idea on what’s going on:

    You can download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop

    Close any open browsers.

    Very Important!!!> Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.

    WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

    Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

    If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    1. Double click on ComboFix.exe & follow the prompts.

    2. Accept the disclaimer and allow to update if it asks

    3. When finished, it shall produce a log for you.

    Notes:

    Do not mouse-click Combofix’s window while it is running. That may cause it to stall.

    Do not “re-run” Combofix. If you have a problem, reply back for further instructions.

    If after the reboot you get errors about programs being marked for deletion then reboot, that will cure it.

    Please post the Combofix, so that I can get an idea on what’s going on.
    Next, please run a scan with HitmanPro and Malwarebytes, then let me know how is your computer running.

    • Dave

      Hi Stelian and thanks, the Combofix log is quite big, how should I post this onto the site? Can it be emailed to you as it seems to have info about our computer on it? In the mean time, we’re going to run the scans with HitmanPro and Malwarebytes.

      • http://malwaretips.com/ Stelian Pilici

        Hello Dave,
        You can post it here, and I’ll take a look.
        Or better yet, you can post the log into our Malware Removal Assistance forum.. there we can focus better on the malware remova process, if it will need more steps: http://malwaretips.com/Forum-Malware-Removal-Assistance

        Your choice! Stay safe!:D

  • http://malwaretips.com/ Stelian Pilici

    Hello Tony,
    Good luck, and stay safe! If you need any help…. I’m here!:)

  • Hossein

    Thanks a lot for this thorough guide. I tried many others before but couldn’t get rid of SystemCare until I got to your page. I gladly make a donation.

  • http://malwaretips.com/ Stelian Pilici

    Hello Forrest,
    Can you please try to download Rkill and run this program, then go ahead and perform the Malawrebytes scan.
    You can download Rkill from the below link: http://www.bleepingcomputer.com/download/rkill/

    When at the download page, click on the Download Now button labeled iExplore.exe download link. When you are prompted where to save it, please save it on your desktop.
    Once it is downloaded, double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with this infection.
    . If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by System Care Antivirus when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again.

    Good luck!

  • http://malwaretips.com/ Stelian Pilici

    Hello,
    Lets try to run these two scans:

    STEP 1: Run a scan with ESET Online Scanner

    1.Download ESET Online Scanner utility.

    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).

    3.Check Yes, I accept the Terms of Use, then click the Start button.

    4.Check Scan archives and push the Start button.

    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    6. When the scan completes, click on the Finish button.

    STEP 2: Run a scan with Kaspersky Virus Removal Tool:

    1. You can download from Kaspersky Virus Removal Tool from here : http://www.kaspersky.com/antivirus-removal-tool?form=1

    2. Double click the setup file to run it, then follow the onscreen prompts until it is installed

    Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:

    System Memory

    Hidden startup objects

    Disk boot sectors

    Local Disk (C:)

    Also any other drives (Removable that you may have)

    3. Then click on Actions on the left hand side

    4. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked

    5. Click on Automatic Scan, then click the Start Scanning button, to run the scan.

    Then run again a scan with HitmanPro and RogueKiller as see on this guide.

    Good luck!

  • Nate!

    Hey! Greetings from Venezuela. Thanks for the help, everything is easy, fast and free.

  • Mala

    Thank you so much – one of the most helpful sites of this kind I’ve ever found. I will definitely share and recommend. Could you offer the possibility to donate via PayPal? I’m generally willing to donate money for helpful free software etc., and have done so in the past, but I don’t like paying with credit cards. I think a lot of people might be more likely to do it if they could do so with a simple click via PayPal. Just an idea… Thanks again, and keep up the good work!

  • Minnie

    Hello! Thank you for the help so far.
    At the moment I have a problem. Hitman Pro has expired for me, i used again your method like 2 months ago and now i cannot use it to remove the virus. Is there any other program that i could use ?

    • http://malwaretips.com/ Stelian Pilici

      Hello Minnie,

      Lets try to run these two scans:

      STEP 1: Run a scan with ESET Online Scanner

      1.Download ESET Online Scanner utility.

      ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

      2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).

      3.Check Yes, I accept the Terms of Use, then click the Start button.

      4.Check Scan archives and push the Start button.

      5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

      6. When the scan completes, click on the Finish button.

      STEP 2: Run a scan with Kaspersky Virus Removal Tool:

      1. You can download from Kaspersky Virus Removal Tool from here : http://www.kaspersky.com/antivirus-removal-tool?form=1

      2. Double click the setup file to run it, then follow the onscreen prompts until it is installed

      Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:

      System Memory

      Hidden startup objects

      Disk boot sectors

      Local Disk (C:)

      Also any other drives (Removable that you may have)

      3. Then click on Actions on the left hand side

      4. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked

      5. Click on Automatic Scan, then click the Start Scanning button, to run the scan.

      Then run again a scan with HitmanPro, and if it will detect any traces of malware, save the log and post it back here so that I can take a look.
      Then, we will manually remove any left over file.
      Good luck!

  • nmgbruce

    I was in the middle of an Online class. While looking for a .vce viewer on CNET, I got System CareD. You saved my puter from a certain re-image. Thx sooo much.

  • http://malwaretips.com/ Stelian Pilici

    Hello Mary,
    That’s strange. Can you please try again to download HitmanPro.
    Here are the direct download links:
    HitmanPro 32-bit: http://dl.surfright.nl/HitmanPro.exe
    HitmanPro 64-bit: http://dl.surfright.nl/HitmanPro_x64.exe

    Next, please run a scan with the following tools:
    STEP 1: Run a scan with ESET Online Scanner
    1.Download ESET Online Scanner utility.
    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3.Check Yes, I accept the Terms of Use, then click the Start button.
    4.Check Scan archives and push the Start button.
    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    6. When the scan completes, click on the Finish button.

    STEP 2: Run a scan with Kaspersky Virus Removal Tool:

    1. You can download from Kaspersky Virus Removal Tool from here : http://www.kaspersky.com/antivirus-removal-tool?form=1
    2. Double click the setup file to run it, then follow the onscreen prompts until it is installed
    Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
    System Memory
    Hidden startup objects
    Disk boot sectors
    Local Disk (C:)
    Also any other drives (Removable that you may have)
    3. Then click on Actions on the left hand side
    4. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
    5. Click on Automatic Scan, then click the Start Scanning button, to run the scan

  • sam

    Thank you – worked perfectly, much appreciated

  • Rookie

    Hi Thanks for posting this blog. My computer is infected and I’m trying to follow your instructions. My computer has been restarted in the Safe, networking mode, but my IE icon is gone. I only have the iexplore.lnk How do I get to the next step?

    • http://malwaretips.com/ Stelian Pilici

      Hello Rookie,
      You can press the Windows key + R key to open up the Run command, from there just type iexplore.exe to open Internet Explorer.

      Alternatively, you can try to download Malwarebytes while using Windows regular more. If you cannot open your browser, you can either use the activation code ( AA39754E-715219CE) from this guide or you can right-click on your browser icon and select “Run as Administrator”

      Good luck!

  • http://malwaretips.com/ Stelian Pilici

    Hello,
    That’s strange. :)
    HitmanPro has a free 30 days trial for home users, only those who are using a corporate or business computer will not get the free trial.
    If HitmanPro has detected trojans on your computer, then you still have an infected machine. Lets try to remove this infection:
    STEP 1: Run a scan with Emsisoft Emergency Kit.
    1. Please download the latest official version of Emsisoft Emergency Kit.
    EMSISOFT EMERGENCY KIT DOWNLOAD LINK (This link will open a download page in a new window from where you can download Emsisoft Emergency Kit)
    2. After the download process will finish , you’ll need to unpack EmsisoftEmergencyKit.zip and then double click onEmergencyKitScanner.bat
    3. A pop-up will prompt you to update Emsisoft Emergency Kit , please click the “Yes” button.After the Update process has completed , put the mouse cursor over the “Menu” tab on the left and click-on “Scan PC”.
    4. Select “Smart scan” and click-on the below “SCAN” button.When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects’ button.

    STEP 2: Run a scan with Eset Online Scanner.
    1.Download ESET Online Scanner utility.
    ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).

    3.Check Yes, I accept the Terms of Use, then click the Start button.
    4.Check Scan archives and push the Start button.
    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    When the scan completes, push Finish

    STEP 3: Next please run Junkware Removal Tool

    1.Download Junkware Removal Tool to your desktop from the below link:

    JUNKWARE REMOVAL TOOL:http://thisisudax.org/download

    2. Double-click on the JRT icon. For Windows Vista, 7 or 8 users, right-click the file and select Run as Administrator.

    3. The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system’s specifications.

    NEXT, run again a scan with HitmanPro. If it will still detect malware on your machine, post the log from this scanner. (you can get the log by clicking on the “save log” button, once the scan is completed)

    Good luck!

  • http://malwaretips.com/ Stelian Pilici

    Hello,
    Cookies are harmless, so your computer should be clean. Do you have any issues at this point?

  • Kernel Popcorn

    This worked fabulous. Our clients computers are back online and working with no issues.
    As a computer pro I highly recommend this to all with computer issues.
    “-Kernel Popcorn”

  • Pal

    Tank you very much, it worked and I so happy I didnt lost any Of my doc and works on the PC. You are a hero.

  • Georgi Kostadinov

    God bless u I am so poor and I could not afford to repair my Pc and I found this thank u so much guys I hope everyone who needs this guide finds it :P:P:P

  • http://malwaretips.com/ Stelian Pilici

    Hello Benny,
    Once you have started your computer in Safe Mode, did you run a scan with Rkill and Malwarebytes?

  • http://malwaretips.com/ Stelian Pilici

    Hello,
    Avast Free Antivirus and COMODO Internet Security Free are both great free options, which will provide a high level of security for your computer.
    I do recommend that you read this guide >> http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ < < so that you'll learn how to avoid future infections!
    Anyway ,you should really start a thread in our Security Configuration forum as you need to build a layered security config: http://malwaretips.com/Forum-Security-Configuration-Wizard

  • Emery

    Hello! So glad you wrote this blog. Hit some bumps. Computer keeps turning off by itself durong Malware Quick Scan. What do I do? Thanks!!!!

  • http://malwaretips.com/ Stelian Pilici

    Hello Steph,
    You have some residual damage from the ZeroAccess rootkit.
    Please run this ESET repair tool: http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

    Then, if you are still experiencing problems, start a thread in our Malware Removal Assistance forum, to check for additional malware: http://malwaretips.com/Forum-Malware-Removal-Assistance

  • Matt

    Hi Stelian. Great tutorial and a relief that someone has managed to combat these terrible malware.
    My only problem is that i still habe the “System Care Antivirus’ shortcut icon on my desktop. What is the best way to remove this?
    Thanks,
    Matt

    • http://malwaretips.com/ Stelian Pilici

      Hello Matt,
      That System Care Antivirus icon is just a left over shortcut, and basically it’s harmless, but right-click on it, and select Delete to remove it.

      And for your peace of mind, you can run a scan with ESET Online Scanner:

      1.Download ESET Online Scanner utility.

      ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

      2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).

      3.Check Yes, I accept the Terms of Use, then click the Start button.

      4.Check Scan archives and push the Start button.

      5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

      When the scan completes, click on the Finish button.

      Stay safe!

      • Matt Jones

        Hi Stelian

        Fantastic support mate.

        I have been using Avast internet security and this malware got past it because i opened a suspect file in an email (my own fault)

        What would you recommend as good protection for a single ‘work from home’ PC?

        Cheers,
        Matt

        • http://malwaretips.com/ Stelian Pilici

          Hello Matt,

          I’m currently using COMODO Internet Security, it’s a free and awesome program. However you should always keep in mind that computer security starts with YOU.

          I have written awhile ago, a guide on how to stay safe online. If you have the time, I would suggest that you read it: http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/

          • Matt Jones

            Great stuff :)

            By the way, ESET didn’t start the scan… just took me to a site to buy. It installed fine and i clicked the free trial but just opened up a webpage

            Cheers,
            Matt

            • http://malwaretips.com/ Stelian Pilici

              Hmmm, here is the official page: http://www.eset.com/us/online-scanner/

              You don’t need to buy ESET to perform a scan. Just click on the Run ESET Online Scanner button

  • http://malwaretips.com/ Stelian Pilici

    Hello,
    Those should be just some left over files, which you can delete. However for your peace of mind, you can run a scan with the below tools:
    STEP 1: Run a scan with ESET Online Scanner
    1.Download ESET Online Scanner utility.
    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3.Check Yes, I accept the Terms of Use, then click the Start button.
    4.Check Scan archives and push the Start button.
    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    6. When the scan completes, click on the Finish button.

    STEP 2: Run a scan with Kaspersky Virus Removal Tool:

    1. You can download from Kaspersky Virus Removal Tool from here : http://www.kaspersky.com/antivirus-removal-tool?form=1
    2. Double click the setup file to run it, then follow the onscreen prompts until it is installed
    Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
    System Memory
    Hidden startup objects
    Disk boot sectors
    Local Disk (C:)
    Also any other drives (Removable that you may have)
    3. Then click on Actions on the left hand side
    4. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
    5. Click on Automatic Scan, then click the Start Scanning button, to run the scan

  • http://malwaretips.com/ Stelian Pilici

    Hello,

    Most likely you have a ZeroAccess rootkit on your computer.

    Can you please run a scan with Combofix and post the logs here so that I can get an idea on what’s going on:

    You can download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop

    Close any open browsers.

    Very Important!!!> Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.

    WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

    Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

    If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    1. Double click on ComboFix.exe & follow the prompts.

    2. Accept the disclaimer and allow to update if it asks

    3. When finished, it shall produce a log for you.

    Notes:

    Do not mouse-click Combofix’s window while it is running. That may cause it to stall.

    Do not “re-run” Combofix. If you have a problem, reply back for further instructions.

    If after the reboot you get errors about programs being marked for deletion then reboot, that will cure it.

  • http://malwaretips.com/ Stelian Pilici

    Lets run the below scans:
    Run a scan with RogueKiller
    1. Please download the latest official version of RogueKiller.
    RogueKiller Download Link : http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
    2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.
    3. After the scan has completed, press the Delete button to remove any malicious registry keys.
    Run a scan with ESET Online Scanner
    1.Download ESET Online Scanner utility.
    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3.Check Yes, I accept the Terms of Use, then click the Start button.
    4.Check Scan archives and push the Start button.
    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    6. When the scan completes, click on the Finish button.

  • http://malwaretips.com/ Stelian Pilici

    Hello Mandie,

    The scans time depend on the size of your hard drive, and on the specs of your machine. Usually a quick scan it should not take more than 10-15 minutes, but with an infected computer, you never know.

    Lets run these two scans, to remove check for any other malware that may be present on your computer:
    Run a scan with RogueKiller
    1. Please download the latest official version of RogueKiller.
    RogueKiller Download Link : http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
    2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.
    3. After the scan has completed, press the Delete button to remove any malicious registry keys.
    Run a scan with ESET Online Scanner
    1.Download ESET Online Scanner utility.
    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3.Check Yes, I accept the Terms of Use, then click the Start button.
    4.Check Scan archives and push the Start button.
    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    6. When the scan completes, click on the Finish button.

    Waiting for your reply to see if you have managed to remove this infection!

  • http://malwaretips.com/ Stelian Pilici

    Hello Dan,
    It really looks like you have a nasty ZeroAccess rootkit, I would advise you to start a thread in our Malware Removal Assistance : http://malwaretips.com/Forum-Malware-Removal-Assistance : forum, as this infection is quite hard to remove.
    Nevertheless, if you really want to try a quick fix, you can run a scan with RogueKiller:

    1. Please download the latest official version of RogueKiller.
    RogueKiller Download Link : http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

    2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.

    3. After the scan has completed, press the Delete button to remove any malicious registry keys.

    Waiting for your reply to see if you have managed to remove this infection!

  • http://malwaretips.com/ Stelian Pilici

    Hello KK,
    Please close the Malwarebytes Chameleon window, the download RKILL (which will be renamed as iexplore.exe) from here: http://www.bleepingcomputer.com/download/rkill/dl/11/
    This utility will kill all the System Care Antivirus malicious process, so that you’ll be able to perform a scan with Malwarebytes Anti-Malware.
    Run the Malwarebytes scan, then please try to perform a scan with RogueKiller:

    1. Please download the latest official version of RogueKiller.
    RogueKiller Download Link : http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

    2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.

    3. After the scan has completed, press the Delete button to remove any malicious registry keys.

    Waiting for your reply to see if you have managed to remove this infection!

  • Diane

    Stelian–you saved my biscuits! I gladly make a donation and I hope your business prospers because of your willingness to help people.

  • Katie

    Huge thanks for being the antidote to the malicious people who create viruses. Your instructions were clear enough for a theatre gal like me to follow without fear of screwing something up, and kind enough to be free! I’m so grateful. Cheers,
    Katie

  • http://malwaretips.com/ Stelian Pilici

    Hello Grant,
    Can you please run a scan with Combofix and post the logs here so that I can get an idea on what’s going on:

    You can download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.
    ComboFix must be renamed before you download to your Desktop

    Close any open browsers.

    Very Important!!!> Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.

    WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

    Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

    If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    1. Double click on ComboFix.exe & follow the prompts.

    2. Accept the disclaimer and allow to update if it asks

    3. When finished, it shall produce a log for you.

    Notes:

    Do not mouse-click Combofix’s window while it is running. That may cause it to stall.

    Do not “re-run” Combofix. If you have a problem, reply back for further instructions.

    If after the reboot you get errors about programs being marked for deletion then reboot, that will cure it.

  • http://malwaretips.com/ Stelian Pilici

    Hello Jn,
    Even if you “uninstall” System Care Antivirus, the malicious files would still be on your computer. I do recommend that you run all the scan, so that all the removal malicious files are removed! Stay safe! :D

  • Amar sharma

    wao..thanx for given guideline…..thnk you so much

  • http://malwaretips.com/ Stelian Pilici

    Hello,
    Is this the same computer that got infected? What software or drivers did you recently installed? What’s the error code on the BSOD?

  • IROGREECE

    THANK YOU SO MUCH STELIAN, I JUST KNOW THE BASICS I THINK I HAVE THIS TROJAN FROM AN EMAIL! WHAT DO YOU THINK?THANK YOU GOD BLESS YOU!IRO FROM GREECE

    • http://malwaretips.com/ Stelian Pilici

      Hello,
      Yes, email spam is a one way in which victims are infected with this rogue software. Basically, you’ll receive an email which looks like being from DHL, FedEX or a similar company, stating that attached to this email is a summary report for your order. Of course, there is no order, and the attachment is just an infected file.

      Stay safe! :)

  • John

    Will this work on 3.7.33 also?

    • http://malwaretips.com/ Stelian Pilici

      Yes, System Care Antivirus 3.7.33 is basically the same infection as the previous builds. Just follow the steps from this guide, and if you need any help, you just ask! :)
      Good luck!

  • Ben

    Hi I have ran the malwarebytes program twice but the system care antivirus thing pops up after awhile. Any idea how to solve this issue?

    • http://malwaretips.com/ Stelian Pilici

      Hello Ben,
      Did you run the HitmanPro scan as see in the guide?
      Can you please try to perform a scan with RogueKiller:

      1. Please download the latest official version of RogueKiller.

      RogueKiller Download Link : http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

      2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.

      3. After the scan has completed, press the Delete button to remove any malicious registry keys.

      Waiting for your reply to see if you have managed to remove this infection! Good luck!

  • Laura

    Thanks, I’m in the process of stage 2.
    What program should I download to protect myself from further viruses entering my computer? I had AVG and it stopped working, so I’ve been using Avira – but that didn’t seem to save me!

  • Grant

    Hello, I have tried to download malwarebytes chameleon and the download from bleepingcomputer.com in safe networking mode and the virus deletes it and will not let it install?

    • http://malwaretips.com/ Stelian Pilici

      Hello Grant,
      Can you please try to start HitmanPro in ForceBreach Mode?

      To start HitmanPro in Force Breach mode, hold down the left CTRL key when you start HitmanPro and all non-essential processes are terminated, including the malware process: http://www.youtube.com/watch?v=m6eRWTv2STk

      Then, please try to perform a scan with RogueKiller:

      STEP 1: Run a scan with RogueKiller

      1. Please download the latest official version of RogueKiller.
      RogueKiller Download Link : http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

      2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.

      3. After the scan has completed, press the Delete button to remove any malicious registry keys.

      Waiting for your reply to see if you have managed to remove this infection!

      • Grant

        When i download hitman, it give me the same message, it downloads then immediately deletes the new program. I have started it in safe mode and entered the temporary activation key!

        • http://malwaretips.com/ Stelian Pilici

          Hello,

          Can you please download RKILL (renamed as iexplore or Winlogon) : http://www.bleepingcomputer.com/download/rkill/

          Run this program to kill the malicious process, then after Rkill will display the removal log, download Malwarebytes and HitmanPro and run a scan.

          • Grant

            It worked! Thank you!!

            • http://malwaretips.com/ Stelian Pilici

              Great! if you ever need any help with malware related issues, we are always here!
              Stay safe!

  • Connie

    I did all 3 steps and my computer is CLEAN!!!!! THANK YOU SO MUCH YOUR HE BEST!!!

  • Leslie

    I still have a System Care Antivirus icon on my desktop. Will this go away if the problem is really gone?

    • http://malwaretips.com/ Stelian Pilici

      Hello Leslie,

      Yes, if you performed all the steps from this guide, your computer should now be clean. That System Care Antivirus icon is just a left over files, and basically it’s harmless, but right-click on it, and select Delete to remove it.

      And for your peace of mind, you can run a scan with ESET Online Scanner:

      1.Download ESET Online Scanner utility.

      ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

      2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).

      3.Check Yes, I accept the Terms of Use, then click the Start button.

      4.Check Scan archives and push the Start button.

      5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

      When the scan completes, click on the Finish button.

  • Daniel

    I used hitman pro to remove system care antivirus, and it solved my issues in 8min16s. Thank you

  • Mike

    Worked great. Straight and to the point. Thank you, sir.

  • Eli

    Thank you! It really worked out for me! I have a question: If you remove the System Care Antivirus by using, for example, the Malwarebytes Anti-Malware software, does it deletes the Malware from the Windows Registry (regedit) too? In case there was something there.

    • http://malwaretips.com/ Stelian Pilici

      Hello Eli,
      Yes, Malwarebytes Anti-Malware Free will scan your files and folders, as well as the Windows registry. You should have a Malwarebytes Anti-Malware log on your desktop, in which you can view what this program has removed from your computer.
      Stay safe! :)

      • Eli

        Thanks! You’ve been very helpful to me. ^^

  • ionescu

    This infection was very nasty. I have visited 3 other websites before finding your guide.
    Thank you so much Stelian!:D

  • Lorrete

    Thank you!! It worked perfectly!! Thank you!!!!!!!!!

  • James

    I cant get to the safe mode. I pressed and held and tapped the f8 button but it wont let me go to that page. So i cant download anything. Any thoughts? Thanks

    • http://malwaretips.com/ Stelian Pilici

      Hello James,

      You most likely have a ZeroAccess rootkit on this machine. Can you please try to start HitmanPro in ForceBreach Mode?

      To start HitmanPro in Force Breach mode, hold down the left CTRL key when you start HitmanPro and all non-essential processes are terminated, including the malware process: http://www.youtube.com/watch?v=m6eRWTv2STk

      Then, please try to perform a scan with RogueKiller:

      STEP 1: Run a scan with RogueKiller

      1. Please download the latest official version of RogueKiller.
      RogueKiller Download Link : http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

      2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.

      3. After the scan has completed, press the Delete button to remove any malicious registry keys.

  • http://malwaretips.com/ Stelian Pilici

    Hello Mark,

    Malwarebytes Chameleon, it’s an utility which makes the installation of Malwarebytes Anti-Malware Free on infected computer much more easier.

    Malwarebytes Anti-Malware Free (the scanner that we have used to remove this infection), is a free on-demand scanner which will NOT run in real-time (will not protect your computer from malware), but it can be used whenever you want to check and remove malware. I do recommend that you keep this product installed on your computer, and perform weekly malware scans.

    Malwarebytes Anti-Malware PRO, is a paid product which will add real-time protection to your computer. The benefit of purchasing the consumer PRO license is the advantage of scheduled updating and scanning plus the security of our RealTime Protection Module. The realtime protection module uses the advanced heuristic scanning technology which monitors your system to keep it safe and secure by blocking unwanted downloads or executable files from running.

    Another important feature is our malicious website blocking, meaning that sites known to be malicious will not load on your system thereby avoiding a potential malware infestation.

    The PRO version also updates its database incrementally, meaning downloading updates will use far less bandwidth over your internet connection and take much less time to complete.

    Hopefully, I made some sense! Stay safe!

  • http://malwaretips.com/ Stelian Pilici

    Hello John,

    You most likely have a ZeroAccess rootkit on this machine. Can you please try to start HitmanPro in ForceBreach Mode?

    To start HitmanPro in Force Breach mode, hold down the left CTRL key when you start HitmanPro and all non-essential processes are terminated, including the malware process: http://www.youtube.com/watch?v=m6eRWTv2STk

    Then, please try to perform a scan with RogueKiller:

    STEP 1: Run a scan with RogueKiller

    1. Please download the latest official version of RogueKiller.
    RogueKiller Download Link : http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

    2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.

    3. After the scan has completed, press the Delete button to remove any malicious registry keys.

  • john

    Keeps blocking download saying programs are virus deleted

    • http://malwaretips.com/ Stelian Pilici

      Please try to start your computer in Safe Mode with Networking, and perform the Malwarebytes scan, as seen in this guide: http://malwaretips.com/blogs/remove-system-care-antivirus-virus/

      In addition, to make the malware removal process easier, you can use this System Care Antivirus Activation code: AA39754E-715219CE .

      Waiting for your reply. Stay safe!

  • Jon

    Thanks, worked great. This blog was the first up on my Google search, I visited two others before returning to yours and following the steps. Once again, thanks.

  • http://malwaretips.com/ Stelian Pilici

    Hello David,

    Please try to start your computer in Safe Mode with Networking, and perform the Malwarebytes scan, as seen in this guide: http://malwaretips.com/blogs/remove-system-care-antivirus-virus/

    In addition, to make the malware removal process easier, you can use this System Care Antivirus Activation code: AA39754E-715219CE .

    Waiting for your reply. Stay safe!

  • CW

    I got infected with this last night – have only done step 1 above & PC seems to be working fine now – do I need to do steps 2 & 3 as well?

    • http://malwaretips.com/ Stelian Pilici

      Hello,
      Malwarebytes is a very powerful scanner, and can remove this infection by itself.
      However, for your peace of mind, I would advise you to run the other scans. The HitmanPro and Emsisoft scan will not take more than 10 minutes each to complete.
      Stay safe!

      • CW

        ok thanks for your advice :)

  • KOS

    Really good stuff! Seems like Step 1 did it – so far !

  • Kim

    this was so easy and so great! I was trapped until I found this site. I was barely able to get online and it tried to block me every time I tried to get to this site. It even said google chrome was a virus. Thank-you for getting me out of the trap!!!!

  • Feliks savero elek

    thanks boss :)

  • kreangsak

    Thank you very much!

  • Pango

    HitmanPro removed System care Antivirus in safe mode. It worked

  • Chris Plunkett

    Thank you. Great job…….kudos.

  • ian

    Thanks…almost fell for it.nearly paid

  • CJ

    thank you! one of my co-workers didn’t bother putting any anti-virus on their PC and got stuck with this junk! easy guide to follow and got things going again.

    thanks again!

  • Jon

    Massive thanks! You saved me a lit of time, money and insanity. Really good of you to do this.

  • MariaLou

    Thank you!

  • Maria

    WOW! All I can say is thank you!!

  • Twferguson

    Thanks for the info. To the point and easy to follow steps. Able to have full control again over my pc (yes even with my limited skills) with no more outside interference from malware. Glad to have guys out there to assist when asked, and give the correct relevant information. Good job Stelian.

  • Ed

    Awesome! Thanks very much!

  • Craig

    Thank you!!:D