“System Care Antivirus” is a computer virus, which pretends to be a legitimate antivirus program and claims that malware has been detected on your computer, then it will state that you need to pay money to register the software to remove these non-existent threats.
“System Care Antivirus” is distributed through hacked or infected websites, which will prompt you with a fake pop-up window indicate that your computer is infected or your computer requires a software update. Alternatively, your computer may be infected with “System Care Antivirus” from an infected email attachment or drive-by-downloads which will exploit a vulnerability in older versions of Java or Adobe software.
Once installed, “System Care Antivirus” will be drop a random file name in a random folder under C:\Documents and Settings\All Users\Application Data\, in XP, or C:\ProgramData, in Windows Vista, Windows 7, and Windows 8. System Care Antivirus will then be configured to start automatically when you login to your computer.
“System Care Antivirus” will display fake security alerts that are designed to think that your data is at risk or that your computer is severely infected.These messages include:
Security Monitor: WARNING!
Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk.
To get rid of unwanted spyware and keep your computer safe your need to update your current security software.
Click Yes to download official intrusion detection system (IDS software).Spyware.IEMonster activity detected. This is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs.
Click here to remove it immediately with System Care Antivirus.System Care Antivirus Firewall Alert
System Care Antivirus Firewall has blocked a program from accessing the Internet.
Internet Explorer Internet Browser is infected with worm SVCHOST.Stealth.Keyloger. This worm is trying to send your credit card details using Internet Explorer Internet Browser to connect to remote host.System Care Antivirus Warning
Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss.
Click here to block unauthorised modification by removing threats (Recommended)System Care Antivirus Warning
Your PC is still infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid theft of your credit card details.System Care Antivirus Warning
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC.
Click here to remove them immediately with System Care Antivirus.
If your computer is infected with System Care Antivirus virus, then you are seeing the following screens:
System Care Antivirus is a scam, and you should ignore any alerts that this malicious software might generate.
Under no circumstance should you buy System Care Antivirus as this could lead to identity theft, and if you have, you should contact your bank and dispute the charge stating that the program is a scam and a computer virus.
Registration codes for System Care Antivirus
As an optional step,you can use any of the following license keys to register System Care Antivirus and stop the fake alerts.
System Care Antivirus activation code: AA39754E-715219CE
Please keep in mind that entering the above registration code will NOT remove System Care Antivirus from your computer , instead it will just stop the fake alerts so that you’ll be able to complete our removal guide more easily.
System Care Antivirus – Virus Removal Guide
This page is a comprehensive guide, which will remove the System Care Antivirus infection from your your computer. Please perform all the steps in the correct order. If you have any questions or doubt at any point, STOP and ask for our assistance.
STEP 1: Start your computer in Safe Mode with Networking
STEP 2: Run RKill to terminate System Care Antivirus malicious processes
STEP 3: Remove System Care Antivirus virus with Malwarebytes Anti-Malware Free
STEP 4: Remove System Care Antivirus rootkit with RogueKiller
STEP 5: Remove System Care Antivirus infection with HitmanPro
STEP 1 : Start your computer in Safe Mode with Networking
- Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
- When the computer starts you will see your computer’s hardware being listed. When you see this information start to gently tap the F8 key repeatedly until you are presented with the Windows XP, Vista or 7 Advanced Boot Options.
If you are using Windows 8, press the Windows key + C, and then click Settings. Click Power, hold down Shift on your keyboard and click Restart, then click on Troubleshoot and select Advanced options. In the Advanced Options screen, select Startup Settings, then click on Restart. - If you are using Windows XP, Vista or 7 in the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.
\
If you are using Windows 8, press 5 on your keyboard to Enable Safe Mode with Networking.
Windows will start in Safe Mode with Networking.
STEP 2: Run RKill to terminate the malicious processes associated with System Care Antivirus
RKill is a program that will attempt to terminate all malicious processes associated with System Care Antivirus, so that we will be able to perform the next step without being interrupted by this malicious software.
Because this utility will only stop System Care Antivirus running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again.
- While your computer is in Safe Mode with Networking ,please download the latest official version of RKill.Please note that we will use a renamed version of RKILL so that System Care Antivirus won’t block this utility from running.
RKILL DOWNLOAD LINK (This link will automatically download RKILL renamed as iExplore.exe) - Double click on iExplore.exe to start RKill and stop any processes associated with System Care Antivirus.
- RKill will now start working in the background, please be patient while the program looks for System Care Antivirus malicious process and tries to end them.
If you get a message from System Care Antivirus stating that RKill is an infection, and then closes this utility, leave the warning on the screen and then run RKill again.
By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that RKill can terminate System Care Antivirus. - When the Rkill utility has completed its task, it will generate a log. Do not reboot your computer after running RKill as the malware programs will start again.
STEP 3: Remove System Care Antivirus virus with Malwarebytes Anti-Malware FREE
Malwarebytes Anti-Malware Free is a powerful on-demand scanner which will remove System Care Antivirus malicious files from your computer.
- You can download Malwarebytes Anti-Malware Free from the below link, then double-click on the icon named mbam-setup.exe to install this program.
MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK(This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free) - When the installation begins, keep following the prompts in order to continue with the setup process, then at the last screen click on the Finish button.
- On the Scanner tab, select Perform quick scan, and then click on the Scan button to start searching for the System Care Antivirus malicious files.
- Malwarebytes’ Anti-Malware will now start scanning your computer for System Care Antivirus virus as shown below.
- When the Malwarebytes Anti-Malware scan has finished, click on the Show Results button.
- You will now be presented with a screen showing you the computer infections that Malwarebytes Anti-Malware has detected. Make sure that everything is Checked (ticked), then click on the Remove Selected button.
- Once your computer will restart in Windows regular mode, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats.
STEP 4: Remove System Care Antivirus rootkit with RogueKiller
RogueKiller is a utility that will scan for the System Care Antivirus rootkit, registry keys and any other malicious files on your computer.
- You can download the latest official version of RogueKiller from the below link.
ROGUEKILLER DOWNLOAD LINK (This link will automatically download RogueKiller on your computer) - Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds, then click on the Scan button to perform a system scan.
- After the scan has completed, press the Delete button to remove System Care Antivirus malicious registry keys or files.
STEP 5: Remove System Care Antivirus infection with HitmanPro
HitmanPro is a cloud on-demand scanner, which will scan your computer with 5 antivirus engines (Emsisoft, Bitdefender, Dr. Web, G-Data and Ikarus) for the System Care Antivirus infection.
- You can download HitmanPro from the below link:
HITMANPRO DOWNLOAD LINK (This link will open a web page from where you can download HitmanPro) - Double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows). When the program starts you will be presented with the start screen as shown below.
Click on the Next button, to install HitmanPro on your computer.
- HitmanPro will now begin to scan your computer for System Care Antivirus trojan.
- When it has finished it will display a list of all the malware that the program found as shown in the image below. Click on the Next button, to remove System Care Antivirus virus.
- Click on the Activate free license button to begin the free 30 days trial, and remove all the malicious files from your computer.
Your computer should now be free of the System Care Antivirus infection. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes Anti-Malware to protect against these types of threats in the future, and perform regular computer scans with HitmanPro.
If you are still experiencing problems while trying to remove System Care Antivirus from your machine, please start a new thread in our Malware Removal Assistance forum.
Its so nice of you to take the time helping us out
You’r D MAN!! Stelian! very easy steps. Thank you!
thank you for the instructions, they were very very very helpful
Hello Corky,
RogueKiller is a on-demand scanner with a very low false positive rate. Nevertheless, you can skip this scan, and perform a scan with HitmanPro.
Next,lets run a scan with these two tools:
STEP 1: Run a scan with ESET Online Scanner
1.Download ESET Online Scanner utility.
ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe
2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
3.Check Yes, I accept the Terms of Use, then click the Start button.
4.Check Scan archives and push the Start button.
5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
6. When the scan completes, click on the Finish button.
STEP 2: Run a scan with Kaspersky Virus Removal Tool:
1. You can download from Kaspersky Virus Removal Tool from here : http://www.kaspersky.com/antivirus-removal-tool?form=1
2. Double click the setup file to run it, then follow the onscreen prompts until it is installed
Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
System Memory
Hidden startup objects
Disk boot sectors
Local Disk (C:)
Also any other drives (Removable that you may have)
3. Then click on Actions on the left hand side
4. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
5. Click on Automatic Scan, then click the Start Scanning button, to run the scan.
Stay safe!
Thank you for making this blog.
thanks man.. can u recommend any antivirus program that can prevent such viruses..
Hello,
Those should be just some left over files, to remove them just right click on them and select Delete.
Next, lets try to run these two scans:
STEP 1: Run a scan with ESET Online Scanner
1.Download ESET Online Scanner utility.
ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe
2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
3.Check Yes, I accept the Terms of Use, then click the Start button.
4.Check Scan archives and push the Start button.
5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
6. When the scan completes, click on the Finish button.
STEP 2: Run a scan with Kaspersky Virus Removal Tool:
1. You can download from Kaspersky Virus Removal Tool from here : http://www.kaspersky.com/antivirus-removal-tool?form=1
2. Double click the setup file to run it, then follow the onscreen prompts until it is installed
Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
System Memory
Hidden startup objects
Disk boot sectors
Local Disk (C:)
Also any other drives (Removable that you may have)
3. Then click on Actions on the left hand side
4. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
5. Click on Automatic Scan, then click the Start Scanning button, to run the scan.
Then run again a scan with HitmanPro and RogueKiller as see on this guide.
Good luck!
Hi there,
First of all thank you for this very useful guides.
I am having some troubles with this one. I have performed all of the steps an at the end when Hitman Pro removes all of the malicious files System care Antivirus remains among my programs in start menu. How can I get rid of it?
Thank you in advance.
Regards
Miha
Hello Gary,
You’ve got a pretty nasty infection on this machine. It’s a ZeroAccess rootkit which has corrupted your Windows Defender settings.
To remove this infection, please follow the instructions from this guide: http://malwaretips.com/blogs/file-contained-a-virus-and-was-deleted-removal/
Stay safe!
I can’t even complete step 2 as when I try to download Rkill it just comes up with a message saying ‘iExplore.exe contained a virus and was deleted’. I’ve tried several removal guides and anything I have to download I just get this message, from System care I presume..
Hello Robert,
Right-click on the Malwarebytes Anti-Malware icon, and select Rename. Then re-name the file to svchost , then try to start this program.
If you are still experiencing issues, try to start HitmanPro in ForceBreach mode, and perform a scan.
To start HitmanPro in Force Breach mode, hold down the left CTRL key when you start HitmanPro and all non-essential processes are terminated, including the malware process: http://www.youtube.com/watch?v=m6eRWTv2STk
thanks soo much broo!!! my laptops running fine now :)
Hi,
Thanks for your info of how to remove the virus. However, l would like to know if there is any anti-virus software free download with safe as my trial order of AVG has been expired.
Thanks.
Kay
My window detected a hard disk problem and it advice me to backup..is it a fake alert from virus or its real that I have to look for a new hard disk? Any help will be much appriciated
Leyendo explicaciones para eliminar este problema con el falso antivirus System Care, segui los pasos que me decian en algunos foros pero no encontraba el System Care en el programa que instale para desinstalar este falso antivirus, hasta q me di cuenta que en el escritorio salia un icono que lo iniciaba y me dio esta idea: le di clic derecho en el icono ,despues popiedades y vi la direccion donde estaba guardado la carpeta” C://documents and setting/nombre de usuario/archivos de programas/89655478211548D875H54S54S4B6″ era algo asi, fui all.elimine esa carpeta y listo todos los problemas solucionados, reinicia para ver si salia el FALSO ANTIVIRUS y nada, asi que la solucion mas facil sin tener que analizar el equipo o instalar ningun programa es esa eliminar la carpeta donde esta contenida , bueno espero q les sirva