My Victory Over the “System Check” Computer Virus

What do Blue Buffalo Dog Food and nasty computer viruses have to do with one another? Before today, I would have answered, “Nothing.” But from one of the dog food review sites flagged as “safe” by both McAfee and PC Tools pyWare Doctor, my computer picked up what is referred to as the “System Check” virus.

To its credit, McAfee did start throwing up alerts as the virus was downloading itself to my system, quarantining some files as they sought to take up residence on my hard drive. Unfortunately, the anti-virus software missed a few other files, causing me to be greeted with one fake message after another attempting to convince me that my machine was at imminent risk of catastrophic system failure.

Having become jaded by make-believe (or perhaps real?) African Kings offering me the equivalent ransom if only I would pass along my bank account information, and internet pop-ups helpfully advising that my system is performing poorly, a problem with which it, the pop-up would be more than happy to assist, I realized I was en route to being in a very bad way.

The words of one of my favorite childhood reads came to mind. I said to myself, “Don’t panic.” Then I went to work.

I couldn’t launch old standbys such as Task Manager.  What is more, the virus set all of the files on my harddrive to “Hidden” so as to give the impression that the situation was bleak. Since the computer was still operational except for the never ending stream of fake system failures being announced by the virus, I knew that things weren’t nearly as dire as the virus wanted me to believe.

Clearly, the malware was preventing anything that might to used to put it to an end to it from executing, so I opened a command window, navigated to the windows\system32 directory, issued an Attrib -H, copied taskmgr.exe to taskmgr2.exe and ran it. Using TaskManager, I found the offending process and terminated it with extreme prejudice. Windows prompted me with its usual query about sending information to Microsoft. I selected, “yes” and used the collected information to identify the location and name of the virus program, enabling me to delete it from the system using the command prompt.

Once the virus was no longer operational, I was able to launch Internet Explorer and do some research on the infection which I came to learn was known as “System Check.”

The bleepingcomputer website presents some great information on this virus and what steps one can take to clean it up. I disagree, however, with the advice to shut the pc down before removing at least the primary executable. Restarting computers can often serve to complete installation of programs, including those of the malicious variety. Similarly, once a computer is down, there is little guarantee that, depending on the nature of the infection, the machine will come back up again.

The steps I took to recover from the virus were:

  1. I opened a command window and copied taskmgr.exe to taskmgr2.exe. This allowed me to launch the task manager in order to locate and kill the malicious program;
  2. The ensuing windows message asking if it should send information about the terminated program to Microsoft provided me with the exact location of the program, enabling me to delete it from the system;
  3. From the command window, I also copied regedt32.exe regedt32v2.exe. I used the copy to remove all registry entries referenced in the bleepingcomputer article;
  4. At this point, I was able to download the malwarebytes application and peform a quick scan against my computer. It identified additional vestiges of the virus and removed them;
  5. I reconfigured my Start Menu according to the instructions in the aforementioned article;
  6. I downloaded and installed unhide.exe, also from the bleepingcomputer website. It completed restoration of my start menu and also found and handled a few more bits of the virus — a secondary executable file and a few more registry entries;
  7. I kicked off a full scan of my computer with Malwarebytes; and finally
  8. I rebooted my computer.

At this point, my computer appears to be virus-free, a point on which PC Tools, McAfee and Malwarebytes all agree.

BleepingComputer.com describes the symptoms of the virus in terms of the messages it spews as follows:

Hard drive clusters are partly damaged. Segment load failure.

Hard drive clusters are partly damaged. Segment load failure.

Critical Error

Hard drive critical error. Start a system diagnostics application to scan your hard disk for errors and performance problems.

Windows – Delayed Write Failed

Failed to save all the components for the file \System320004823. The file is corrupted or unreadable. This error may be caused by a PC hardware problem.

Windows detected a hard disk problem

A potential disk failure may cause loss of files, applications and documents stored on the hard disk. Please try not to use this computer until the hard disk is fixed or replaced.

Windows detected a hard disk problem

A potential disk failure may cause loss of files, applications and documents store on the hard disk. It’s highly recommended to scan and solve HDD problems before continue using this PC.

Hard Drive Failure

The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system.

System Error

An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors.

Critical Error

Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can’t find hard disk space. Hard drive error.

Critical Error

Hard drive clusters are partly damaged. Segment load failure.

As for the Dog Food research? The web site in question was entitled, “Veterinarians Reporting Possible Blue Buffalo Dog Food Concerns” located on I Love Dogs dot Com. Be afraid.

About PiperGirl

Animal lover, tree hugger, pilot, photographer, outdoorsman, sailor, bookworm, musician, scientist, philosopher, theologian, Renaissance woman.
This entry was posted in Current Events and tagged , , , , , . Bookmark the permalink.

3 Responses to My Victory Over the “System Check” Computer Virus

  1. Dustin says:

    It probably came from an infected ad that the website used. Of It could have also been a hacker that injected the malware code into the webpage itself. I clean infected computers and love doing it. I have not heard of using command prompt to rename the task manager and I will be using that technique when I come across malware that disables the task manager. There might have been an easier way to clean the pc, doing system restore usually work’s pretty good, especially if you know the exact moment you got the malware. But that doesn’t always work. I don’t know how good you are with removing malware, you seem like you know what you are doing. But I do suggest not using McAfee, as most of the computers I have cleaned have McAfee or Norton. Both let things by too easily. I use Avast and recommend it to everyone. It’s free and detects just about any malware. I have only had 2 Trojans get past in the last 4 years. (I run a daily full scan every night just in case something does get past.) When i clean a PC, I use many many free programs to detect and remove malware as not all traces are found with one or two programs. I agree with you using Malwarebytes. It’s an awesome malware removal tool that I use all the time. I use superantispyware as well to find any traces that malwarebytes didn’t find. (That has happened a few times.) CCleaner is great for removing temp files as well as cleaning the registry. I also use hijackthis to help diagnose a pc and remove any traces that I can find. I run a few antirootkit’s to make sure no rootkits are hiding, such as rkill and Roguekiller. I also use the host file to block advertisements, but I here some of the browser add on’s work pretty well too.
    Author, I hope this has helped you in some way, if not I hope this helps anyone else who may have a malware problem.

    • djanam says:

      Hi, thanks for your commens and for the additional recommendations. I am a software engineer educationally and professionally so going after the exectuables directly seemed most expedient. There were a lot of pieces of that virus, though, so using a tool once stabilized was definitely the best approach. I am certain that your additional comments will help others in the future. I will keep them in my hip pocket, as well. Thanks again for posting.

      • Dustin says:

        Yeah, no prob. I figured you were pretty smart and knew what you were doing. There is more than one way to clean computers, but I like to spread my knowledge when I can. I am a self-taught computer tech and do it as a hobby for free, (my last customer, a friend, paid me $30) But my goal is to start my own business or work at a place and do it professionally. I believe that I am pretty good at what I do. My customers are pretty happy with my work, and I try to do the best I can, removing all traces that I can find. I know a lot of company’s that charge a ton and do a simple virus scan and say it’s clean. There is also a lot of people who think the only way to clean an infected computer is to just wipe the hard drive and start over. I have never had to do that yet, and even had one laptop infected with hundreds of traces of malware. At least a few rootkits and lots of other malware. I was able to successfully clean it without reinstalling windows, it took some time, but as far as I could tell it was clean. Malware can sometimes be hard to find and remove, but I enjoy doing it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s