"System Fix" Virus

A nasty new virus is going around.  So I decided to post a quick description of the symptoms and then instructions on how to remove it. 

 

 

DESC:  (Provided by http://www.spyware-experts.com/)

What is System Fix?

System Fix is what is known as rogue spyware or ransomware which means it claims to be legitimate software but it is actually spyware itself. It attempts to scare you into purchasing bogus software by hijacking your computer and bombarding it with fake alerts and scans, but the entire process is just an elaborate hoax.

 

However, the larger threat that System Fix poses is that hackers use it to attempt to gain access to your sensitive information i.e. passwords, account numbers, credit cards, etc. because it can log keystrokes and internet activity and then send that information to a remote server over the internet – which can ultimately lead to identity theft.

 

*IMMEDIATE REMOVAL OF SYSTEM FIX IS REQUIRED TO KEEP YOUR COMPUTER AND PERSONAL INFORMATION SAFE*

 

Why Can’t I Remove System Fix Manually?

 

System Fix is an extremely complex spyware infection. It places a large number of random files and registry entries on your computer. Because there are also legitimate Windows files that are random strings of numbers and letters, knowing which files to delete is near impossible and if you delete a legitimate file that your computer needs this could lead to further problems, including causing your computer to become inoperable.

 

System Fix also has the ability to recreate itself – meaning that unless you remove all traces of it completely, it will simply resintall itself every time you restart your computer.

 

What does System Fix do?

 

Once installed, System Fix can:

 

*Steal your passwords, credit card numbers and personal information.
*Block you from running Windows Task Manager
*Block you from running executable files
*Trick you into purchasing illegitimate software by simulating computer problems.
*Hijack your web browser by blocking access to websites of legitimate software vendors.
*Affect the performance of your computer so much so that it may render it inoperable.
*Selectively disable parts of your system to prevent you from uninstalling it.
*Prevent legitimate spyware and virus removers from running
*Disable automatic system software updates
*Install additional spyware or viruses onto your computer

 

How did System Fix get on my computer?

 

The most common ways to come in contact with System Fix include:

 

*Maliciously coded web sites that popup a warning message that you are infected
*E-mail messages that trick you into clicking on a link
*Web sites that claim you need to download additional software like a audio codec or video viewer
*Links or downloads that are spread through social networking sites such as MySpace and Facebook
*Instant Messaging systems

 

 How do i get System Fix off of my PC?

To remove this you need to boot into safe mode (F8 during boot up), log into the profile that is infected, run the latest version of ComboFix. 

http://www.bleepingcomputer.com/download/anti-virus/combofix

 

Once combo fix is finished and reboots the PC, log into the profile and run “unhide.exe” to return all hidden files. 

http://www.bleepingcomputer.com/forums/topic405109.html

 

Then go into the start menu properties and reset to defaults to return the start menu to normal due to the virus hiding all start menu items.  Once this is done go into/run MSconfig and look for questionable startup items, I found vMttfGqwJXmmgo.exe in the msconfig. 

 

 Run virus scans, I suggest   (both are free)

Eset:   http://www.eset.eu/eset-online-scanner

and

malwarebytes: http://www.malwarebytes.org/

 

Make sure reboot between each scan.  Once they come back clean you should be good to go.

 

~Attica~

 

 

Additional information