Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Tuesday, November 15, 2011

Remove "System Fix" (Uninstall Guide)

Tell your friends:
System Fix is a type of malware commonly known as rogueware that attempts to steal money from victims by luring them into paying to fix nonexistent system errors and threats. If you think that it does have some rudimentary PC repair software functionality then you are wrong. With such a generic name and Microsoft trademarks, System Fix tries to pass off as a legitimate computer repair program. However, it's nothing more but a scam. Rogue programs are considered one of the most prevalent and dangerous threats lurking on the Web today. The goal of cyber crooks is to profit from malicious software. Infected computer are widely used for malicious criminal activities such as spamming and distributing malware.

If this fake PC repair program took over your computer, there's a great chance it also installed more sophisticated malware, very often TDL3/4 rootkit or Rootkit.Boot.SST, to avoid antivirus detection and to block malware removal tools. Most rogues don't show suspicious behaviors, so antivirus companies have to focus on signatures. In a previous writeup, we examined how to remove a rogue program called Data Recovery. System Fix is from the same family of malware and it hasn't been updated recently. It's just another name, but the infection is 100% the same. We'll show you how to rid of it or at least disabled it long enough to remove it. To remove System Fix malware from your computer, please follow the removal instructions below.



Rogues share a number of commonalities:
  • blocks legitimate anti-malware software
  • displays fake hard drive pre-failure warnings and notifications
  • mimics genuine products
  • complete system scan is super fast and completely false
  • it proceeded to pretend to fix the critical problems it claimed to have found on a brand-new
  • installation of Windows
  • hides Windows icons and shortcuts to make you think that your hard drive is going to fail
Fake system errors:





Most rogue programs go beyond aggressive marketing to sell software that has no functionality. System Fix is a good example of such misleading software. Users, naturally worried about the supposed critical system error, will often buy the license. Don't blame yourself if you fell for this scam. Cyber crooks adopted scareware on a massive scale and about 2-3% of victims will probably buy it. Instead of blaming yourself, call your credit card company and dispute the charges. Or even better, cancel your credit card and create a new one. Cyber cooks may use stolen credit card details again. Last, but not least, install solid antivirus software and keep it up to date. And next time, do a research before paying for software you didn't go looking for it. Good luck and be safe online!

Before continuing with the removal instructions, you can use cracked registration key and fake email to register System Fix. This will allow you to download and run any malware removal tool you like and restore hidden files and shortcuts.

mail@mail.com
15801587234612645205224631045976 (new code!)

mail@mail.com
1203978628012489708290478989147 (old code, may not work anymore)



Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.

http://deletemalware.blogspot.com

Important! First of all, please follow the removal instructions outlined on this page. Full write-up and manual removal guide can be found here: http://deletemalware.blogspot.com/2011/09/how-to-remove-data-recovery-uninstall.html (works with System Fix malware too). Follow it in case the removal guide below didn't work out. Good luck!


System Fix removal instructions:

1. Open Internet Explorer. If the shortcut is hidden, pelase Select Run... from the Start Menu or just hit the key combination CTRL+R on your keyboard. In the Open: field, enter iexplore.exe and hit Enter or click OK.



2. Download and run this utility to restore missing icons and shortcuts.

3. Now, please download TDSSKiller and run a system scan. Remove found rootkits as shown in the image below. Reboot your computer if required.



Please note that your computer might be rootkit free, not all version of System Fix comes bundled with rootkits. Don't worry if TDSSKiller didn't find a rootkit.

4. Finally, recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.

NOTE: With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

5. The virus should be gone. If certain icons and shortcuts are still missing, please use restoresm.zip.

Share this information with your friends:

90 comments:

Anonymous said...

Great article. This helped a lot. I've been trying to figure a work around to kicking this scareware.
Thanks =D

Johnny Harris said...

How do you get your money back if you were dumb enough to buy it?

Johnny Harris said...

Is what they are doing against the law? It is the same as a Doctor getting people sick and then charging them for the cure?

Johnny Harris said...

The money back guarantee is worthless. The information they give you to contact them is bogus. I have emailed both email address on the receipt, but they are definitively going to be ignored. The only way to get my money back is to contact the credit card company and cancel the charges. It may take some time, but I do not care how long my wife will need to stay on the phone. I will get justice. Here is something else they sent me.
Thank you for purchase, System Fix!
Your activation code: 1203978628012489708290478989147
Please use this download link to install System Fix if your software copy has been removed or lost. yourlicensehot.com/license/download/system_fix.exe
Contact us through Help&Support section in the System Fix menu or by phone +1.8662065623

Admin said...

Johnny Harris, thank you for your comments. Yes, I'm afraid the only way to get your money back is to dispute the charges. Besides, I think you should cancel your credit card and create a new one. They now have your credit card details.

Valim said...

Hi there,

I have a few questions. Do I
(1) register System Fix then,

(2) follow the instructions on
http://deletemalware.blogspot.com/2011/09/how-to-remove-data-recovery-uninstall.html

Then
(3) continue with the System Fix removal instructions above.


Or do I just start with the system fix removal instructions above?


Thank you!

Admin said...

Hello Valim,

start with the system fix removal instructions above.

--
(2) follow the instructions on
http://deletemalware.blogspot.com/2011/09/how-to-remove-data-recovery-uninstall.html

That's the alternate removal guide.
---
(1) register System Fix then,
You may use cracked registration key if you want to stop annoying alerts.

Good luck!

Anonymous said...

Thank you sooooo much for these removal instructions!

Anonymous said...

I got this virus because I downloaded a fake adobe flash player update. Now I'm trying to figure out what page I visited that prompted the update. Thanks for the removal instructions!

Anonymous said...

Great article. Interesting to see all the comments in the last couple days, I wonder if some new infection of this just got spread around. I also recall an Adobe Flash update in the last couple of days, probably that's the cause of it.

Viktor Molle said...

Is there anybody who's able to post the StopZilla registration code here?

Anonymous said...

tdskiller not working. what to do ???

Anonymous said...

Viktor, they give it for free when you try to uninstall

Anonymous said...

hey man, this was the most straightforward solution i have checked.You're the man, thanks a lot!!!

Anonymous said...

Thank you so much,for the information.....,helps a lot!

Anonymous said...

Thank You...Thank You...Thank you!!!!

Anonymous said...

Thanks for this, it really was a lot of help!!
I also downloaded an adobe update and I wasn't even on a suspicious site or anything.
I have Avast and after the adobe update my Avast popped up to put a suspicious exe in the sandbox to run it.
Then the whole crap started with systemfix, I guess it busted thruw the sandbox, I wonder how this is possible.
Well I got rid of it thanks to these steps.

Anonymous said...

good stuff

Anonymous said...

Which instructions are you all being grateful for? the manual instruction or the one which makes you buy another software? PLEASE PEOPLE, BE MORE SPECIFIC!!!
Did anyone follow the manual instructions?
Cheers

Anonymous said...

can i do this in safe mode ?

Andrew said...

I have this malware on my comp. When I run tssdkiller it doesn't detect anything. Help me please.

Admin said...

Ok, that's good, now scan your PC with anti-malware software.

Anonymous said...

STOPZILLA asks for registering before it can delete...I ran a full 8 hr scan and it showed somany viruses but I'm not able to delete because I need registration code...anyone Please help....I tried unistalling also and it did not give it for free

Anonymous said...

Excellent guys, thanks. I was suckered by a fake Adobe Update...DOH!

-al said...

Ah ha! A fake Flash update.
I used a similar approach to remove the malware from my wife's laptop, but now it's running incredibly slow, basic functions, like launching a browser, are causing the machine to slow to a stop.
Anyone else having this issue?

Anonymous said...

thanks a lot, its the second time one of these rogue programs attacks my computer. since were broke we cant afford virus protection

geezoid said...

hello? is anybody out there? i got the
Mal/FakeAv-OP and fought the thing for days. had use of everything if you could find a way. i found an exe. file in c:Doc~~Data. i tried to delete it but it would not allow me because it had an icon going on in the task bar. i discovered the way to delete it. but my PC is messed up now. all my shortcuts seem to be (empty) ?? any help would be appreciated. my PC seems to be working faster

geezoid said...

hey, everybody/anybody out there, did i mess up my pc by deleting the offending Mal/FakeAV-op files before seeking help on-line? i didn't use any software. is that ???.sst file stuff for real? i didn't want to download anything without knowing what it was. WEBROOT was running when it hit me. anyway, if deleting the files while(sort of) they're running would help out anybody, i would be more than happy to share. thanks for any help

Anonymous said...

Help, i followed instructions but all of my internet access seems to have been wiped out also !! Therefore i cant access the software. Is this a consequence of system fix and how do i continue, ps. I am very IT illiterate so any instructions would be very welcome

Admin said...

geezoid,

Use Unhide.exe, step #2 in the removal guide or restoresm.zip, step #5.

geezoid said...

hey Anonymous, Admin is right. if you can get to 'windows explorer', right click where files and folders should be and select properties. uncheck the hidden box and the files will show up again.
hey Admin, i cannot see my 'programs' directory in c: i will try the above mentioned advice. all programs in my start menu show 'empty'. i still only see 'Docs & Settings' folder in c: in windows explorer.
thanks again Admin

geezoid said...

hey Admin, i ran Unhide.exe and i now have most of the files showing. my 'Local Disk(c:)' is still only showing 'Docs & Settings' folder. i am sure my files are still there because when i check Properties, it shows a nearly full hard drive. also, my 'start menu''programs' list is still showing (empty). any ideas? thanks for the heads up

geezoid said...

Anonymous, if you can see your c:\Docs&Settings\AppData\???? files, check to see if you have an .exe file in it. My directory had all FOLDERS of programs my PC runs and three other files. one of the three was ?'nB74Hmfu83(etc. etc.) .exe? (the name of this file changes every time you reboot. At the left of that file was an icon that matched the icon in the task bar(the strip at the bottom of your desktop). When i tried to delete the file, i got an error message telling me the file was in use(the icon in task bar) and would not let me delete it. i finally found a way to delete it but it may not be the best way to get your PC back to normal(as i have described). i set up a small window showing me the bad file i wanted to delete and then i clicked the right button on the 'error message'. It was labeled 'scan and reboot'(i think). The icon in the task bar disappeared for about 5 to ten seconds. During that 5 to 10 seconds, I deleted the file. it froze up my PC. I rebooted and have not had any more bogus error messages but my start menu and c: drive is still not right. I was able to access the internet by selecting 'upgrade' on the active icons at the right end of the task bar. 'Upgrade' would start the default browser. I have no access to my 'Program' files so i can't create shortcuts.
I may have made a big mistake deleting that stuff manually.
Any help from anybody would be greatly appreciated.

geezoid said...

Admin,
this is to update my attempts at restoring my PC. i downloaded restoresm.zip When i extracted, all that was in it was a .bat file. I'm not good enough at this PC stuff to know what to do with that. i tried running the .bat file and saw a flash of a shell. it was just a short flash. i can't tell if it did anything.
thanks again and for any future help from out there.

Anonymous said...

Admin,
following on that my internet does not work, unhide.exe cannot be found, my printer does not work, my orange livebox is said to be disconnected and all power from usb points has gone!!! Do i have a serious issue or can system fix really do all of this damage. Btw, my pc is 10 yrs old with windows xp professional ( in case this leads to a different solution?), thanks for any advice !

Anonymous said...

Thanks, worked like a charm!

André said...

Hey, I need help, I think I've screwed my computer. I have a long explanation of what happened:

I received the system fix virus and went on to this computer (from which I'm typing from now) to find a solution. I went to the deleterogues.blogspot blog and followed the instructions there. As instructed, I rebooted my PC in safe mode with networking, and started downloading Spyware Doctor. I did some further reading and discovered that Spyware Doctor apparently does not fully remove the virus.

I heard that Malwarebytes should do the trick, and since I already had it, I tried loading it up, but it gave me an error message and would not open. So I uninstalled it, and put Malwarebytes on my flash drive from this PC. Next, I installed it on my infected PC from my flash drive and ran a scan. Indeed, it found the virus (fake.alert) and found a couple of other viruses. I then had the program clean my computer. The program prompted me to restart my computer after it finished cleaning everything up, and I gave it the OK. After my PC had restarted and reached the "Welcome" screen for Windows XP, my computer suddenly restarted. I thought perhaps it was my flash drive that was causing the problem, and, in a move that's likely very stupid, I removed the flash drive, and my PC, almost on cue, blue screened, and the computer restarted before I completely read the screen (I did catch that it was shutting down to save data). Upon it restarting, Windows detected an improper shutdown and asked me in which mode I wanted to start Windows. I chose to start Windows normally. About 2 seconds after choosing this option, my PC restarted again, and I got the same screen as before. This time, I chose to start windows in safe mode with networking. Once again, the PC restarted. I tried one more time, and it did the same thing, so I just shut it off.

Did I just screw up my PC? Is there anyway to save my data? Thanks in advance for any help.

Anonymous said...

This worked perfectly! Thanks!

Anonymous said...

Admin -

Hi, I downloaded and am running Step 2 "unhide.exe". It's been running now for an hour. Is it really still running?

Anonymous said...

Follow up to November 28, 2011 10:32 AM
Looks like all is fixed. But I had to manually delete the System Fix executable files, randomly named, but date stamps from 1/2 hour ago, located in C:/ProgramData folder.
Thanks ! you're the man!!

André said...

UPDATE: I got my computer turned on, but I got the virus back. I'll update again if I can get it out normally.

Anne said...

i got all the way to downloading the stopzilla, when i finally got the program to open it said a quickscan had found 6 programs and quarantined them, but when i try to perform the scan to view them it says that the items can only be fully removed by subscribing the product?

help

geezoid said...

Anne, don't buy anything. "people-who-have-paid" stories are at the top of this blog. no luck. I had my PC almost completely back except C: only displayed 'Docs and Settings...' I tried sfc/scannow in command prompt and lost the OS. I FORGOT TO DO ALL THAT IN SAFE MODE... oh well. trying to retrieve PICS and My Docs from HHD now. what fun. good luck everybody

Anonymous said...

Here's your solution:

Download rkill
Download Malwarebytes
Download SpyBot - Search and Destroy
Download cCleaner

Restart in safe mode (requires holding F8 during startup on newer operating systems, in case you didn't know)

Once rebooted in safe mode, run rkill.exe (which might have saved itself as ieexplorer.exe or something like that to disguise itself from the virus)

That should halt the active processes of the virus.

Then, update and run Malwarebytes (full scan, NOT "quick scan")
...remove any viruses found, of course

Update, "immunize" and run SpyBot - Search and Destroy, "fixing" any problems found.

Run cCleaner, both the normal "cleaning" mode and the registry error "fixing" option as well.

Reboot in normal operating mode.

Done. (hopefully)

Anonymous said...

Thanks, this helped me out so much. I used Malwarebytes instead of Stopzilla and I had to run unhide.exe again to regain everything that System Fix had hidden after it was lost

Anonymous said...

Thank You and Bless you for the help

Anonymous said...

Thank you so much for this article. It just helped a client of mine get rid of this nasty malware and save all of her employer's documents.

Anonymous said...

checking if you moderate this comment. If i don't see it then I'll know that the comments above are fake.

Admin said...

Don't worry, all the comments above are not fake ;)

Anonymous said...

Thank you very much for your help, I cannot express my entire gratitude here, THANKS THANKS THANKS!!!

Jeff M said...

Worked for me! Thanks so much.

Anonymous said...

Thank you all! What a horrible malware.

Groening_Fan said...

If you have Admin issues, regain with these instructions. I used this fix on an XP machine, and I had no problem installing Malwarebytes AntiMalware.
http://forums.techguy.org/7555978-post8.html

going nuts said...

I got the System Fix virus on December 1st. We have since read everything we could find on it and removed everything we canfind. The problem is that my computer will not go on the internet. Any help would really be appreciatedl

Anonymous said...

Thank You!!!!

Anonymous said...

I got this virus Friday after getting a similar one a week before ("Privacy Protection"). Also from a fake Flash update from a free TV site. I couldn't delete the malware files because they were always running. The way I got rid of both was to restart my PC and as soon as I had a chance, rename the malware exe files. It seemed to keep them from preventing deletion. The System fix dumped a lot of my files though. It completely emptied iTunes of over 7,000 songs and videos! Luckily I had them in Media Monkey also or my entire collection would have been toast. My AV software never detected the viruses. I loaded the free Windows AV software and it found two more. My PC is still missing a lot of shortcuts and possibly some programs but did notice a bunch of extra directories now. I will give the unhide utility a try.

Anonymous said...

Ahh the utility put the desktop back along with icons. iTunes is still empty though but I can restore that.

Anonymous said...

Sorry to say, but that Tdskiller doesn't run when I've downloaded it. Is there a solution or an alternative to it?

Anonymous said...

i have this virus, and this stuff isnt working

Anonymous said...

I can not run tdskiller help?

Anonymous said...

Like a couple of other people have said, when I got to the part where I needed to run TDSSKiller it just wouldn't run. I double clicked on tdsskiller.exe and it just didn't do anything. But reading one of the other posts gave me the idea of renaming the file (i called it whatever.exe instead) then trying to run it - and that did the trick.

I figure (some versions of) System Fix has some sort of lookup file that it uses to try and prevent certain helpful files (such as "tdsskiller.exe") from running. So renaming it allows it to slip through.

Anonymous said...

This has taken me a while to get rid of but I am getting there (finally).

Using the above guide to get through it plus some other bits of software.

If tdsskiller isn't working, its because the rootkit is stopping it. Also, try downloading the latest version from the Kaspersky website.

Boot into safe mode, run rkill, wait for that to finish, then run the latest version of tdsskiller!

Roz said...

Please Please help. I have tried running Spyware doctor and malwarebytes in both normal and safemoode, both scans never complete! I can unhide my files but I've done something to hide system fix from appearing when I run the laptop so I cant use the registration key above! So stressed :(

Anonymous said...

Well, I completed the "unhide.exe" and the "tdsskiller.exe"...seem to work fine. Did not find anything using the "tdsskiller.exe"...appear per the Admins comments above that is fine.
I then ran the "STOPzilla_Setup.exe" and it all went fine until the end. I got a "Message 1906. Failed to cache package C:\WINDOWS\Installer\2b756d.msi. Error:-2147287010" The STOPzilla pop up box asks me if I want to "Try Again" or "Cancel". When I click "Try Again" it does not work and the same box pops back up.
Please tell me what to do next.

Anonymous said...

I helped a friend with this "Sistem Fix" problem . Interesting to find that this came from a fake adobe update ..
Hitman Pro 3.5 would do the best job .
http://www.surfright.nl/en/downloads/
You'll have 30 days to remove all the scam on your PCs , just register for free .

Anonymous said...

I followed these instructions from the post above and it WORKED (thank GOD!)

Here's your solution:

Download rkill
Download Malwarebytes
Download SpyBot - Search and Destroy
Download cCleaner

Restart in safe mode (requires holding F8 during startup on newer operating systems, in case you didn't know)

Once rebooted in safe mode, run rkill.exe (which might have saved itself as ieexplorer.exe or something like that to disguise itself from the virus)

That should halt the active processes of the virus.

Then, update and run Malwarebytes (full scan, NOT "quick scan")
...remove any viruses found, of course

Update, "immunize" and run SpyBot - Search and Destroy, "fixing" any problems found.

Run cCleaner, both the normal "cleaning" mode and the registry error "fixing" option as well.

Reboot in normal operating mode.

Done. (hopefully)

Anonymous said...

I am baffled by this... My Malware software (malwarebytes) doesnt even pick this virus up! It identifies 2 things which I clear, then I restart and the problem is still there! This is hopeless, I am going round in circles... any suggestions!?

Carol said...

Be sure that you're booting in SAFEMODE first (press and hold F8 during boot up).

Did you run rkill, THEN run Malwarebytes?

Anonymous said...

malwarebytes and STOPzilla(from step 4) both cannot be installed. Seems like the system fix blocked them somehow. I used Combo Fix and it worked great. Just rename the setup file something else so that system fix doesn't recognize it and block it.

Anonymous said...

who got the crack key for stopzilla 5.0.0?

Brannon said...

Hi there - thanks so much for the fix, worked a treat for me on a colleague's computer. I'm fairly sure though that this may also be linked to some sort of browser jijacker which has been hanging around hijacking google search results since she previously clicked ok on something she shouldn't have...

At the time, we removed that but haven't been able to stop the hijacker. Google will bring up results but actually clicking on the link takes you somewhere else entirely... always a buy/win/etc page that's clearly bogus.

Any other great advice on getting rid of that??

Again, great fix - super easy and allayed the panic! Cheers.

Anonymous said...

Thank you so much , problem fix !!!

Anonymous said...

Utility tool didn't unhide all my icon and start up menu what do I do

Anonymous said...

My computer just got infected a week ago. I just update the latest security from Microsoft today and it fixed the problem.

Anonymous said...

Well done - your article worked for me.

My series of events, summarised. Maybe this helps you.

- Windows 7 Home Premium 64bit.
- Comodo firewall and antivirus installed. All up to date.
- Had firefox open on what I consider are reasonable websites - Amazon, Youtube. Nothing dodgy. No emails opened, nothing installed etc etc. I'm an IT guy of 15 years and have enough experience with this, trust me.
- Received an alert from comodo that ".exe was 'sandboxed' by Comodo. This, I assume, is supposed to mean it runs in a ring-fenced environment, no? Seems it didn't... This alert from Comodo is info only - I can't allow or block or anything.
- Shortly afterwards, .exe is trying to access the Internet. I immediately said Block. Got another alert immediately for a second .exe - same procedure - blocked.
- Honestly, I noticed the hard disk was working quite hard and simply put it down to another of Windows 7' Indexing features, or suchlike.
- Some minutes later, I received multiple cascaded alerts about "delayed write failed". Press cancel to reboot, if I remember correctly. Immediately rebooted, and I was already thinking about the past events and telling myself "virus! I'll be surprised if this machine comes back up". But it did...
- I had lost half my desktop icons, most of my start menu links, files were hidden in Explorer.
I have multiple drives, and only shortcuts pointing to this drive were affected, the ones pointing to my E drive were OK. Same applies to the hidden files in Explorer - C:\ drive mostly hidden, d:\ drive, half. E:\drive - not touched. Seems I 'interrupted' the virus during the reboot.
- Googled a bit and found the following, all time and date stamped from the previous 15 minutes:

C:\Users\spanko\AppData\Local\Temp\0.7212855055993831fdrgs.exe 460KB
C:\Users\spanko\AppData\Local\Temp\0.8845776377071477fdrgs.exe 460KB
c:\ProgramData\.exe 460KB (don't have exact filename, but similar to above).

I scanned these with Comodo - nothing found!

Shift-deleted them.

- Unclean.exe worked, replacing all icons and unhiding the files in explorer.
- TDSSKiller found nothing

Thanks again!

Anonymous said...

My son's computer got this the other night and I tried using TDSSKiller, loaded it onto a flash drive from my laptop, then tried to load it onto his from the flash drive. Worked fine, except when I got the screen saying I needed to pay or enter the registration key.

Now, I have absolutely no problem paying for this if it will work, but even if I did pay for this, I can't get online with my son's laptop to enter the registration code. How do people get around this if the virus has denied you getting online?

Please help, as he has a lot of school work on his laptop that we'd like to try and get back :(

Syaima- said...

I still can't fixed it . what should i do ? please help me....also can't download the program

John said...

Same problem here with Stopzilla. I'm running a scan and getting a lot of viruses, but it said up front I would need to pay to remove.

Help!

Anonymous said...

OUTSTANDING!!!
MS Security Essentials nor SpyBot S&D could not locate or or do anything about this System Fix crap, but your procedure nailed it!
I'm a fat happy boy right now!
The DW will be even happier.

THANKS!!

Anonymous said...

if it stops giving you the bogus notifications does that mean your computer is fine now? It stopped with the notifications but i dont have my desktop back

Anonymous said...

Thank you!!

Anonymous said...

I have succesfully removed the "system fix" but I still have the problem that many of the programms in the start menu are missing.
I already tried unhide.exe several times and also used restoresm.bat -> the problem is still there.

Anyone an idea?

Anonymous said...

i downloaded spyware doctor and bought it now i cant get out of safe mode please helP!!!!!!!!!!!!!!!!!

Unknown said...

About 20-40mins ago, my dad contracted this malware and then started clicking in panic, now safe mode won't load, windows repair won't load, and because it's a laptop that uses a fn key to use functions (much like using a shift key to type a dollar sign) I can't load boot options to have it read the cd first before the Hdd. I'm thinking to either connect a separate keyboard in hopes I can use that to access the boot options or to remove the hdd and use an old pc to fix the drive from an external drive pov. Judging by what I've read thus far, I assume this malware dled something else that is destroying system files or something else dled from whatever site he shouldn't have been on as well.

Opinions, suggestions?

Anonymous said...

WOW! Saved my day, and more!!!! THANK YOU!!!!

Great guidelines for someone who's not very good at these things!

Easy to understand and more!

Denny said...

My computer was infected with System Fix a while ago. Thanks to the info of this and other forums, i managed to get rid of it and got everything working as usual again.

The only "problem" I still have is the following: System Fix is still in my Start Menu (the exe-file and uninstall-file) and at my desktop, there's still a shortcut to the exe-file.
Can I just delete those manually (shift - delete)? I'm afraid to touch those files and to get the virus going again by doing so...

Joe_Z said...

OK, I've got the virus and rootkit removed. (@Denny..yes, just delete those leftover shortcuts to 'System Fix'.)
BUT... I still don't have all my shortcuts restored. I tried 'unhide.exe' and 'restorem.bat' I got my Desktop shortcuts back, and I got my Start Menu FOLDER back.. but none of the shortcuts within the Start Menu Folders. Anyone have any suggestions??

Anonymous said...

thanks a lot man !! you just saved my pc life !......

Anonymous said...

thanks a lot. this has solved my problems after being infected with a trojan.
thank you

Anonymous said...

Thank you! This helped me fix my boss's pc. Now he OWES me!