System Repair Description

[+] Click Image to Enlarge

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

System Repair is a fake security program that comes from the same family of fraudulent applications as Windows Repair, Windows Diagnostic and Fake System Restore and poses as a legitimate system optimization and defragmentation tool, which tricks PC users into buying its nonexistent full version to supposedly remove computer infections and hard drive errors it detects on your machine. System Repair gets inside the affected PC with a help of Trojan infections that are downloaded together with unsafe downloads. System Repair can make your desktop clean and black. That is, System Repair will hide your icons and not only on the desktop. You may not find a lot of files and folders on the computer system. Fortunately, all files and foledrs you had exist, you only cannot see them. When installed on a computer, System Repair will slow down its performance, perform a bogus system scan and display false scan results to intimidate you that your PC is infected with numerous malware items. System Repair will also show fake pop-up security alerts to report imaginary security threats and scare a targeted PC user that his/her computer is at risk. Then System Repair will offer a victim to purchase its rogue software to allegedly fix the detected viruses and issues. System Repair is a scam that tries to fool unsuspecting computer users and then steals their money. Therefore, do not rely on and purchase System Repair virus program. The best solution would be to uninstall System Repair from your computer system immediately after its detection.

Type: Rogue AntiSpyware Programs

How Can You Detect System Repair ?

System Repair Technical Report

As new System Repair details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for System Repair :

The following fake error message(s) appears for System Repair :

System Repair Diagnostics
Windows detected a hard disk error.
A problem with the hard drive sectors has been detected. It is recommended to download the following sertified software to fix the detected hard drive problems. Do you want to download recommended software?

Requested registry access is not allowed. Registry defragmentation required
Read time of hard drive clusters less than 500 ms
32% of HDD space is unreadable
Bad sectors on hard drive or damaged file allocation table
GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash
Drive C initializing error
Ram Temperature is 83 C. Optimization is required for normal operation.
Hard drive doesn’t respond to system commands
Data Safety Problem. System integrity is at risk.
Registry Error – Critical Error

Critical Error
Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can’t find hard disk space. Hard drive error.

Fix Disk
System Repair Diagnostics will scan the system to identify performance problems.
Start or Cancel

System Repair Removal Details

System Repair has typically the following processes in memory:

• dbheuPYTtA.exe
• %AllUsersProfile%\Application Data\[RANDOM CHARACTERS].exe
• %CommonAppiData%\[RANDOM CHARACTERS_1].exe
• %AllUsersProfile%\Application Data\[RANDOM CHARACTERS].dll
• %CommonAppData%\[RANDOM CHARACTERS_0].exe

System Repair creates the following files in the system:

• %UserProfile%\Start Menu\Programs\System Repair\Uninstall System Repair.lnk
• %CommonAppData%\[RANDOM CHARACTERS_1]
• %UserProfile%\Start Menu\Programs\System Repair\
• %AppData%\Microsoft\Internet Explorer\Quick Launch\System_Repair.lnk
• %UserProfile%\Desktop\System Repair.lnk
• %UserProfile%\Start Menu\Programs\System Repair\System Repair.lnk

System Repair creates the following registry entries:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ‘1′
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ‘0′
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ‘0′
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”[RANDOM_0].exe” = “%CommonAppData%\[RANDOM_0].exe”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ‘1′
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[RANDOM CHARACTERS]”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ‘1′
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[RANDOM CHARACTERS].exe”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ‘0′
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ‘0′

Important Article Disclaimer