System Care Antivirus

Posted: April 9, 2013

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	13,326
Threat Level:	10/10
Infected PCs:	1,536

First Seen:	April 9, 2013
Last Seen:	September 8, 2023
OS(es) Affected:	Windows

One of quite a few variants of a very well-distributed form of scamware, System Care Antivirus poses as an anti-malware scanner, but actually is a rogue anti-malware product that detects PC threats with deliberate inaccuracy. By detecting large amounts of fake infections and causing various system problems (such as blocking specific applications), System Care Antivirus hopes to convince victims to pay for registering its software, supposedly to 'fix' the above issues. SpywareRemove.com malware researchers recommend that you ignore any alerts or system information from System Care Antivirus, which is malicious software and, like with any kind of scamware, you should use a legitimate anti-malware utility to get rid of System Care Antivirus without any unnecessary delays.

System Care Antivirus: the Least Helpful Caretaker Outside of 'Misery'

System Care Antivirus keeps to the looks, but not the real functions of an anti-malware product, as a member of the WinWeb Security group of fake anti-malware programs. System Care Antivirus's main 'feature' is its system scan, which always creates inaccurate results that are specialized for displaying high-level PC threats like rootkits that, in all likelihood, actually aren't on your computer. SpywareRemove.com malware researchers also have confirmed that System Care Antivirus can generate fake pop-up warnings in several formats, including some that imitate those of normal Windows alerts (such as a taskbar notification that asks you to install additional scamware or register System Care Antivirus).

These attacks all are part of System Care Antivirus's scam to dupe its victims into purchasing a registration key, which SpywareRemove.com malware experts, naturally, heavily discourage. The registered version of System Care Antivirus is no better at tending to your PC than the unregistered version of System Care Antivirus, and even allowing System Care Antivirus to remain on your computer will result in problems accessing a range of other programs (as explained below).

Bringing System Care Antivirus Face to Face with a Real Anti-Virus Program

Perhaps System Care Antivirus's most inconvenient function is its ability to block any other applications (excluding, for the most part, only some basic Windows programs and, of course, itself), which System Care Antivirus will claim System Care Antivirus does to protect your PC from damaged or compromised software. Deactivating System Care Antivirus will let you regain your normal usage of these blocked applications, and SpywareRemove.com malware experts can suggest using either Safe Mode or booting from a flash drive as easy ways of accomplishing this.

Once you've performed the above precautions, any solid anti-malware utility should be able to delete System Care Antivirus with ease. Besides ridding your PC of System Care Antivirus, SpywareRemove.com malware experts also encourage similar cautions against System Care Antivirus's assorted relatives, which include such examples as Antivirus Security, System Security, AntiSpyware Pro 2009, Total Security, Total Security 2009, Security Tool, Trojan.RogueAV.a.gen, System Adware Scanner 2010, FakeAlert-KW.e, Advanced Security Tool 2010, System Tool 2011, MS Removal Tool, Antivirus Center, Security Shield, Personal Shield Pro, Advanced PC Shield 2012, Security Sphere 2012 and Futurro Antivirus.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%DesktopDir%\System Care Antivirus.lnk

File name: %DesktopDir%\System Care Antivirus.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

%AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe

File name: %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%Programs%\System Care Antivirus\System Care Antivirus.lnk

File name: %Programs%\System Care Antivirus\System Care Antivirus.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

%CommonAppData%\[RANDOM CHARACTERS]

File name: %CommonAppData%\[RANDOM CHARACTERS]
Group: Malware file

%CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS]

File name: %CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS]
Group: Malware file

%CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].ico

File name: %CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].ico
Mime Type: unknown/ico
Group: Malware file

%CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe

File name: %CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

File name without pathSystem Care Antivirus.lnkHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\[RANDOM CHARACTERS] = "%AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\System Care AntivirusHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\System Care Antivirus\DisplayName = "System Care Antivirus"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\System Care Antivirus\UninstallString = "%AppData%[RANDOM CHARACTERS][RANDOM CHARACTERS].exe" -uHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\System Care Antivirus\ShortcutPath = "%AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe" -u

Additional Information

The following directories were created:

%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\System Care Antivirus%Appdata%\Microsoft\Windows\Start Menu\Programs\System Care Antivirus%UserProfile%\Desktop\System care.exe%UserProfile%\Start Menu\Programs\System Care Antivirus

The following messages's were detected:

#	Message
1	Security Monitor: WARNING! Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe your need to update your current security software. Click Yes to download official intrusion detection system (IDS software).
2	Spyware.IEMonster activity detected. This is spyware that attempts to steal passwords from Internet Explorer, Mozilla FireFox, Outlook and other programs. Click here to remove it immediately with System Care Antivirus.
3	Spyware.IEMonster activity detected. This is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs. Click here to remove it immediately with System Care Antivirus.
4	System Care Antivirus Firewall Alert System Care Antivirus Firewall has blocked a program from accessing the Internet. Internet Explorer Internet Browser is infected with worm SVCHOST.Stealth.Keyloger. This worm is trying to send your credit card details using Internet Explorer Internet Browser to connect to remote host.
5	System Care Antivirus Warning Intercepting programs that may compromise your privacy and harm your system have been detected on your PC. Click here to remove them immediately with System Care Antivirus.
6	System Care Antivirus Warning Intercepting programs that may compromise your privacy and harm your system have been detected on your PC. Click here to remove them immediately with System Care Antivirus.
7	System Care Antivirus Warning Your PC is still infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details.
8	System Care Antivirus Warning Your PC is still infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details. Click here to activate protection.
9	Warning! Application cannot be executed. The file GoogleUpdate.exe is infected.Please activate your antivirus software.
10	Warning! The site you are trying visit may harm your computer! Your security setting level puts your computer at risk! Activate System Care Antivirus, and enable safe web surfing (recommended).Ignore warnings and visit that site in the current state (not recommended).
11	Warning: Your computer is infected Detected spyware infection! Click this message to install the last update of security software…

3 Comments

Louise says:

April 11, 2013 at 12:10 am

Great information. Lucky me I ran across your website by chance (stumbleupon). I have book marked it for later!
charles says:

April 16, 2013 at 1:41 pm

I want to deactivate my download as it now won't let me get on to hardly any bloody thing, I'm being blocked! Now I can't get out. You're a bore, a real bore. Help please. I want out.
Chris Johnston says:

May 30, 2013 at 5:06 am

Absolute bumholes! Same as the Charles dude above, this travesty of a "Spyware Remover" has cheekily installed itself onto my Laptop and now I can't go online or anything (I've had to come on Safe Mode to try and find a way to uninstall the bugger, so i can get it working again! I WANT BLOOD!!!