Home Malware Programs Rogue Anti-Spyware Programs System Diagnostic

System Diagnostic

Posted: March 14, 2011

System Diagnostic is a rogue system maintenance program that exhibits fake error and infection information through scans and pop-up messages. All this bad information is used to lead the user into buying System Diagnostic's registered version, which has equally little help to give. This purchasing process opens up the user's credit card number to abuse, and even visiting System Diagnostic's website can cause other infections through browser security hole exploits. Remove System Diagnostic and anything related to System Diagnostic that you find on your computer as soon as you have the ability to do so, or your PC may degrade into an even worse state over time.

System Diagnostic's Diagnosis Looks Bad

If you pick up System Diagnostic without knowing about it, then you probably did so through a Trojan. Trojans are known to distribute this threat and related malware by infecting the computer and the falsely announcing that there's a system problem that can only be fixed by installing unspecified software. This is the message these Trojans usually display during installation attempts:

Windows Diagnostic
Windows detected a hard disk error.
A problem with the hard drive sectors has been detected. It is recommended to download the following certified software to fix the detected hard drive problems. Do you want to download recommended software?

It's worth noting the typo in 'certified,' which serves as just one of many red flags that the message is illegitimate. If you see this message, avoid doing what it says and use appropriate measures to find and remove the Trojan. With luck, you may be able to get rid of the Trojan without having to remove System Diagnostic, too.

If you've installed System Diagnostic, you'll find yourself putting up with alarming and extremely inaccurate errors and scan results from the rogue security program. Many of the stated threats are so exaggerated that your PC wouldn't be able to function even if System Diagnostic were remotely accurate! Some of the ones you might see include:

32% of HDD space is unreadable

Ram Temperature is 83 C. Optimization is required for normal operation.

Requested registry access is not allowed. Registry defragmentation required

Pay no heed to these erroneous messages and try to avoid any attempts by System Diagnostic to force you to go to System Diagnostic's website. Any contact with the System Diagnostic site puts your computer at risk for other malware downloads, and System Diagnostic by itself is really enough trouble as System Diagnostic is.

Purifying Your System of System Diagnostic

You may find it hard to acquire the right anti-malware solutions if you don't have them already, since System Diagnostic and similar malware have been known to hijack browsers. This negative browser behavior is strictly temporary, however, and can be averted by going into Safe Mode with Networking and if necessary, changing your browser settings back to normal.

The registration code 8475082234984902023718742058948 has been known to work on similar rogue security applications and may also work on System Diagnostic. Registering in this fashion will reduce System Diagnostic's aggressive behavior. However, your PC is still vulnerable until you've deleted System Diagnostic from your hard drive.

Remember to scan for any related Trojans that might have delivered System Diagnostic too, since rogue security products like this one rarely come alone. Removing only part of the infection may allow the whole thing, including System Diagnostic, to regenerate from any deletion, so be thorough!

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AllUsersProfile%\Application Data\[RANDOM CHARACTERS].dll
    2 %AllUsersProfile%\Application Data\[RANDOM CHARACTERS].exe
    3 %AllUsersProfile%\Application Data\~[RANDOM CHARACTERS]

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'yes'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"
Loading...