System Care Antivirus is a rogue antivirus, which looks like a common antivirus but detects non-existing infections only and asks people to pay for a full version of the scam. This scareware is distributed using either exploits or social engineering tactics. Exploits target outdated PC software like old Flash players or Java installations that allow hackers to install any program on vulnerable PC. Typically, exploits are hosted on harmlessly looking pages and you won’t see any installation dialogs before seeing System Care Antivirus alerts. Additionally, you should be wary about downloading various updates to your Flash player or other programs from video sites directly, as many such files are disguised for computer parasites like this rogue.
The rogue shows excessive error and security alert messages to convince user that the PC is in a very bad condition. Typically, it will block some PC functions as well. System Care Antivirus might prevent you from running legitimate software like task manager, regular anti-malware programs or business software. You will get warnings like this one:
Warning!
Application cannot be executed. The file regedit.exe is infected.
Please activate your antivirus software.
While this is not true, it might be tempting to pay for System Care Antivirus. However, you should not do that. A full version of this software does not offer any protection and the trojans that have installed System Care Antivirus might cause more damage to your PC or bank account. In many cases such a trojan will continue installing rogues, ransomwares or banking trojans till the original infection gets removed.
System Care Antivirus belongs to WinWebSec family of rogues. Quite often it uses its “version number” 3.7.33, which is a fake one – there were no first or second version but some minor differences in how the rogue blocks processes or avoids removal that have nothing to do with this number. The rogue is also known as SystemCare Antivirus.
How to get rid of System Care Antivirus
System Care Antivirus is difficult to remove because of 2 reasons. The first one is that it often comes with a rootkit. Such a version is impossible to remove manually. The second issue is that the rogue kills majority of security programs before they are able to stop its process.
There are 4 ways to kill System Care Antivirus process that work quite well:
- Recommended Run https://www.2-viruses.com/downloads/spyhunter-i.exe installer, which kills malware process. Stopzilla has process killer as well;
- Fake-register System Care Antivirus with a code AA39754E-715219CE (rootkit won’t get disabled);
- Reboot into safe mode (in many cases it won’t launch, but rootkit might);
- Use rkill or other stand-alone automated process killer.
Next, you should delete the SystemCare antivirus executable either yourself or let antimalware program do the work. Scanning with antivirus or antimalware is advisable, because they would remove both the rogue and other parasites that download and install such threats. I recommend Spyhunter, Hitman Pro, Malwarebytes Anti-Malware.
Here is a video guide for removal of System Care Antivirus:
Note: There are legitimate programs with names similar to System Care Antivirus. These programs do not display fake alerts and can be uninstalled normally.
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
Every sample of this rogue I have tested is dropping a very nasty ZAccess/Sirefef rootkit.