EDIT/ADDITION: Follow all directions below and / or visit this site.
I'll start with some general info on the virus. Then I'll get into how to take care of it.
This virus will start first before any other application and it changes the
start-up items so that you won't have any chance in stopping it from running.
All the exe installed won't run until you block the virus and that means that
you might not be able to download the required virus removers and that is why
you might be forced to use another computer and after that move them using a
USB drive. You will learn more about this when we reach the removal guide.
Also, this virus will change the hidden options of your files and folders and
it does it to make you think that there is something wrong with your computer
and in order to restore the default settings you need to read the removal
guide as the instructions on how to do that are listed at the end of it and it
work only if you first remove the infection.
Also, is it likely that System Fix installed another infection, a TDSS
Rookit or Google redirect, that redirects all your web searches and so it
prevents you from finding any legit malware removal guide and instructions on
how to block the virus. However, if you found this post it means that you have
managed to find a way around the infection and now you can start removing it.
The virus removal guides contains instructions on how to remove the System Fix
virus and that rootkit, but before we can move on to the first step we need to
correctly prepare your computer in order to make sure that all the infected
files will be successfully removed. First you need to read the preparation
guide and only afterwards you should move to the first step of the virus
removal process.
Prepare your computer for the System Fix removal process
In older to make sure that all the infections will be removed, you need to
read the following instructions as you might need to use them:
the guide listed here should be printed out because at some point you might be asked to close all the opened screens and running applications, because there shouldn't be any other program that could interfere with the removal process and so we will make sure that all the infections will be successfully removed.
System Fix might have blocked the download functions of your system and that means that you need another computer to download the required virus removers. When the downloads are complete, find a USB flash drive and transfer the applications into the infected computer.
also, the steps listed in the virus removal guide might need to be performed in Safe Mode with Networking and if you wish to learn how to do that, then you should follow this link and in that virus removal guide you will learn how to boot the computer in Safe Mode.
That's all that you need to do before starting to remove the infections and
now we can move on to the virus removal guide and hopefully when you reach the
final step all the infected files were successfully removed allowing you to
use a virus-free computer. Here's what you need to do in order to uninstall
System Fix.
How to remove the System Fix virus using Rkill and Malwarebytes'
Now that you know all that there is to know about this virus, we can move on
to the first step of the virus removal guide and please make sure that you
don't skip any step. Here's how to remove this malware program from your
computer:
Rkill.com is the first application that we will use and with it you will block the System Fix from running. Download Link. Put the Rkill icon on the infected computer desktop screen.
Launch Rkill and wait until it all the fake alerts and warnings are closed. In case System Fix starts to show other errors, you need to continue to launch RKill until the virus is by-passed and only then you can move on to the next step. If you notice that Rkill struggles to complete its task, then you should to use eXplorer.exe or iExplorer.exe and these two Rkill clones will surely disable the malware program. When that happens continue with the rest of virus removal steps without restarting the computer, because if you do that, the virus will be enabled again and then you will have to repeat all steps.
Now we have to scan and remove the TDSS rootkit infection, but this only if your PC features it and in order to be sure you need to follow the instructions on How to remove Google redirects or TDSS rookit. When you finish applying that steps, return to this removal guide and continue with the rest of the virus removal guide.
Malwarebytes' Anti-Malware is the application that we need to use in order to remove all infections. Download Link for MBAM. Place the setup installer of this application on your computer's desktop. Now close all running programs.
Launch the Malwarebytes' installer and complete the installation without changing any of its default settings. The only thing that you need to consider is that the options listed at the final installation screen are both checked, so that MBAM will launch an automatic update and then launch its main interface automatically. Click Finish.
Wait for MBAM to complete the update process and then it will load the Scanner menu. Select the 'Perform Full Scan' and then press the 'Start Scan' button.
Now wait for the scan to be completed and when that happens MBAM will display a confirmation dialog. The Scanner menu will be launched again.
Click on 'Show Results' and then select all the found infections for removal, then click on 'Remove Selected' and wait for the virus removal process to finish. Please note that Malwarebytes' might ask you to restart the PC, but this is optional because either answer will lead to the same result, the System Fix virus will be removed completely. In case you reboot the computer, Malwarebytes' will continue to remove the infected files and when it is complete you will be shown a log file of the scanning process in Notepad. Review this file and when you're done close it.
Close Malwarebytes' Anti-Malware and that means that all the infections were successfully removed.
Now change the Windows theme background so that the next time Windows resumes desktop, it will load all the icons.
The last thing that you need to perform is to restore the Folder Options back to its default values and in order to that we will need Unhide.exe - download link.
download Unhide .exe
launch it and then allows it to perform all changes needed to restore all the hidden files and folders back to visible again.
note that this tool will make all the Windows files visible and, in order to hide all the files that were hidden prior to infection you need to find all of them and manually set their settings to 'hidden'
In order to make sure that all the infections were removed, you should restart
the PC and then start Malwarebytes' scan and if it comes back with other
infected files then remove them. However, if the virus wasn't removed, then
you should perform all the above steps in Safe Mode with Networking and that
will surely help you delete and remove all the System Fix malware files.
Now that your computer isn't infected you need to start looking for a powerful
anti-malware application and if you don't know which one to choose then I
recommend you to upgrade Malwarebytes' Anti-Malware to PRO version and then
your PC will be protected against the the worst virus infections. If you have
any other questions or concerns, please feel free to post them in the comments
fields, displayed at the bottom of this web page.
1
See the System Fix removal guide on this page...http://www.bleepingcomputer.com/virus-removal/remove-system-fix
– Moab – 2011-11-22T16:55:38.043@Moab I found that before I came here. It doesn't work. – Matthew Scouten – 2011-11-28T20:22:38.703
see this...http://superuser.com/questions/100360/what-to-do-if-my-computer-is-infected-by-a-virus-or-a-malware/157533#157533
– Moab – 2011-11-29T15:14:33.673