Removal tool for the virus System Fighter

System Fighter is a rogue, ie malware that pretend to be an Antivirus when in reality it is the malware. It is a wolf in sheep's clothing. It conducts a fake scan of your system; you are warned by a fake alarm that there are more malwares in your system. It’s true indeed, there is really a malware in your system but I think the only malware on your system is Antivirus System Pro. It invites you to purchase a license to remove malware, do not, it's a scam, you need a license for a virus? This so-called Antivirus he tries to scam you.

The details of this malware are shown below.

To remove this malware:

• Click on the "Download" button, in the bottom
• Extract it on your desktop
• Launch the patch and then click "delete"
• Restart your computer when it's finished

You have nothing else to do, the malware is deleted from your system.
After running the patch, your Internet Explorer’s homepage becomes search.net-studio.org, done deliberately to erase all traces of the malware. You can always restore this setting in Internet Explorer’s option.

Process

%Temp%\xxxx.tmp.exe

Where x is a random charachter.

SystemFighter.exe

Files and folders

• %ProgramFiles%\SystemFighter Software\SystemFighter\SystemFighter.exe
• %ProgramFiles%\SystemFighter Software\SystemFighter\Uninstall.exe

• %Windir%\10373sp9zfa5.ocx
• %Windir%\1050zs5y92f.cpl
• %Windir%\10859trojz55.exe
• %Windir%\10957virus6d9z.dll
• %Windir%\111z6v5ru95b0.bin
• %Windir%\11447s9y55z.dll
• %Windir%\11569hrz5t16419.bin
• %Windir%\11648w5rm9z3.ocx
• %Windir%\11911hackt5ol7f5z.dll
• %Windir%\12102s5ambot9e0z.ocx
• %Windir%\127zdownloader12795.dll
• %Windir%\13242n95-a-zirus2d1.ocx
• %Windir%\1351495azbot7ca.bin
• %Windir%\13693spambz5565.bin
• %Windir%\13fcza9kdo5r2190.exe
• %Windir%\13z57hacktool269.bin
• %Windir%\14090wzrm5ca.ocx
• %Windir%\14171tzo5925.bin
• %Windir%\14477h5cktzol939.cpl
• %Windir%\150cvz92190.dll

And so on. Randomly filenames are created in the Windows directory

Registry

Registry Keys created:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemFighter
• HKEY_LOCAL_MACHINE\SOFTWARE\SystemFighter

Registry Values created:

• [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion]
  • cf = ""
  • tr = ""
• [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  • SystemFighter = ""%ProgramFiles%\SystemFighter Software\SystemFighter\SystemFighter.exe" -min"

• [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemFighter]
  • DisplayName = "SystemFighter"
  • NoModify = 0x00000001
  • NoRepair = 0x00000001
  • UninstallString = ""%ProgramFiles%\SystemFighter Software\SystemFighter\Uninstall.exe" /uninstall"

• [HKEY_LOCAL_MACHINE\SOFTWARE\SystemFighter]
  • Install_Dir = "%ProgramFiles%\SystemFighter Software\SystemFighter\"