How to Fix: Remove Smart System Care Malware (Scam)
Infopackets Reader John B. writes:
" Dear Dennis,
I am running Windows 10 and every once in a while I receive a popup notification from 'Smart System Care' that I have errors on my PC and I need to remove them. It then says that if I want to remove the problem I have to pay money. I realize this program is most likely a scam, and I tried to remove it from my system but it is nowhere to be found. I have researched the problem using Google however there are so many posts and many steps, and it seems very convoluted. Can you please help? "
My response:
I asked John if he would like me to connect to his system using my remote desktop support service and he agreed.
Upon connecting I noticed the "Smart System Care" window (pic), stating John had over 200 errors that needed to be "fixed". The truth is that most "registry cleaners" and "driver updaters" programs are bogus. They use scare tactics to get the user to purchase the program to "fix" a "problem", when in fact nothing is wrong with the system. I suggest anyone reading this post to avoid using such programs.
With that said, the "Smart System Care" program was nowhere to be found via the Control Panel -> Programs and Features, so I knew that I would have to manually remove this program by hand using an administrative command prompt. This is always my preferred method when it comes to most malware removal because it is the most direct approach.
Troubleshooting Smart System Care: Removal
If you wish to skip the technical details, feel free to jump right to the "How to Fix" section below. Otherwise, read on to learn how I went about fixing this problem - you might learn something!
In order to remove the malware, I needed to know where the program was installed. To do so, I launched Task Manager, then went to the "Processes" tab and located the process labeled "Smart System Care". From there, I right clicked the process and then selected "Open file location".
Now that I knew where the program was located, I looked to see which files were executable (ending in .EXE) inside the directory. From there I could see a program called "SSCValidatorService.exe". I then downloaded Autoruns from Microsoft's website, then used the Autoruns filter to search for anything related to "SSC" on John's system. Autoruns told me that the only location for this was located in C:\ProgramData folder. This is not a typical location for programs to launch their executables - hence part of the reason why this program is difficult to remove.
Now that I knew which programs were involved in the malware infection and how they were being launched, I wrote an automated batch script to kill the task and remove the directories manually.
How to Fix: Remove Smart System Care Malware (Scam)
Below I'll explain what I did in order to remove Smart System Care from the system. No additional software is needed to download.
- To begin, open up an administrative command prompt. Click Start, then type in "cmd" (no quotes); wait for "CMD.EXE" or "Command Prompt" to appear in the list, then right click it and select "Run as Administrator".
- Highlight the commands below using your mouse.
rem tasklist |findstr /i ssc
taskkill /f /im SSCValidatorService.exe
c:
cd \
rem dir *ssc*.* /s --> SSCValidator for JOHN-PC
rem recursively delete sscvalidator and smart system care randomly generated folder names
for /d %G in ("c:\programdata\sscvalidator*") do rd /s /q "%~G"
for /d %G in ("c:\program files\smart-system care*") do rd /s /q "%~G"
echo this is a dummy line
- Right click over top of the commands above and select "Copy" from the dialogue menu. Next, right click in the middle of the administrative command prompt window you opened in Step #1 and select "Paste" from the dialogue menu. The commands you just copied should now be output to the command line, and the program disabled and removed.
I hope that helps.
Additional 1-on-1 Support: From Dennis
If you have become infected with "Smart System Care" or some other "registry fixer" / "driver update" program that you can't seem to remove - I can help using my remote desktop support service. Simply contact me, briefly describing the issue and I'll get back to you as soon as possible.
Got a Computer Question or Problem? Ask Dennis!
I need more computer questions. If you have a computer question -- or even a computer problem that needs fixing -- please email me with your question so that I can write more articles like this one. I can't promise I'll respond to all the messages I receive (depending on the volume), but I'll do my best.
About the author: Dennis Faas is the owner and operator of Infopackets.com. With over 30 years of computing experience, Dennis' areas of expertise are a broad range and include PC hardware, Microsoft Windows, Linux, network administration, and virtualization. Dennis holds a Bachelors degree in Computer Science (1999) and has authored 6 books on the topics of MS Windows and PC Security. If you like the advice you received on this page, please up-vote / Like this page and share it with friends. For technical support inquiries, Dennis can be reached via Live chat online this site using the Zopim Chat service (currently located at the bottom left of the screen); optionally, you can contact Dennis through the website contact form.
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Smart System Care
Wouldn't Malwarebytes or other similar programs either prevent it from installing or remove it after the fact?
Yes and no.
Some of these programs fly low under the "malware" radar and won't be picked up by antivirus or antimalware programs. It certainly wasn't picked up by Windows Defender, and I did not try Malwarebytes antimalware. At any rate, a manual removal is what I did. If you read how I went the steps, you can apply similar techniques to any other infection and still come up aces - and without having to rely on third party software for removal which may or may not catch it.
2 questions
1. Can you explain exactly how you use Autoruns to "search for anything related to" the target program?
2. Nevermind :)
Use the filter
As mentioned in the article, use the "filter" - it is labeled as such. It is located at the top of the screen and has a big white field for input.
filter
If I am understanding your correctly then, you just put "SSC" into the filter box? I guess that would be a good place to start, but sophisticated malware could have dependency files in other locations with different/obscure names that wouldn't be picked up this way, and which could re-spawn the infection.
I guess I was hoping for something more heuristic which would examine in real-time what other files the malware was using, to help eliminate it more completely. I may be mistaken, but I believe that this may be along the lines of how Geek Unistaller or Revo Uninstaller operate.
Or did I misunderstand you completely?
Correct
What you said is correct and I based the "SSC" on the executables found in the installation directory.