System Check

According to S!Ri: System Check is a fake Defragmenter tool (rogue) from the same family as: FakeHDD.

To register (and help removal), copy paste this code: 1203978628012489708290478989147
According to VirusTotal, only one Antivirus detect the threat: http://www.virustotal.com/file-scan/report.html?id=b1c140224e79d2e16553265b1a41444e7d9103f45e5d87d829463fc88669f919-1325464008

Serial check:

Decode strings:

Call the gate:

The following urls was found:

• dns: 1 ›› ip: 176.53.112.115 - adresse: YLANYNAION.COM
http://ylanynaion.com/up.php?0Q9oBPXEN0uECUgzEJ95RQsaiD/vq1aG3F/2q5oNowaH1WY=

• dns: 1 ›› ip: 88.80.12.18 - adresse: BATTLEROUTE.COM
http://battleroute.com/up.php?0Q9oBPXEN0uECUgzEJ95RQsaiD/vq1aG3F/2q5oNowaH1WY=

• dns: 1 ›› ip: 146.185.212.71 - adresse: DYNATARY.COM
http://dynatary.com/up.php?0Q9oBPXEN0uECUgzEJ95RQsaiD/vq1aG3F/2q5oNowaH1WY=
http://dynatary.com/britix/a
http://dynatary.com/britix/ar
http://dynatary.com/britix/a
http://dynatary.com/customers/auth/login/email/xyl2k@test.fake

• dns: 1 ›› ip: 81.17.26.218 - adresse: COLUBMOADVEN.COM
http://colubmoadven.com/up.php?0Q9oBPXEN0uECUgzEJ95RQsaiD/vq1aG3F/2q5oNowaH1WY=

• dns: 1 ›› ip: 146.185.212.71 - adresse: ROSEDALOLANDOU.COM
http://rosedalolandou.com/customers/buy.php?pid=DEFRAG_ADV_BASIC&id=525&subid=01&guid=333630843335387633352228&version_name=System%20Check

• dns: 1 ›› ip: 96.127.149.236 - adresse: SECURE.PAYMENTLYRIC.COM
https://secure.paymentlyric.com/defragmenter?product_sku=DEFRAG_ADV_BASIC,DEFRAG_ADV_PREMIUM&default_sku=1&view_eds=0&check_eds=0&affiliate_id=525&affiliate_sid=01&guid=333630843335387633352228&version_name=System Check

• dns: 1 ›› ip: 141.136.16.32 - adresse: LICENSECABE.COM
http://licensecabe.com/license/download/syscheck.exe
http://licensecabe.com/license/download/syscheck.exe&b=4&email=xyl2k@test.fake&code=4&submit=Download+File

Thanks to Remixed for the sample.