- Slow Computer
- System crashes
- Normal system programs crash immediatelly
- Connects to the internet without permission
- Installs itself without permissions
- Can't be uninstalled via Control Panel
It is always hard to fight an enemy when it doesn’t have a face. SystemBC is a malware infection that is tricky to pinpoint or explain to a regular user. We are probably used to malicious infections that we can see, to something that has at least a semblance of a graphic user’s interface. This infection has none of that, and it can take a while before you even find out that this program has entered your computer. What’s more, manual removal can be quite complicated, so it would be for the best to remove SystemBC from your system with an automatic antispyware tool.
This malware infection enters target systems unexpectedly through the Fallout Exploit Kit. The Exploit Kid activity was at its highest in early 2016, but it seems to have picked up again, as it is still being used to distribute various infections. Since exploit kits usually exploit vulnerabilities that can be easily patched with update fixes, the use of exploit kits for malware distribution will be more common in regions where pirated versions of a operating system are prevalent. After all, if one uses an officially licensed version of an operating system, all the vulnerabilities are patched as soon as new update packages are released.
As far as we know, the exploit kit that distributes SystemBC uses old vulnerabilities in Adobe Flash and the Internet Explorer browser. When users access websites with the exploit kit, it looks for the vulnerabilities it needs to launch the malicious file download. If the vulnerabilities are found, the exploit kit downloads the malicious file on the target system, and SystemBC gets installed behind the user’s back. To put it simply, using outdated and pirated versions of software is not only illegal; it puts your machine and your data and risk of malware infection.
Since this infection doesn’t have a GUI, users may find it hard to notice it in the first place. What’s more, the malware is good at hiding its presence because it employs SOCKS5 proxies to mask its traffic when it communicates with the Command and Control (C2) center. The secure connection that this malware establishes can be used for other dangerous infections such as banking Trojans. In other words, SystemBC is a program that can be used by other malware developers, and it is just a complementary part of some other infection. Likewise, the person who is employing this malware may not be its developer at all.
It is very common for malware developers to put their programs on sale, thus enabling other cybercriminals to carry out their malicious campaigns. So, there are quite a few malicious programs out there that can be associated with SystemBC. Banking Trojans Danabot and AZORult are known to be using the traffic connections created by this malware. Also, the program could be associated with BushaLoader, which is a group of downloaders that are used to profile target computers and then drop more a malicious payload on the machines that are deemed to be worth infecting.
Programs like SystemBC connect to the Internet without your permission and auto-start with Windows. However, unless you perform a thorough system scan or analyze your traffic, it can be quite challenging to notice this infection. In a sense, this malware alone cannot cripple your system. It uses your machine to avoid detection, and it works as a part of banking Trojan malware infection. Does that mean that a banking Trojan has entered your system, too? Not necessarily. But if SystemBC was installed on your machine, it means you are most definitely vulnerable to other infections.
When you set down to remove SystemBC from your system, you should definitely invest in a licensed security tool that will terminate this and other potential threats automatically. Also, manual removal might be quite tricky because this malware could be installed anywhere on your computer. However, the %TEMP% directory seems to be the most prevalent location for the dropped payload.
Aside from removing malware from your system, you should also update your operating system to get rid of the vulnerabilities that can be used for other future infections. If possible, purchase licensed versions of your software and make sure the automated updates option is on.
How to Remove SystemBC