One SystemCare
Posted: June 11, 2015
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 1,309 |
|---|---|
| Threat Level: | 1/10 |
| Infected PCs: | 1,048,942 |
| First Seen: | May 20, 2015 |
|---|---|
| Last Seen: | March 10, 2025 |
| OS(es) Affected: | Windows |
One SystemCare is a PUP (Potentially Unwanted Program) that detects inaccurate 'problems' with your PC, and then demands money before claiming to fix them. Along with its presentations of fake system information, One SystemCare also may launch other attacks against your PC, such as pop-ups, browser hijackings or blocked security software. You can use anti-malware products to remove One SystemCare from your machine, but malware experts would discourage installing software that bundles with this scamware.
One SystemCare: One New Fraud from an Endless Supply
Although One SystemCare seems to share nothing more than a brand name in common with WinWebSec variants of rogue antivirus software like SystemCare Antivirus, One SystemCare does include the usual problems malware analysts expect of programs like One SystemCare. Whatever its origins might be, the latest research has verified One SystemCare's being a fraudulent system scanner that makes no effort to analyze the host PC. Despite this deficiency, One SystemCare's fake scans provide long lists of preloaded, inaccurate results, which One SystemCare claims may create consequences as damaging as 'potential system failure.'
While One SystemCare delivers its list of incorrect Registry errors and other issues, One SystemCare also requests that the user spend money on purchasing its registered version. One SystemCare claims to be able to correct all detected errors after its registration. However, One SystemCare's purchase doesn't improve its error-detection or removal capabilities. With any such purchase attempt, malware analysts warn that One SystemCare may open your finances up to additional attacks (such as recurring charges).
Caring for a System Beset by One SystemCare
Although many system cleaners like One SystemCare prefer being installed by Trojans or other forms of threats that are installed automatically, malware analysts have seen different trends in One SystemCare's campaign. One SystemCare sometimes is bundled with unrelated, reputable applications, such as the DivX Player (although that brand no longer is affiliated with this program, as of 2015). Appropriate installation routines should allow you to deselect unwanted bundled items, including One SystemCare. However, preemptively scanning installation files and keeping live anti-malware protection can afford you the most surefire protection from One SystemCare.
If you've given any information to individuals affiliated with One SystemCare, that information is compromised and may be subjected to future abuses. You should contact your credit card company, your bank or any other, relevant institution after deleting One SystemCare with whatever anti-malware solution you prefer.
All Registry errors, system optimization issues and other, generic problems identified by One SystemCare should be assumed to be fraudulent unless identified by unrelated, legitimate brands of system optimizers. Malware analysts also caution against any casual editing of the Registry, which risks damaging your operating system. For most PC users, the only extra maintenance required for their Registry is to avoid installing system scanning software like One SystemCare.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe
File name: CleanupConsole.exeSize: 776.7 KB (776704 bytes)
MD5: dceacf831dd7c1e0587ed0bf5d4bbbf2
Detection count: 459
File type: Executable File
Mime Type: unknown/exe
Path: C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe
Group: Malware file
Last Updated: March 7, 2025
%WINDIR%\System32\MRT\3AC662F4-BBD5-4771-B2A0-164912094D5D\FilesStash\63B1C06A-39E6-17D9-D7C7-56F52E65D64E
File name: 63B1C06A-39E6-17D9-D7C7-56F52E65D64ESize: 2.72 MB (2722816 bytes)
MD5: dbac453c90d613a4f222096df4efbc6a
Detection count: 426
Path: %WINDIR%\System32\MRT\3AC662F4-BBD5-4771-B2A0-164912094D5D\FilesStash\63B1C06A-39E6-17D9-D7C7-56F52E65D64E
Group: Malware file
Last Updated: March 7, 2025
C:\Program Files (x86)\OneSystemCare\SystemCash.exe
File name: SystemCash.exeSize: 292.44 KB (292448 bytes)
MD5: 892b20fc35460576eed995e0ea289800
Detection count: 309
File type: Executable File
Mime Type: unknown/exe
Path: C:\Program Files (x86)\OneSystemCare\SystemCash.exe
Group: Malware file
Last Updated: June 9, 2023
C:\Program Files (x86)\OneSystemCare\SystemConsole.exe
File name: SystemConsole.exeSize: 544.76 KB (544768 bytes)
MD5: f48f403644e3b6daeb314c481ef79cc0
Detection count: 206
File type: Executable File
Mime Type: unknown/exe
Path: C:\Program Files (x86)\OneSystemCare\SystemConsole.exe
Group: Malware file
Last Updated: March 7, 2025
C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\OneSystemCare\CleanupConsole.exe.vir
File name: CleanupConsole.exe.virSize: 776.68 KB (776688 bytes)
MD5: 9ff284b2dcb4420a6b6b077f433d83b3
Detection count: 49
Mime Type: unknown/vir
Path: C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\OneSystemCare\CleanupConsole.exe.vir
Group: Malware file
Last Updated: July 22, 2022
%SYSTEMDRIVE%\Users\<username>\Desktop\Downloads\4.4.0.3_OneSystemCaresetup.exe
File name: 4.4.0.3_OneSystemCaresetup.exeSize: 4.53 MB (4538152 bytes)
MD5: 7aff543f4df2fef22eaa66d7716079e5
Detection count: 47
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\Users\<username>\Desktop\Downloads\4.4.0.3_OneSystemCaresetup.exe
Group: Malware file
Last Updated: April 12, 2022
C:\PROGRA~2\ONESYS~1\SYSTEM~1.EXE
File name: SYSTEM~1.EXESize: 529.4 KB (529408 bytes)
MD5: 1310a21463de05ec6ec7ddf089dc20bb
Detection count: 35
File type: Executable File
Mime Type: unknown/EXE
Path: C:\PROGRA~2\ONESYS~1\SYSTEM~1.EXE
Group: Malware file
Last Updated: November 28, 2022
%TEMP%\nspAD30.tmp\OneSystemCare.exe
File name: OneSystemCare.exeSize: 5.76 MB (5769496 bytes)
MD5: b3572391c4148a42faa5263445b28e58
Detection count: 20
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\nspAD30.tmp
Group: Malware file
Last Updated: February 12, 2016
More files
Registry Modifications
File name without pathhttp_onesystemcare.com_0.localstoragehttp_onesystemcare.com_0.localstorage-journalLaunch One System Care.lnkonesystemcare.exeonesystemcare.tmpOneSystemCare[1].exeonesystemcare[1].xmlwww.onesystemcare[1].xmlRegexp file mask%WINDIR%\System32\Tasks\One System Care Delayed%WINDIR%\System32\Tasks\One System Care Monitor%WINDIR%\System32\Tasks\One System Care Run Delay%WINDIR%\System32\Tasks\One System Care Task%WINDIR%\System32\Tasks\One System CarePeriod%WINDIR%\System32\Tasks\One System CareStartUp%WINDIR%\System32\Tasks\OneSystemCare Task%WINDIR%\Tasks\One System Care Task.job%WINDIR%\Tasks\One System CarePeriod.job%WINDIR%\Tasks\One System CareStartUp.job%WINDIR%\Tasks\OneSystemCare Task.jobHKEY..\..\..\..{RegistryKeys}Software\Microsoft\Internet Explorer\DOMStorage\onesystemcare.comSoftware\Microsoft\Internet Explorer\DOMStorage\www.onesystemcare.comSoftware\Microsoft\Internet Explorer\LowRegistry\DOMStorage\onesystemcare.comSoftware\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.onesystemcare.comSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\One System CarePeriod.jobSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\One System CarePeriod.job.fpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\One System CareStartUp.jobSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\One System CareStartUp.job.fpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care DelayedSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care MonitorSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Run DelaySOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care TaskSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System CarePeriodSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System CareStartUpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneSystemCare TaskSoftware\One System CareSoftware\OneSystemCareSYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0fSYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1fSYSTEM\ControlSet002\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0fSYSTEM\ControlSet002\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1fSYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0fSYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1fHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}11598763487076930564OneSystemCareOneSystemCare_is1
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.