System Healer Virus

If you are wondering what is System Healer Virus after finding it installed on your computer. This is a PUP and we urge you to uninstall System Healer immediately for the safety of your system. This is the short version of you question. The longer version you can see below, but the answer doesn’t change. The System Healer Virus should be removed immediately.

system healer virus

This is what System Healer’s UI looks like.

What is System Healer?

System Healer Virus is allegedly software designed to scan, optimize and protect your computer. It boasts to “Save you time and does wonders”, “faster and does the job better” and “Technically, the Best computer cleaner of 2015.” Whether you believe these slogans or not is up to you. The facts are that there is no actual criteria about how these applications are rated, so its just a marketing trick made to impress the unsuspecting victim customer. Unfortunately there is no mention of System Healer Virus on any reputable reviewer’s sites and on popular performance test charts. System Healer Virus has nothing to put forward to protect its claim other then their word and we are not exactly the trustful type on these matters – we prefer facts.

System Healer Virus looks similar to a type of useless software

Unfortunately there are many programs in circulation that we call bloatware (or scareware). If you are still wondering what is System Healer, thi is your answer – a piece of bloatware. Bloatware are not exactly malicious, but they don’t perform what they promise to deliver and as such they are mostly known as PUPs (Potentially Unwanted Programs).

What is characteristic of PUPs you may ask?

  • Aggressive self-advertisement
  • Installation without user knowledge – very often through program bundles
  • Inaccurate scan results with many false-positives and exaggeration of problems

Kind of rings a bell when you think of System Healer Virus, doesn’t it?

Unfortunately for an average user it can be very hard to tell if a problem scan is real or fake, leading many to question the nature of the program with the eponymous “what is System Healer.” There is one piece of advice we can give – look at how much time it takes for the program to perform a scan on your computer and how many problems are found. Unless you are running a supercomputer the scan should take at least several minutes the perform – fake scans are usually resolved instantly. The number of errors found is also an indication. An infected computer usually DOES NOT have hundreds of errors – it is much more likely for those to be just a few. If you are seeing a large number of errors then the scan result is likely fake or exaggerated to show problems where there are none, which should prompt you to uninstall System Healer.

what is system healer


Unfortunately System Healer Virus’s scan engine is gated behind the license payment – which is actually smart, because otherwise it would be too easy to expose them. But based on information from users System Healer Virus has a really low scan time, which is worrying,

Another worrying feature is that System Healer Virus’s interface contains links to core Windows functions, but the program passes them as their own. Take for example the Disk Checker option – when you launch it System Healer Virus is actually starting the Windows function that comes with every operating systems. Paying for things that you already have is just not cool in our opinion.

And finally there is the shady way in which System Healer Virus may install itself onto your computer. If you do not remember installing it yourself then it’s likely it was part of a software bundle and it was put into your computer by the installer of another program. This practice is widely used by Malware and Adware applications, so keep in mind that even if System Healer Virus is not malicious on its own another nasty program may have been installed alongside it. We strongly recommend you scan your computer regardless of whether you decide to uninstall System Healer Virus or not.


Name System Healer
Type PUP
Detection Tool

Remove System Healer

Search Marquis is a high-profile hijacker – you might want to see if you’re not infected with it as well.
You can find the removal guide here.

About the author


Violet George

Violet is an active writer with a passion for all things cyber security. She enjoys helping victims of computer virus infections remove them and successfully deal with the aftermath of the attacks. But most importantly, Violet makes it her priority to spend time educating people on privacy issues and maintaining the safety of their computers. It is her firm belief that by spreading this information, she can empower web users to effectively protect their personal data and their devices from hackers and cybercriminals.


  • Thank you for your comment Steve. We will definitely monitor this as it collaborates some of our own findings.

  • Hi there I a following your steps and in the hosts notepad step I do have 4 IPs extra in the bottom, and you say to comment here if that happens, what should I do? I downloaded something today and my computer went crazy
    my email is [email protected]
    thank you

    • Can you share here what these IPs are? Some IPs are generally safe, while others are definitely malware, but until you tell me what these are and I look into them, I can’t really say. I’m here to help 🙂

  • hi again, also in step 5 when trying to delete system healer files (I see 4 of them) it says unable to delete all specified values. And on he first step when uninstalling programs I uninstalled all except maxdriverupdater Service it says Installer corrupt: operation code invalid…

    • Hi, nanus:
      just continue with the guide regardless of the errors. If the PUPs don’t let you install them normally, you will eradicate them in Step 3, when you delete the files associated with corrupted processes.

  • God Almighty, this thing is genius. It shut down Malwarebytes, even. I had to use Malwarebytes Chameleon to even get past their loaders. There were about 6 programs to uninstall: System Healer, WebProtect, 3D Bubble Sound, Search protect,. Consumer Input Update, Oasis Space, Fokesnofu and a couple with gibberish random character names. Then I had to stop various spurious applications and processes in Task Manager. I had 8 phony hosts, all using, which is the usual internal Windows localhost address. Most are gibberish, but some were to Baidu2016, which might indicate Chinese origin. Once everything phony looking I could find was disabled in some method, Malwarebytes was ultimately able to identify over 612 files, DLL’s, registry entries, etc. that needed to be eliminated. I noted that like so many of these viruses, they hide a lot of sleeper files in the C:UsersAdminAppDataLocalTemp directory, which people usually don’t ever empty. That way, the virus can regenerate itself even if you think you have installed everything.
    I believe I know how we got it. My wife only has Microsoft Edge and IE on her Windows 10 machine, and wanted to install Chrome. She just did a search, and the first thing that pops up in Bing, because it’s a paid ad, is Net-Download(.)com/chrome. In the fine print it promises to install the actual working Google version of Chrome, but you also automatically give permission for them to install 3rd party software of their choosing. Now I really don’t want to click that button and check what happens, but it’s the odds-on favorite for being the blanket installer for all those Trojan Horses from China. Net-Download was registered through Domain(.)com, and they got .com, .co, .net and .org.

    • Thank you for the post. I’ll start investigating all of this. I hope everything worked out for you 🙂

  • Hi Pamela,

    I cannot tell without looking at the IPs first, but you should delete them anyway. Nothing bad will happen if you delete safe IPs, but if they are bad you are putting your PC at risk.

    Let me know if you have any problems with that.

        • Thank you. Everything seems to be fine now, except there is this one file called bsdriver.sys that I can’t delete. I heard it’s rather dangerous. Is there anything I can do?

          • Hi again Pamela,

            You should be able to delete the driver in safe mode. Did you try that already?

    • Hello,

      To be able to delete them you need to go to the program you are using to edit the hosts file.

      Press the Windows button, write Wordpad/Notepad and right click on the program -> open as administrator.

      Now when the program starts click open, navigate to the Hosts file in C:WindowsSystem32driversetc and open it, You should now be able to edit it.

      This should help. Let me know how it goes.

  • Everytime I try to uninstall system healer, it will be back again in 5 minutes. Am I doing something wrong?

    • Hi Sierra,

      Did you turn safe mode on? This should turn off the self-restore feature of this PUP so you can delete it properly.

  • Hi again,

    Where do you look for the files? If its in the folder of System Healer delete at your leisure.

  • Hi there, what you need to do is simply delete those lines from the file, then save it. If you don’t get permission to do that first run Notepad as an admin (search for notepad in windows search,, right click on exe-> run as admin) and then open the Hosts file from the inside menu of Notepad: File->Open.

    • Thanks for that, also there is one process on start-up which has no publisher called ‘idscservice’. It has no impact on start up so should I still remove it from the registry? Thanks once again.

      • Hi there, this is a parasitic process left behind by System Healer or some other PUP you have had on your computer previously. I recommend that you delete it.

  • Hello,

    After you have completed our instructions you can safely restart your device and use it in “normal” mode.

  • Hi Lauren, system healer is definately annoying, but should not be capable of doing what you describe. It’s more likely that you have a virus carrying the same name.

    Did you try turning the PC in safe mode first? That should prevent system healer/the virus from starting.

  • Hi Maria, if you know where the files for the program are you can delete them manually. If the program is currently running shut it down from the task manager so you can delete its files. You can also right click on the process to open its location in order to find it easier.

  • I can’t even do the first step. When booting up I’m spamming the f8 key by holding down FN and taping the f8 key and nothing comes up so nothing is happening.

    • Hi Jose,
      did you try to press it without holding the FN key? What OS are you using ?

  • Hi sloan,
    you can try the software we are using SpyHunter. You can download it from one of our banners above and try it by yourself 🙂

  • Send them to use so we can tell you if they should be removed from the file. Normally, there shouldn’t be any strange IPs there so you should probably delete them but send them to us first so we can tell you for sure.

Leave a Comment