How To Remove Systemdoctor 2006, System Doctor, And Messenger Blocker

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > Spyware and Malware Removal Guides and Reading Room

How to use the self-help guides

This forum contains self-help guides on removing common malware and viruses. These guides can be advanced so please use them at your own risk.

If after following the self-help guide, or you can not find an appropriate guide, then you can receive step-by-step instructions directly from one of our experts by following the instructions in this topic: Preparation Guide For Use Before Posting A Hijackthis Log

How To Remove Systemdoctor 2006, System Doctor, And Messenger Blocker

Options

Grinler View Member Profile	Jul 13 2006, 04:20 PM Post #1
Bleep Bleep! Group: Admin Posts: 32,139 Joined: 24-January 04 From: USA Member No.: 3	How To Remove Systemdoctor 2006, System Doctor, and Messenger Blocker What this program does: SystemDoctor 2006 is a rogue anti-spyware application that gets installed by Spyware/malware without asking for permission. This infection can also be accompanied by other malware that changes your desktop background to a fake warning or by Trojans that issue fake taskbar security alerts. These are all used as a scare tactic to have you purchase their commercial software. System Doctor may also install a rogue security software called Messenger Blocker. Messenger Blocker is a program that supposed protects you from popups to the Windows Messenger service. After its 7 day trial, though, it will actually turn on your Messenger service if it was already off, and spam advertisements to it. The files you need to remove for this addition have been added to the guide as well. A screenshot of SystemDoctor can be seen below. System Doctor 2006 Symptoms in a HijackThis Log: O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan O4 - HKLM\..\Run: [dc6_check] C:\Program Files\SystemDoctor 2006 Free\dcmon.exe O4 - HKLM\..\Run: [USDR6cw] C:\Program Files\SystemDoctor 2006 Free\USDR6cw.exe -c O4 - HKLM\..\Run: [cmonitor] C:\Program Files\SystemDoctor 2006 Free\pasmon.exe O4 - HKCU\..\Run: [AdwareProtector] C:\Program Files\SystemDoctor 2006\AdwareProtector.exe O4 - HKLM\..\Run: [System Doctor Free] C:\Program Files\System Doctor Free\systemdoc.exe -scan O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\System Doctor\dcmon.exe" O4 - HKLM\..\Run: [InternetService] C:\Program Files\Common Files\System\isvc.exe O4 - HKLM\..\Run: [SystemDoctor Free] C:\Program Files\System Doctor Free\systemdoc.exe /min O4 - HKLM\..\Run: [WindowsExplorer] C:\Program Files\Common Files\System\csrss.exe O4 - HKLM\..\Run: [SystemData] C:\Program Files\MBlocker\MBlocker.exe -c O4 - HKLM\..\Run: [WindowsFirewall] C:\Program Files\Common Files\System\lsass.exe Revision History 11/13/06 - Added new symptoms from a HJT log. 10/11/07 - Updated for new version and MessengerBlocker Removal Instructions: In order to remove this infection we will need to use HijackThis to manually remove the infection: Print out these instructions as we will need to shutdown every window that is open later in the fix.. Follow the instructions found in this guide. When done, come back and finish the rest of these steps: How To Remove The Smitfraud / Generic Zlob Infections Enter the Windows Control Panel and double-click on Add/Remove Programs. When the installed programs list appears, double-click on the entry for SystemDoctor 2006 if it exists and allow it to uninstall. Then exit the Add/Remove Programs screen and the Control Panel. Download HijackThis from here and extract it to c:\hijackthis. Close all windows, even this Internet Explorer window. Navigate to the c:\hijackthis directory and double-click on HijackThis.exe When the program starts, click on the Scan button. Put a checkmark next to the following entry (There may be more than one of each): O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan O4 - HKLM\..\Run: [dc6_check] C:\Program Files\SystemDoctor 2006 Free\dcmon.exe O4 - HKLM\..\Run: [USDR6cw] C:\Program Files\SystemDoctor 2006 Free\USDR6cw.exe -c O4 - HKLM\..\Run: [cmonitor] C:\Program Files\SystemDoctor 2006 Free\pasmon.exe O4 - HKCU\..\Run: [AdwareProtector] C:\Program Files\SystemDoctor 2006\AdwareProtector.exe O4 - HKLM\..\Run: [System Doctor Free] C:\Program Files\System Doctor Free\systemdoc.exe -scan O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\System Doctor\dcmon.exe" O4 - HKLM\..\Run: [InternetService] C:\Program Files\Common Files\System\isvc.exe O4 - HKLM\..\Run: [SystemDoctor Free] C:\Program Files\System Doctor Free\systemdoc.exe /min O4 - HKLM\..\Run: [WindowsExplorer] C:\Program Files\Common Files\System\csrss.exe O4 - HKLM\..\Run: [SystemData] C:\Program Files\MBlocker\MBlocker.exe -c O4 - HKLM\..\Run: [WindowsFirewall] C:\Program Files\Common Files\System\lsass.exe Then click the Fix button Exit HijackThis. Reboot your computer into Safe Mode Delete the following files if they exist: C:\Program Files\SystemDoctor 2006 Free\ C:\Program Files\System Doctor Free\ C:\Program Files\MBlocker\ C:\Program Files\Common Files\System Doctor\ C:\Program Files\Common Files\System\isvc.exe C:\Program Files\Common Files\System\csrss.exe C:\Program Files\Common Files\System\lsass.exe C:\Program Files\Common Files\System\svchost.exe Reboot your computer back to normal mode. Your computer should now be free of System Doctor 2006, System Doctor, and MessengerBlocker. It is possible, though, that this infection was installed with other malware. If you need help removing it, post a hijackthis log in the forums. This is a self-help guide. Use at your own risk. BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can post a HijackThis log in our HijackThis Logs and Analysis forum. If you have any questions about this self-help guide then please post those questions in our AntiVirus, Firewall and Privacy Products and Protection Methods forum and someone will help you. -------------------- Lawrence Become a BleepingComputer fan: Facebook Follow us on Twitter!

Posts in this topic

Grinler How To Remove Systemdoctor 2006, System Doctor, And Messenger Blocker Jul 13 2006, 04:20 PM

« Next Oldest · Spyware and Malware Removal Guides and Reading Room · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Switch to: Standard · Switch to: Linear+ · Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 9th February 2010 - 03:33 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides