Jump to content
Posted 28 May 2013 - 03:42 PM
Posted 28 May 2013 - 04:12 PM
Edited by boopme, 28 May 2013 - 04:14 PM.
Posted 28 May 2013 - 04:20 PM
I'm on the phone with a client who is reporting she has "System Doctor 2014". She is unable to download anything from any website.
We tried a system restore but no luck. Still cannot download anything.
I'm going to have her use a different computer to download MalwareBytes and Kasperky and see if we have any luck with them.
I'll post an update when we make some progress, if any.
Posted 28 May 2013 - 07:49 PM
This looks like a new one and I had another topic already and as with them we will need stronger tools and a deeper look and start a new topic.
Please go here Preparation Guide
Do steps 6,7 and 8.
If you cannot produce the DDS log,then just repost your above info in the new topic of step 7.
You can use the same title and mention you cannot run any tools including DDS.
Let me know if that went OK.
Posted 28 May 2013 - 07:55 PM
I am running the Kaspersky tool now and will see if it will remove it. I will do what you mention above if it does not work.
thank you for your quick response.
Posted 28 May 2013 - 07:59 PM
I was able to get onto my client's computer by having her create a new user with admin privileges. Once she rebooted and logged back on as the new user, she was able to download files.
So far, we've run Malwarebytes and SpyBot. Everythings looks like it's been cleaned up.
I still have to run Kaspersky to see if finds anything.
Posted 28 May 2013 - 08:10 PM
Posted 28 May 2013 - 08:41 PM
I was @#$%&'d over this extremely annoying piece half the day, but finally managed to bypass it and do a traditional system restore. The easiest thing is to simply delete the key executable file at the c:/ prompt level while in SAFE MODE
The name of the file is "RDfdL9fh.exe" and it is located in the
c:/users/[insert your user directory name]/AppData/Roaming/RDfdL9fh/RDfdL9fh.exe
In fact, delete the whole RDfdL9fh directory.
the command to delete the file (if you never used DOS) is: del RDfdL9fh
and the command to remove the directory is: rd RDfdL9fh
Then restart in usual windows mode. The malware won't show up and you can do a usual system restore.
Posted 28 May 2013 - 09:25 PM
OK, thanks... I moved this to the Am I Infected forum as it is where it belongs.
0 members, 0 guests, 0 anonymous users