Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System doctor 2014


  • Please log in to reply
8 replies to this topic

#1 Tbei25

Tbei25

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 28 May 2013 - 03:42 PM

Hey-

Just wondering if anybody has ran into the fake virus system doctor 2014?

Thanks

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:29 PM

Posted 28 May 2013 - 04:12 PM

Hello this may be a new variant of the older System Doctor.

Please download and scan with the Kaspersky Virus Removal Tool from one of the following links and save it to your desktop.
http://www.kaspersky.com/free-virus-removal-tool

Edited by boopme, 28 May 2013 - 04:14 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 drau

drau

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 28 May 2013 - 04:20 PM

I'm on the phone with a client who is reporting she has "System Doctor 2014".  She is unable to download anything from any website.

 

We tried a system restore but no luck.  Still cannot download anything.

 

I'm going to have her use a different computer to download MalwareBytes and Kasperky and see if we have any luck with them.

 

I'll post an update when we make some progress, if any.

 

Dan



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:29 PM

Posted 28 May 2013 - 07:49 PM

This looks like a new one and I had another topic already and as with them we will need stronger tools and a deeper look and start a new topic.

 

Please go here Preparation Guide

Do steps 6,7 and 8.

If you cannot produce the DDS log,then just repost your above info in the new topic of step 7.

You can use the same title and mention you cannot run any tools including DDS.

 

Let me know if that went OK.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Tbei25

Tbei25
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 28 May 2013 - 07:55 PM

I am running the Kaspersky tool now and will see if it will remove it.  I will do what you mention above if it does not work. 

 

thank you for your quick response.



#6 drau

drau

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 28 May 2013 - 07:59 PM

Quick update:

 

I was able to get onto my client's computer by having her create a new user with admin privileges.  Once she rebooted and logged back on as the new user, she was able to download files.

 

So far, we've run Malwarebytes and SpyBot.  Everythings looks like it's been cleaned up.

 

I still have to run Kaspersky to see if finds anything.

 

Dan



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:29 PM

Posted 28 May 2013 - 08:10 PM

Great good to know we can get in.
Add this scan also

Please download AdwCleaner by Xplode onto your desktop.
•Close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with Ok.
•You will be prompted to restart your computer. A text file will open after the restart.
•Please post the contents of that logfile with your next reply.
•You can find the logfile at C:\AdwCleaner[S1].txt as well
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 crymond

crymond

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 28 May 2013 - 08:41 PM

I was @#$%&'d over this extremely annoying piece half the day, but finally managed to bypass it and do a traditional system restore.  The easiest thing is to simply delete the key executable file at the c:/ prompt level while in SAFE MODE

The name of the file is "RDfdL9fh.exe" and it is located in the

c:/users/[insert your user directory name]/AppData/Roaming/RDfdL9fh/RDfdL9fh.exe

 

In fact, delete the whole RDfdL9fh directory.

 

the command to delete the file (if you never used DOS) is: del RDfdL9fh

and the command to remove the directory is: rd RDfdL9fh

 

Then restart in usual windows mode.  The malware won't show up and you can do a usual system restore.



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:29 PM

Posted 28 May 2013 - 09:25 PM

OK, thanks... I moved this to the Am I Infected forum as it is where it belongs.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users