Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Systemdoctor


  • Please log in to reply
5 replies to this topic

#1 Tweener

Tweener

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Location:Ohio
  • Local time:11:15 PM

Posted 02 June 2006 - 11:07 AM

My father has some type of malware on his WinXP SP2 machine that keeps popping up a window that reads "System Integrity Scan Wizard" whenever IE is opened. If the "next" button is pressed, it begins to download an application called SystemDoctor that is supposed to be an infection eradication tool (which I, of course, highly doubt.) I have searched for both "System Integrity Scan Wizard" and systemdoctor on Google and have found only recent posts in various forums on the subject (within the last month). Many of the forum hits for systemdoctor are obvious forum spams because they all read the same and praise it's virtues. I have also found a possible link to the xxxcodec for the source of this problem. Anyone have any more info on this yet?
There are 10 kinds of people, those that understand binary - and those that don't.

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:09:15 PM

Posted 02 June 2006 - 11:45 AM

I suggest you post a HijackThis log for examination.
A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.
Once you post your log, don't make any changes to your system, as that could change the results of the posted log, making it difficult to properly clean your system.

Read How to post a HijackThis Log.
Please read, and follow, all directions carefully!!!

Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, as these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:11:15 PM

Posted 02 June 2006 - 12:06 PM

Hey tg1911, can I use that HJT canned speech/post/w/e for my future posts regarding HJT?
Stanford '14
B.S. Candidate | Computer Science

#4 Tweener

Tweener
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Location:Ohio
  • Local time:11:15 PM

Posted 02 June 2006 - 12:43 PM

Well, as I said - it's my father's system. I have cable service, but he's still on dial-up. I don't want to spend an entire day or two at my parent's house cleaning this up because every tool I'd need to download would be 10 to 20 minutes minimum, and even if I refered him to this forum he'd be lost trying to follow your instructions. Just looking to see if anyone has had any experience with this malware yet, and maybe know of a manual clean-up process.

Edited by Tweener, 02 June 2006 - 12:44 PM.

There are 10 kinds of people, those that understand binary - and those that don't.

#5 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:11:15 PM

Posted 02 June 2006 - 01:48 PM

You could download HJT onto a CD (or USB) and give it to your parents, scan with HJT, put the log onto the CD (or USB), use your computer to post the HJT log, keep a close eye on the topic, once the cleaning instructions have been finished, download all of the necessary tools and updates, print out the instructions for the cleaning as always, bring the CD/USB with the updates, programs, etc. and the instructions to your parents house and fix everything up from their.
Stanford '14
B.S. Candidate | Computer Science

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:15 PM

Posted 02 June 2006 - 02:50 PM

Spyware.SystemDoctor was first detected by Prevx1 on Apr 29 2006. Installs other malicious programs. Connects with 3rd party computer systems and forwards data via the nternet.

virusinfo.prevx.com

It appears to be related to Winfixer/Vundo.

The best way to deal with this is to follow tg1911's instructions. However, if you have no other choice you can try using the free version of Prevx1 or the self-help tutorial How To Remove Winfixer/Virtumonde/Msevents/Trojan.vundo.

Follow that with these online Virus scans:
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]
Trend Micro Housecall Scan
Panda ActiveScan
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users