Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Find Systemdoctor Registry Keys?


  • Please log in to reply
4 replies to this topic

#1 Savitri

Savitri

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 15 August 2006 - 10:02 PM

Hello,

I was recently infected with several viruses, spyware and malware on my computer. Thanks to this forum I was able to remove almost everything off of my computer using roguescanfix_setup.exe and smitRem.exe.

However, when I scan my computer with Panda, it says that there is still one file from sytemdoctor in my registry. Below is the log.

Incident
Adware:adware/systemdoctor

Status
Not Disinfected

Location
Windows Registry

I've done a search for all of the common systemdoctor registry keys and I can not find any record of these in my registry.

How in the world do I find this registry file?

Thanks in advance! :thumbsup:

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:00 PM

Posted 16 August 2006 - 03:03 AM

Hey there Savitri.

To be honest with you, when I see entries that in a Panda log I ignore them. Most likely you have a single orphaned registry entry left over from the previous infection which is doing no damage to your system at all. It could even be a false positive and the key actually isn't there. My recommendation would be to either completely ignore that entry as it is most certainly harmless even if the reg entry is present, or you can try and remove it manually. The easiest way to remove the file would be to run an updated general antispyware scanner. I would try adaware and instructions are posted below:

Please download Ad-Aware SE Personal and install it.
If you already have Ad-Aware SE, please configure it as indicated below.
If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.

Run Ad-Aware, and click Check for updates now.
Select Configurations (click the Gear wheel at the top) as follows:
General Button > Safety & Settings > Check (Green) all three.
Tweak Button > Cleaning Engine > uncheck "Always try to unload modules before deletion".
Click Proceed.

To start the scan, Click > "Scan Now" at left.
Select "Search for low-risk threats".
Select "Perform full system scan".
Click "Next".

When the scan has completed, select Next.
In the Scanning Results window, select the "Critical Objects" tab.
Right-click on the screen and choose "Select all objects".
Click Next to remove the infections found, and click OK to the prompt.
Restart the computer.

Now run Panda again and see if the registry entry is found or not.
You can do a "regsearch", but it's more complicated and we can try that later.
David

#3 Savitri

Savitri
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 17 August 2006 - 07:47 PM

Thank you for responding to my post so quickly, D-Trojanator.

I followed all of your advice and the registry key is still there!!! I know you say that it is probably harmless and I should'nt worry about it, but now I am just simply obsessed! :thumbsup:

Do you have any other recommendations for removing this elusive key?

Thanks :flowers:

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:00 PM

Posted 18 August 2006 - 02:55 AM

Ok, let's try a registry search then :thumbsup:

Launch Notepad, and copy/paste the box below into a new text file. Save it as Options.txt on your Desktop.

RegSearch Options File

[Search]
systemdoctor

[Exclude]

[Options]
Filter=KVDLUI


Download Registry Search and extract it. Doubleclick the icon to run and click on "Import...". Select the file you created above. Click "OK" and Registry Search will search the Registry and report what it finds. Post that here.

David

#5 Savitri

Savitri
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 20 August 2006 - 09:27 PM

Thanks again for your quick reply D-Trojanator! I followed the instructions that you gave me, the Registry Search report is posted below.

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman 2005
; Version: 2.0.1.0

; Results at 8/20/2006 9:21:43 PM for strings:
; 'systemdoctor'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_USERS\S-1-5-21-1220945662-764733703-854245398-1003\Software\Google\NavClient\1.1\History]
; Contents of value:
; ,@d
"systemdoctor"=hex:2c,40,e1,44
; Contents of value:
; wd
"systemdoctor registry"=hex:07,77,e2,44
; Contents of value:
; ubd
" how to delete systemdoctor from registry"=hex:75,42,e1,44
; Contents of value:
; fd
" how to remove systemdoctor from registry"=hex:80,46,e1,44
; Contents of value:
; jhd
"systemdoctor registry keys"=hex:6a,48,e1,44
; Contents of value:
; md
"remove systemdoctor from registry"=hex:13,4d,e1,44
; Contents of value:
; 6md
"remove systemdoctor from registry manually"=hex:36,4d,e1,44
; Contents of value:
; zd
"Adware:adware/systemdoctor Not disinfected Windows Registry "=hex:80,7a,e2,44
; Contents of value:
; 2{d
"\"systemdoctor registry\""=hex:32,7b,e2,44

[HKEY_USERS\S-1-5-21-1220945662-764733703-854245398-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"004"="systemdoctor"

; End Of The Log...

Please let me know what to do from here. Thanks! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users