SystemDoctor
|
Description:
|
Rogue Security Program
|
|
Risk Level:
|
Critical
|
|
Date of First Occurence:
|
Monday, April 21, 2008
|
|
Software Developer:
|
(unknown)
|
|
Brief Info:
|
Rogue/Suspect Anti-Spyware Product
"Rogue/Suspect" means that these products are of unknown, questionable, or dubious value as anti-spyware protection.
|
|
Removal:
|
This threat can be removed using "Spyware
Terminator"
|
ELIMINAR SPYWARE »
Geographical Distribution of Threat "SystemDoctor"
Threat Info
View All
Detected Items
- Detected Files:
%TEMP%\SystemDoctorFreeSetup.exe
MD5: 1488525BD3426A7AD7B62EC75D084EF6 Size:4654795
MD5: 1C7C3D48550D2723265BA3EAA548E509 Size:2425221
MD5: 6AE23635ED4FC6179BB309C0BB107873 Size:4654269
MD5: 79E9CFAA802A9346CFA297B08BC8EC11 Size:2432331
MD5: 5496D72D9DFCB70274C623F2D3F5B6DD Size:3413562
MD5: 3D81AAD3790E1455F1DBA441C707ED16 Size:2462124
MD5: DB16AB7CBBAC6809969DBEC025B57220 Size:2377730
MD5: DE762E3CADE892727B8DE18673DECFB7 Size:3356586
MD5: 4215E971AE7D1B8448AD6736D5B91547 Size:2449703
MD5: B0008319FC03231EC6D1612D9588339B Size:3404783
MD5: 5E9D468CEF9A6E9083E879E4A4BC3A41 Size:4683794
MD5: 4013E4AE496E6EB8DBECC6D65B64487B Size:3499765
and more....
%PROGRAMFILES%\SystemDoctor 2006 Free\msvcr71.dll
MD5: 86F1895AE8C5E8B17D99ECE768A70732 Size:348160
%PROGRAMFILES%\SystemDoctor 2006 Free\msvcp71.dll
MD5: 561FA2ABB31DFA8FAB762145F81667C2 Size:499712
%PROGRAMFILES%\SystemDoctor 2006 Free\mfc71.dll
MD5: F35A584E947A5B401FEB0FE01DB4A0D7 Size:1060864
%PROGRAMFILES%\SystemDoctor 2006 Free\atl71.dll
MD5: 8F2097E8B174F38178570C611464935F Size:89088
%TEMP%\SystemDoctorFreeSetup.exe
MD5: F3CFD589AD815ACCCDA513969343C799 Size:3409726
MD5: 67A2BCF7954E89D538CCCAFB15C20605 Size:2424990
MD5: 808494F82FE514FFCB924F190F0285B5 Size:2452323
MD5: 661B8CBB168EE8D72078E869A4B390F9 Size:2251502
MD5: E7D32B3536B66BE5F9694AF752B2D122 Size:2447551
MD5: 0112575AAB5FA985B29C69C45921425E Size:2432014
MD5: 58F0D7CCCCD8C2002D7D3D8B1595CA17 Size:3340734
MD5: 6C48B8F181979618B301F86DDF579C7E Size:3435730
MD5: 5822F0A867BF1E511BBE123C7BAABCE9 Size:2441633
%PROGRAMFILES%\SystemDoctor 2006 Free\insthelp.exe
MD5: 085EC486B91CE5E7040835C0719C5516 Size:118784
MD5: BC53704596C578C363C3E46F6A68AD14 Size:120832
MD5: F20C711075DCC8BA291A0E493593C381 Size:118784
MD5: DF1DA0576E1AF70FB75B610810B311A5 Size:120832
%PROGRAMFILES%\SystemDoctor 2006 Free\unins000.exe
MD5: 5069E7E18EAD9E1ABDA907E9C2EEDE12 Size:675871
MD5: C53F4B6340DFAB2865AA988261F389CB Size:673813
MD5: A8B7FE1D57F296FA2C6052F1C53F1E4F Size:673629
MD5: 93237359651857BBEACAC2319C8D3603 Size:674894
%PROGRAMFILES%\SYSTEMDOCTOR 2006 FREE\SD2006.EXE
MD5: A27830048498E768CDAE7935E20AD342 Size:3624960
%PROGRAMFILES%\SystemDoctor 2006 Free\ModelLib.dll
MD5: C15F82790BE4C77237EFBF0F18223359 Size:188416
%PROGRAMFILES%\SystemDoctor 2006 Free\sd2006.exe
MD5: 1467BCEA16A8B5D1DC1696FC51256E5C Size:3620864
%PROGRAMFILES%\SystemDoctor 2006 Free\bak\usdr6cw.exe
MD5: 33B0A15A37DC6EEE9AA185A220D0191B Size:114688
- Detected Files with variable Filenames:
MD5: F6C29A39A54B30D0885C1F1DCDD60A98 Size: 3433936
%TEMP%\USDR6_0001_D19M2108\installer.exe
%SystemDiskRoot%\Documents and Settings\Owner.FAMILYROOM\Local Settings\Temp\USDR6_0001_D19M2108\installer.exe
D:\stare instal mozda ima virusa\ODRZAVANJE I UPRAVLJANJE\SYSTEM DOCTOR 2006.exe
d:\nazaar\Documents and Settings\nazar\Local Settings\Temp\USDR6_0001_D19M2108\installer.exe
c:\Documents and Settings\krisztina\Local Settings\Temp\USDR6_0001_D19M2108\installer.exe
%SystemDiskRoot%\Documents and Settings\Edmundo Herrera\Local Settings\Temp\USDR6_0001_D19M2108\installer.exe
e:\Temp\USDR6_0001_D19M2108\installer.exe
%SystemDiskRoot%\Documents and Settings\idan\Local Settings\Temp\USDR6_0001_D19M2108\installer.exe
%SystemDiskRoot%\Documents and Settings\Jamie Dancer\Local Settings\Temporary Internet Files\Content.IE5\D3R7L9GE\SystemDoctor2006FreeSetup[1].exe
%SystemDiskRoot%\Documents and Settings\Jamie Dancer\Local Settings\Temp\USDR6_0001_D19M2108\installer.exe
e:\System Volume Information\_restore{AB183756-217E-4282-8F31-DCFE5D598CEA}\RP61\A0007037.exe
and next 0 variations.
MD5: 5496D72D9DFCB70274C623F2D3F5B6DD Size: 3413562
%TEMP%\SystemDoctorFreeSetup.exe
%SystemDiskRoot%\Documents and Settings\Owner\Local Settings\Temp\SystemDoctorFreeSetup.exe
d:\nazaar\Documents and Settings\nazar\Local Settings\Temp\SystemDoctorFreeSetup.exe
c:\Documents and Settings\krisztina\Local Settings\Temp\SystemDoctorFreeSetup.exe
e:\Temp\SystemDoctorFreeSetup.exe
%SystemDiskRoot%\Documents and Settings\idan\Local Settings\Temp\SystemDoctorFreeSetup.exe
%PROGRAMFILES%\Yahoo!\YPSR\Quarantine\ppq4E.tmp
%SystemDiskRoot%\Documents and Settings\Marie Lesbirel\Local Settings\Temp\SystemDoctorFreeSetup.exe
MD5: 93FDBFAAE9A3A7E984FC70DFE858E5E6 Size: 95696
%TEMP%\SystemDoctor2006FreeInstall.exe
%SystemDiskRoot%\Documents and Settings\camino2\Local Settings\Temporary Internet Files\Content.IE5\S9I7WXAN\SystemDoctor2006FreeInstall[1].exe
%SystemDiskRoot%\Documents and Settings\camino2\Local Settings\Temp\SystemDoctor2006FreeInstall.exe
%DESKTOP%\SystemDoctor2006FreeInstall.exe
%TEMP%\SystemDoctor2006FreeInstall(3).exe
%TEMP%\SystemDoctor2006FreeInstall(2).exe
%TEMP%\SystemDoctor2006FreeInstall(1).exe
%SystemDiskRoot%\Documents and Settings\Jana mardov\Local Settings\Temp\SystemDoctor2006FreeInstall.exe
d:\nazaar\Documents and Settings\nazar\Local Settings\Temporary Internet Files\Content.IE5\O9GTS7AO\SystemDoctor2006FreeInstall[4].exe
d:\nazaar\Documents and Settings\nazar\Local Settings\Temporary Internet Files\Content.IE5\O9GTS7AO\SystemDoctor2006FreeInstall[2].exe
d:\nazaar\Documents and Settings\nazar\Local Settings\Temporary Internet Files\Content.IE5\O9GTS7AO\SystemDoctor2006FreeInstall[1].exe
and next 45 variations.
MD5: 1AB4D68F01FD3F8AB2C38CEE82EC79A0 Size: 155648
%PROGRAMFILES%\SystemDoctor 2006 Free\pasmon.exe
d:\nazaar\Program Files\SystemDoctor 2006 Free\is-OQE52.tmp
%PROGRAMFILES%\SystemDoctor 2006 Free\bak\pasmon.exe
%SystemDiskRoot%\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP86\A0013448.exe
MD5: 52BEA10F025F41EFE3A04F92AECBDF03 Size: 192512
%PROGRAMFILES%\SystemDoctor 2006 Free\dcmon.exe
d:\nazaar\Program Files\SystemDoctor 2006 Free\is-19D51.tmp
%SystemDiskRoot%\System Volume Information\_restore{3CD227BE-0285-4D59-8ECB-31D4CD570C30}\RP100\A0033006.EXE
%PROGRAMFILES%\SystemDoctor 2006 Free\bak\dcmon.exe
%SystemDiskRoot%\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP86\A0013407.exe
MD5: DE762E3CADE892727B8DE18673DECFB7 Size: 3356586
%TEMP%\SystemDoctorFreeSetup.exe
%USERPROFILE%\Local Settings\Temp\SystemDoctorFreeSetup.exe
MD5: 7E60F5CBE99244A758CB5261E380EEA5 Size: 114688
%COMMONFILES%\SystemDoctor\USDR6cw.exe
%PROGRAMFILES%\SystemDoctor 2006 Free\USDR6cw.exe
d:\nazaar\Program Files\SystemDoctor 2006 Free\is-HT2JM.tmp
%SystemDiskRoot%\System Volume Information\_restore{3CD227BE-0285-4D59-8ECB-31D4CD570C30}\RP100\A0032999.exe
%PROGRAMFILES%\SystemDoctor 2006 Free\bak\USDR6cw.exe
MD5: 31A869735C1FC9DD8D4705237CADC932 Size: 2977792
%PROGRAMFILES%\SystemDoctor 2006 Free\Sd2006.exe
%PROGRAMFILES%\SystemDoctor 2006\sd2006.exe
d:\nazaar\Program Files\SystemDoctor 2006 Free\is-14T7E.tmp
%PROGRAMFILES%\SystemDoctor 2006 Free\bak\sd2006.exe
%SystemDiskRoot%\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP86\A0013449.exe
MD5: 2FA50B1E17A74FE688844E3B8AD97ED1 Size: 83456
G:\Archivos de programa\SystemDoctor Free\order.dll
d:\nazaar\Program Files\SystemDoctor 2006 Free\order.dll
%PROGRAMFILES%\SystemDoctor Free\order.dll
%SystemDiskRoot%\RECYCLER\S-1-5-21-1454471165-854245398-1239249059-1003\Dc4.dll
%PROGRAMFILES%\SystemDoctor 2006 Free\order.dll.ren
%PROGRAMFILES%\SystemDoctor 2006 Free\order.dll
%SystemDiskRoot%\System Volume Information\_restore{3CD227BE-0285-4D59-8ECB-31D4CD570C30}\RP100\A0032998.dll
%SystemDiskRoot%\System Volume Information\_restore{8F92269A-0C6B-4B8F-BD3A-55C933E1D9E8}\RP35\A0008050.dll
%SystemDiskRoot%\System Volume Information\_restore{95B7E0CA-6907-4872-B2C2-86228C777E2B}\RP69\A0029879.dll
E:\Programmi\SystemDoctor Free\order.dll
%SystemDiskRoot%\RECYCLER\NPROTECT\00094581.dll
MD5: E73815335DA28B7DD8C368494A7EB94F Size: 2048
d:\nazaar\Program Files\SystemDoctor 2006 Free\Activate.exe
%PROGRAMFILES%\SystemDoctor 2006 Free\activate.exe.ren
%PROGRAMFILES%\SystemDoctor 2006 Free\Activate.exe
%SystemDiskRoot%\RECYCLER\NPROTECT\00094585.exe
MD5: A5D602953BC403FA85547E52457C0F8A Size: 626688
%PROGRAMFILES%\SystemDoctor 2006 Free\updater.exe
%PROGRAMFILES%\SystemDoctor 2006 Free\updater.exe.ren
MD5: BE344F40891AF35AE82B1E8606FD363D Size: 120832
%PROGRAMFILES%\SystemDoctor 2006 Free\insthelp.exe
%PROGRAMFILES%\SystemDoctor 2006 Free\insthelp.exe.ren
MD5: 6272327B2497E69FB0EACDA8E260CAA8 Size: 669021
%PROGRAMFILES%\SystemDoctor 2006 Free\unins000.exe
%PROGRAMFILES%\SystemDoctor 2006 Free\unins000.exe.ren
MD5: 181A4586E4EC366895E99FCFF3554E2E Size: 155648
%PROGRAMFILES%\SystemDoctor 2006 Free\startupmon.exe
%PROGRAMFILES%\SystemDoctor 2006 Free\startupmon.exe.ren
MD5: 1440872A8AA6FE9762B1C46AD204A1E3 Size: 4972544
%PROGRAMFILES%\SystemDoctor 2006 Free\sd2006.exe
%PROGRAMFILES%\SystemDoctor 2006 Free\sd2006.exe.ren
Detecting items list:
- Files by Name
%PROGRAMFILES%\SystemDoctor 2006 Free\Activate.exe
%PROGRAMFILES%\SystemDoctor 2006 Free\dcmon.exe
%PROGRAMFILES%\SystemDoctor 2006 Free\order.dll
%PROGRAMFILES%\SystemDoctor 2006 Free\pasmon.exe
%PROGRAMFILES%\SystemDoctor 2006 Free\Sd2006.exe
%PROGRAMFILES%\SystemDoctor 2006 Free\USDR6cw.exe
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\SystemDoctor 200?.lnk
%DESKTOP%\SystemDoctor 200?.lnk
%START_PROGRAMSALL%\SystemDoctor 200? Unregistered Version\Contact customer support.lnk
%START_PROGRAMSALL%\SystemDoctor 200? Unregistered Version\SystemDoctor 200? on the Web.lnk
%START_PROGRAMSALL%\SystemDoctor 200? Unregistered Version\SystemDoctor 200?.lnk
%START_PROGRAMSALL%\SystemDoctor 200? Unregistered Version\Uninstall SystemDoctor 200?.lnk
%ProgramFiles%\SystemDoctor 200? Free\Activate.dat
%ProgramFiles%\SystemDoctor 200? Free\Activate.exe
%ProgramFiles%\SystemDoctor 200? Free\bnlink.dat
%ProgramFiles%\SystemDoctor 200? Free\DataBase.sav
%ProgramFiles%\SystemDoctor 200? Free\hmlink.dat
%ProgramFiles%\SystemDoctor 200? Free\insthelp.exe
%ProgramFiles%\SystemDoctor 200? Free\lapv.dat
%ProgramFiles%\SystemDoctor 200? Free\License.rtf
%ProgramFiles%\SystemDoctor 200? Free\lock.dat
%ProgramFiles%\SystemDoctor 200? Free\order.dll
%ProgramFiles%\SystemDoctor 200? Free\pv.dat
%ProgramFiles%\SystemDoctor 200? Free\ReportListFile.dat
%ProgramFiles%\SystemDoctor 200? Free\Sd200?.exe
%ProgramFiles%\SystemDoctor 200? Free\sd200?url.url
%ProgramFiles%\SystemDoctor 200? Free\support.url
%ProgramFiles%\SystemDoctor 200? Free\umain.xml
%ProgramFiles%\SystemDoctor 200? Free\unins000.dat
%ProgramFiles%\SystemDoctor 200? Free\unins000.exe
%ProgramFiles%\SystemDoctor 200? Free\up.dat
%ProgramFiles%\SystemDoctor 200? Free\updater.dat
%ProgramFiles%\SystemDoctor 200? Free\updater.exe
%TEMP%\SystemDoctorFreeSetup.exe
- Files by MD5
MD5: 93FDBFAAE9A3A7E984FC70DFE858E5E6 Size: 95696
MD5: 5496D72D9DFCB70274C623F2D3F5B6DD Size: 3413562
MD5: F6C29A39A54B30D0885C1F1DCDD60A98 Size: 3433936
MD5: E73815335DA28B7DD8C368494A7EB94F Size: 2048
MD5: 52BEA10F025F41EFE3A04F92AECBDF03 Size: 192512
MD5: 2FA50B1E17A74FE688844E3B8AD97ED1 Size: 83456
MD5: 1AB4D68F01FD3F8AB2C38CEE82EC79A0 Size: 155648
- Files by Directories
%PROGRAMFILES%\SystemDoctor 2006 Free
%ProgramFiles%\SystemDoctor 200? Free
%START_PROGRAMSALL%\SystemDoctor 200? Unregistered Version
- Files by CLSID or Name
CLSID=A3B7165A-1356-4393-81BA-4C977723CE76
CLSID=E9CE19ED-0131-4487-8DDB-CCA27F7F8971
- Registry Keys
HKLM\SOFTWARE\Classes\SystemDoctor.Free
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USDR6_is1
HKLM\SOFTWARE\SystemDoctor 2006 Free
HKCR\SystemDoctor.Free
HKCU\Software\SystemDoctor 2006 Free
HKLM\SOFTWARE\Classes\SystemDoctor.Free
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USDR6_is1
HKLM\SOFTWARE\SystemDoctor 200? Free
HKCU\Software\SystemDoctor 200? Free
- Registry Values
HKCU\Software\Microsoft\Windows\CurrentVersion\Run ValueName=SystemDoctor 2006 Free
«
Go to Software Database
