Remove Adware System Doctor.

I have received some comments from viewers of this blog that on opening this blog in browser there is a pop-up advising them to install System Doctor on their PCs as it has some malware. I was asked whether I was sponsoring it!! System Doctor is adware which gets installed without your knowledge in the Registry of your Windows installation......

It infects your computer by trojan horses or by naming itself a free spyware removal tool and luring computer owners into installing it on their desktop machines. It is an anti-spyware application that gets installed by Spyware/malware without asking for permission.

System Doctor hijacks your Browser.

These are all used as a scare tactic to have you purchase their commercial software. See the image below :


To remove System Doctor from your PC you need HijackThis utility which you can download from here. Extract this file to c:\hijackthis. Close all windows, even this Internet Explorer window. Navigate to the c:\hijackthis directory and double-click on HijackThis.exe. When the program starts, click on the Scan button. Put a checkmark next to the following entry (There may be more than one of each):

O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
O4 - HKLM\..\Run: [dc6_check] C:\Program Files\SystemDoctor 2006 Free\dcmon.exe
O4 - HKLM\..\Run: [USDR6cw] C:\Program Files\SystemDoctor 2006 Free\USDR6cw.exe -c
O4 - HKLM\..\Run: [cmonitor] C:\Program Files\SystemDoctor 2006 Free\pasmon.exe

Then click the Fix button. Exit HijackThis. Reboot your computer into Safe Mode. Delete the following files if they exist:

C:\Program Files\SystemDoctor 2006 Free\

Reboot your computer back to normal mode. To manually remove System Doctor follow these instructions (at your own risk).

Kill the following processes

sd2006.exe, insthelp.exe, updater.exe, unins000.exe, activate.exe, systemdoctorfreesetup.exe

Unregister the following DLLs and reboot

order.dll in program files\systemdoctor 2006 free\

Delete these registry entries

HKEY_CLASSES_ROOT\clsid\{151a44b0-fc2d-4a02-bbbc-6b372f2f659c}
HKEY_CLASSES_ROOT\systemdoctor.free
HKEY_CURRENT_USER\software\systemdoctor 2006 free
HKEY_CURRENT_USER\software\systemdoctor 2006 free\tasksettings
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run systemdoctor 2006 free
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\usdr6_is1
HKEY_LOCAL_MACHINE\software\systemdoctor 2006 free
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run systemdoctor 2006 free

Remove the following files

contact customer support.lnk, systemdoctor 2006 on the web.lnk,
systemdoctor 2006.lnk, uninstall systemdoctor 2006.lnk in common programs\systemdoctor 2006 unregistered version\
systemdoctor 2006.lnk in desktop\
activate.dat, activate.exe, bnlink.dat, database.sav, hmlink.dat, insthelp.exe, lapv.dat, license.rtf, lock.dat, order.dll, pv.dat, reportlistfile.dat,
sd2006.exe, sd2006url.url, sr.log, support.url, umain.xml, unins000.dat, unins000.exe, up.dat, updater.dat,
updater.exe in program files\systemdoctor 2006 free\
update.log in userprofile\application data\systemdoctor 2006 free\logs\
systemdoctorfreesetup.exe in userprofile\local settings\temp\

Remove the following directories

program files\systemdoctor 2006 free
program files\systemdoctor 2006 free\download
program files\systemdoctor 2006 free\safemedia
profile\application data\systemdoctor 2006 free

Your computer should now be free of System Doctor. Hence you can see that System Doctor has nothing to do with my blog. Adware such as ErrorSafe and WinAntiVirus try to disguise themselves as a windows security prompt to trick people into downloading their software. ErrorSafe, WinFixer 2006, WinAntiSpyware, System Doctor 2006, WinAntiVirus Pro 2006, SysProtect, and similar software are ROGUE anti-spyware programs. They pretends to be a program that will help you fix windows problems, but really it reports false information to try to get you to purchase the program. It is a SCAM. For more information go here.

It gets installed on the victim’s machine via an ActiveX control, which needs user’s interaction. For more info click here.

Technorati Tags:system doctor, adware, malware removal