Jun 012013
 

System Doctor 2014 is a bogus antivirus program from the same family who created System Care Antivirus and other similar rogue products. They have stopped distributing System Care Antivirus now and replaced it with System Doctor 2014 to infect thousands of computers. This time the Rogue.WinWebSec family has completely replaced the user interface of their fake software and came up with a new interface which actually looks more ‘genuine’ for naïve users to fall into this scam. This tricky software pop-up all of a sudden and makes changes in system settings for its own benefit so that you cannot actually remove it easily. For some time, It may feel like a legitimate antivirus program but this scam software is just designed to extort money from unsuspecting users.

System Doctor 2014 is invented by cyber criminals to infect user’s machine and then tell them to purchase full version of System Doctor 2014 in order to remove the infections. When System Doctor 2014 is inside your computer, It will do a so called scan of your computer and report numerous bogus infections. It pretends itself as a genuine anti-malware tool but It is actually an unwanted software which is just trying to get your money by scaring you with false alerts. System Doctor 2014 will constantly scan your computer and keep reporting numerous infections in your computer. When you’re working on your PC, It will show loads of false security alerts to scare you so that you buy full version of System Doctor 2014.

System Doctor 2014 Malware Scanning Computer.

System Doctor 2014 spreads to your computer when you are browsing unsafe websites and download something malicious from those websites. The infection is also spread via hacked websites which can install the software in your computer without your knowledge or permission by exploiting software vulnerabilities in your computer. You may also get such kind of rogue programs in your computer If you are used to download music, movies and other similar stuff from un-trusted sources. Such free stuff can come bundled with malware and thus you are a very easy target for scammers. The offer something for free and get your attention very easily.

With every System Startup, System Doctor 2014 will run automatically and take over your computer. It will block Task Manager, Registry Editor and other helpful programs which might help you in removing the rogue program. It will continuously show you alerts that your computer is in very bad shape and System Doctor 2014 is your friend while the truth is something else. You’ll see bogus alerts like :

Warning! Infected file detected.
Location: File System
File name: notepad.exe
Level of Threat: 4
Behavior description: Destroys and infects system files.
To keep this computer safe, the threat must be blocked.
Recommendation: You are using a limited version of System Doctor 2014. Please activate System Doctor 2014 to resist all virus threats efficiently.

Warning! The site you are trying visit may harm your computer!
Your security setting level puts your computer at risk!
Activate System Doctor 2014, and enable safe web surfing (recommended).
Ignore warnings and visit that site in the current state (not recommended).

Don’t get worried from these warnings and alerts as they are manufactured and nothing such is happening in your computer. Once you get rid of this rogue program, everything will start working once again in your computer. There is nothing wrong with your computer but this malware is showing like your computer is in very bad condition.

If you’ve already bought System Doctor 2014 without a second thought, don’t worry and call your credit card company to dispute the transaction. Explain the situation to them and you’ll certainly get your money back. Read next part of removal guide to learn how to remove System Doctor 2014 very easily.

How To Remove System Doctor 2014

System Doctor 2014 blocks all legitimate programs in your computer so that you can’t remove it easily.  If you are not an computer expert, you might have hard time removing System Doctor 2014. We have tested this malware in our research lab and recommend these removal methods :

A. Automatic Removal
B. Manual Removal.

Automatic Removal method is based on using a genuine anti-malware tool while manual removal method is based on removing the malware manually using your own knowledge. We recommend Automatic Removal because It is fast, easy and removes all traces of malware very easily. You can read more about both removal methods below :

A. How To Remove System Doctor 2014 Automatically

Automatic Removal method is extremely easy to follow and guarantees complete removal of the malware. If you follow this method, you’ll end up scanning all files on your computer and when the removal is done, you can be sure that no threat is hiding in your computer. Automatic Removal method is also capable of catching other threats which you might now know about. Here is how to remove System Doctor 2014 Automatically :

1. First of all, you need to download Process Explorer to terminate System Doctor 2014 so that It can’t interfere with removal process. To do that, click on Start—>Run, type “http://www.rogueavremovals.com/explorer.exe” (without quotation marks) and click OK button. This will start downloading Process Explorer from our website.

Please note that you must save the downloaded file as “explorer.exe” and I’ll tell you why this is so important. When you save the downloaded file as “explorer.exe” this malware can’t block it since Explorer.exe is also name of a critical Windows Process.

2. After downloading Process Explorer on desktop, double click over it and run it. See the list of active running processes and locate a process having strange name (See the Screenshot Below). Right Click over that process and select “Kill Process Tree” and then click on OK button.

As soon as you click on “OK” button, System Doctor 2014 will get terminated forcefully. Please note that System Doctor 2014 is not removed yet but just not running temporarily. Don’t restart your computer yet and follow next steps.

3. Now download Spy Hunter by clicking the button below which remove System Doctor 2014 and all other malware from your computer. It is very important to scan all files since your computer has been compromised badly by this malware.

4. After downloading Spy Hunter, please install it in your computer by following the instructions shown on screen. Once you are done installing the software, please do a Full Scan of your computer to discover all the threats which might be hiding in your computer.

Full scan will automatically scan all the files in your computer and remove System Doctor 2014 as well as other threats which might be hiding in your computer. Here is a screenshot from our research lab :

5. When Full Scan is complete, click on “Fix Threats” button and this will remove System Doctor 2014 as well as all other threats from your computer. Now reboot your computer and you can use all the programs same as before without any problems.

B. How To Remove System Doctor 2014 Manually

System Doctor 2014 is a malicious program and we suggest that only expert computer users opt for manual removal method. This is because manual removal of System Doctor 2014 requires you to edit the registry and delete the infected files manually.

If you don’t know how to edit the registry, we don’t suggest doing this as you’re modifying a core part of your computer and editing it incorrectly may cause your computer to stop booting altogether. Also, don’t delete any files unless you are sure that those files are related to the malware. Take help from a computer expert If you don’t know what you are doing.

Please follow these steps carefully at your own risk :

1. First of all, you need to stop System Doctor 2014 from running in your computer so that It can’t interfere with the removal process. To terminate System Doctor 2014, please download Process Explorer and save it as “explorer.exe” on desktop. After downloading Process Explorer, run it, locate the process related to malware and End Task it.

Please note that malware is not out of your computer but just not running temporarily.  If you reboot your computer at this stage, the malware will launch itself at startup. Therefore, before removing the malware completely, don’t restart your computer.

2. After terminating System Doctor 2014, please locate these malicious files remove them permanently :

%CommonAppData%\<random numbers and chars>\
%CommonAppData%\<random numbers and chars>\<random numbers and chars>
%CommonAppData%\<random numbers and chars>\<random numbers and chars>.exe
%CommonAppData%\<random numbers and chars>\<random numbers and chars>.ico

Please be extra cautious when you are deleting files off your computer. Make sure that you don’t delete any System Files because that can cause more trouble to you later.

3. After deleting infected files from your computer, edit the registry and remove the startup registry entry so that malware can’t launch itself at startup. To run registry editor, click on “Start—>Run” type, “regedit” and click OK button.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “<random numbers and chars>”

Please edit the registry carefully and don’t mess up with other keys in the Registry.

Please note that manual removal steps might not work all the time If you don’t delete all the infected files on your computer. Please also keep in mind that malware may change its way of working in future and thus manual removal steps may get outdated. To get rid of the malware completely, we recommend Automatic Removal method at anytime because of its effectiveness against this malware.

 Posted by at 12:02 pm
Apr 202013
 

System Care Antivirus is a bogus malware application designed to scam unsuspecting users by threatening them and then forcing them to buy the rogue application. System Care Antivirus looks exactly same as its previous successor named System Progressive Protection.

System Care Antivirus spreads via hacked websites and malicious downloads. It can’t get inside your computer automatically but something from your side has to trigger its infection. It is likely that recently you’ve downloaded something off the Internet and that download came bundled with System Care Antivirus. If you download that so called free stuff from Internet, your computer can easily catch infections like System Care Antivirus. You think that you’re getting something for free but when you open the downloaded stuff, System Care Antivirus gets activated and start bothering you.

Once running in your computer, it will block everything and fake security alerts will start popping up from everywhere. Before you fully understand about what is happening, you’ll see System Care Antivirus on your screen doing a bogus scan and showing numerous infections. All the reported infections are fake and actually there is no malicious stuff on your computer. It is System Care Antivirus trying to fool you so that you buy its full version and pay money to scammers. This scare tactics work really well and If you don’t enquire about System Care Antivirus, you might also pull out your credit card and buy a fake software which is of no use.

System Care Antivirus Removal

Download Removal Tool

System Care Antivirus will also show bogus alerts like :

Spyware.IEMonster activity detected.
This is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs. Click here to remove it immediately with System Care Antivirus.

System Care Antivirus Firewall Alert
System Care Antivirus Firewall has blocked a program from accessing the Internet. Internet Explorer Internet Browser is infected with worm SVCHOST.Stealth.Keyloger. This worm is trying to send your credit card details using Internet Explorer Internet Browser to connect to remote host.

System Care Antivirus Warning
Your PC is still infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details.

Warning: Your computer is infected
Detected spyware infection! Click this message to install the last update of security software…

You shouldn’t pay attention to any of these alerts as these alerts are totally manufactured by System Care Antivirus. There is nothing such happening in your computer and these alerts are just to scare you so that you start believing that something malicious is going on with your computer. Read next part of this removal guide to learn how to remove System Care Antivirus quickly and easily.

How To Remove System Care Antivirus

System Care Antivirus blocks Task Manager as well as all other programs to make its removal much harder. If you’re a new computer user, you might not be able to remove System Care Antivirus easily If you don’t seek professional help. We’ve experiment with this malware in our research lab and tried two removal methods which are :

A. Automatic Removal Method
B. Manual Removal Method

We recommend Automatic Removal method because It is much easier to follow as well as way more effective than manual removal method. You can read more about both removal methods below.

A) Automatic Removal Method

As the name implies, this removal method is all about using automatic tools to remove the malware. You’ll need to use a genuine anti-malware program and scan your computer to get rid of all the malware hiding in your computer. This method is very effective as you’ll be able to remove System Care Antivirus as well as other malicious threats from your computer very easily. Here is how to proceed with Automatic Removal :

1. When System Care Antivirus is running in your computer, please click on Start—>Run, type “http://www.rogueavremovals.com/remover.php” (without quotation marks) and click OK button. This will start downloading removal tool from our servers. Alternatively, you can also click on this button to start the download and save the downloaded file as “explorer.exe” on desktop.

Download Removal Tool

Please note that you must save the file as “explorer.exe” and I’ll tell you why. Explorer.exe is the name of a critical Windows process and System Care Antivirus doesn’t block files having this name. Therefore, If you save the removal tool as “explorer.exe” you can easily use it against this malware.

2. After downloading and saving the downloaded file as “explorer.exe”, please double click over it and you’ll see that System Care Antivirus will get terminated forcefully. Please keep in mind that the malware is not out yet but just not running temporarily in your computer.

3. Follow the instructions shown on screen to install the removal tool completely and then do a Full Scan of your computer to discover what is hiding in your computer. Full scan will automatically uncover System Care Antivirus as well as lots of other threats which might be hiding in your computer since quite some time.

4. When Full Scan is complete, click on “Fix Threats” button and get rid of all the malware easily. Now reboot your computer and that’s it. Now you can use your computer same as before without any interruptions.

B) Manual Removal Method

Manual removal is all about using your own knowledge to get rid of the malware and this method can be risky at times. If you don’t know how to find the infected files and correct registry entries, you won’t be able to remove the malware fully. On the other hand, If you leave traces of the malware on your computer, System Care Antivirus will return back in no time and start bugging you again.

For this reason, please follow manual removal steps at your own risk and don’t delete any files just because you think that they are infected.

1. Before you do anything else, you need to stop System Care Antivirus from running in your computer so that It can’t interfere with removal process. To terminate System Care Antivirus forcefully, you need to download Process Explorer and save it as “explorer.exe” on desktop. Once you’ve got Process Explorer on your computer, run it and End task System Care Antivirus.

2. Now find these malicious files and delete them permanently :

%CommonAppData%\<random numbers and chars>\
%CommonAppData%\<random numbers and chars>\<random numbers and chars>
%CommonAppData%\<random numbers and chars>\<random numbers and chars>.exe
%CommonAppData%\<random numbers and chars>\<random numbers and chars>.ico

Please don’t delete any files from your computer If you feel that you’re deleting the wrong onces.

3. After deleting malicious files, edit the registry and remove malicious registry entries so that malware can’t launch itself at startup. To run registry editor, click on “Start—>Run” type, “regedit” and click OK button.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “<random numbers and chars>”

If you follow manual removal steps correctly, you should be able to remove System Care Antivirus. Please also keep in mind that manual removal instructions may get outdated at anytime. Although we try to keep the removal guides fresh but If the malware changes its way of working, you can always try your hands on Automatic Removal as this method is supposed to work all the time. If you’ve any questions, please feel free to post them here.

 Posted by at 12:07 pm
Oct 162012
 

System Progressive Protection is a dodgy antivirus software which is actually a virus itself and It is designed by the cyber criminals to lure consumers into buying a fake software. System Progressive Protection virus enters forcefully in the computer bypassing your antivirus products and other security shields. Criminals behind such rogue products continue to change their products every other day so that genuine antivirus products can’t catch them so easily. They release a new variant of same malware everyday and before you update your anti-virus software, System Progressive Protection gets inside your computer and takes control over everything.

Keep in mind that rogue antivirus products like System Progressive Protection can not get inside your computer unless you make a mistake yourself. That mistake can be downloading something off the Internet which is actually malicious and System Progressive Protection is bundled with what you are downloading. This is the tendency of fake products, they get inside the computer as a legitimate download and once you execute the downloaded stuff, you becomes a victim of this scam which is designed to look legitimate.

System Progressive Protection looks like a legitimate application and If you don’t do further research on the product before buying it, you are sure to fall into this scam. System Progressive Protection does a fake scan of your computer and tells you that there are numerous infections on your computer and your passwords are being stolen by third parties. To fix all the threats, you’ll be convinced to buy full version of System Progressive Protection.

Here is screenshot of system progressive protection doing a bogus scan and showing a predetermined set of scan results :

System Progressive Protection

System Progressive Protection Alert

Download Removal Tool and Save It as “Explorer.exe” On Desktop and Run It!

System Progressive Protection shows a pre-determined list of infections which are genuine and all the reports infections are nowhere present on your computer. This is just a scare tactic to get your worried so that you pull out your credit card and pay money to get rid of all the problems. We suggest you don’t pay attention to the bogus alerts popping up everywhere in your computer. System Progressive Protection virus is behind all the strange things happening in your computer. Here is what it does when active inside your computer :

1. It blocks all legitimate programs from running and tells you that they are infected with malware.You can’t even run Notepad when the program is running. Try to run it and you’ll get this alert :

System Progressive Protection Alert
2. It manipulates many settings inside your computer and even fake alerts pop-up from system tray :

System Progressive Protection Fake Alert

3. It makes your computer slow and tries to download even more malware to your computer.
4. It won’t let you access Internet and block all the tools you might use against it.
5. You won’t be able to access registry editor, Task Manager or other applications which might help you remove it.
6. It will launch itself at startup and won’t give you a chance to close it.
7. Latest variants of System Progressive Protection are showing much aggressive behavior and even running in Safe Mode.
8. It will force you to purchase the product all the time and every second pop-up will push you to purchase the software. Their purchase page looks like :

System Progressive Protection Purchase Page

9. Lots of different scary alerts will pop-up and better ignore all those messages and warnings without a second thought.

System Progressive Protection is a fake software and can’t help you with anything. Before your computer gets infected with more dangerous malware, remove this fake product and all its traces now to get your computer in good shape again. You can follow the removal steps in next part of the guide.

How To Remove System Progressive Protection

Before the malware invades your computer, you can remove it yourself by following the removal guidelines outlined below. These removal methods are 100% tested against the malware and work all the time without any fail. We’ve tested these methods ourselves before publishing them on the website. You can see the removal video below just to know how the removal process works.

There are two removal methods you can utilize to get rid of System Progressive Protection and we’ll outline both removal methods below. First removal method is by far the most popular one and doesn’t require any sort of work on your side. Second removal method is tedious and It is less efficient in most cases.

1. Automatically Remove System Progressive Protection

As you can understand yourself, this method is all about removing the malware with a genuine and trusted anti-malware application. Scammers are coming up with new malware everyday while security companies are releasing new updates everyday to combat with the malware. You can remove System Progressive Protection automatically by following these steps :

A) When this bogus software is running in your computer, click on Start—>Run and type “http://www.rogueavremovals.com/remover.php” and click OK button. Alternatively, you can also click on this button :

B) This will start downloading the removal tool from our website. Save the file you are downloading as “explorer.exe” on desktop. Please note that you MUST save the file as “explorer.exe” and If you’ve downloaded it with a different name, rename the file to “explorer.exe”.

You might be wondering why we are stressing so much on the file name? This is because System Progressive Protection can’t close critical processes of Windows and “explorer.exe” is one of them. It is a trick to fool the malware into thinking that you are running a windows process while in reality you are launching a software to assassinate it.

C) After downloading “explorer.exe” on desktop, double click over it and you’ll see that System Progressive Protection will get terminated automatically. Please note that the software is not out from your computer but closed temporarily so that It can’t interfere with removal process.

D) Now the download of Spy Hunter will automatically start and you need to wait for a few minutes until the software is fully installed in your computer. Once the software is installed, do a full scan of your computer and It will catch all the instances of System Progressive Protection malware as well as all the other threats hiding inside your computer. Here are the scan results showing malware inside the computer :

System Progressive Protection Detected
Automatic Removal method is the safest and most effective method to remove the rogue software as well as all its traces. Even if you don’t know anything about computer’s or haven’t dealt with a malware before, automatic removal is your best bet.

Here is the removal video of System Progressive Protection from our research lab. See this video to learn how to remove the malware :

B) How To Remove System Progressive Protection Manually

Removing System Progressive Protection manually is a tedious task and requires lot of efforts on your part. If you are not well versed with computers, following manual removal steps may create even more problems. Manual removal means, you need to remove everything yourself without any from other means. If you are leaning towards removing System Progressive Protection manually, please keep in mind the followings :

1. Manual removal is not always successful and success rate is low compared to automatic removal method.
2. If you are not sure how to edit registry and delete files, don’t do anything based on your guesswork.
3. It is nearly impossible to catch all strains of the virus manually because you can’t check every single file on PC.
4. Manual removal steps may get outdated at anytime If malware changes its way of working.
5. Manual removal can invite additional problems If not followed correctly.

Here are the manual removal steps and please follow them carefully :

1. Download Process Explorer and save it as “explorer.exe” on desktop. Process Explorer is a utility from Microsoft which works exactly as Task Manager.

2. After downloading Process Explorer, click on “explorer.exe” to launch Process Explorer. Locate the process of System Progressive Protection (It will have strange file name), right click over it and select “End Process Tree”. Click “Yes” on the appeared dialog box. This will close System Progressive Protection forcefully.

3. Now locate these malicious files on your computer and delete them :

%CommonAppData%\<random numbers and chars>\
%CommonAppData%\<random numbers and chars>\<random numbers and chars>.exe
%CommonAppData%\<random numbers and chars>\<random numbers and chars>.ico

Search for suspicious files in above folders and delete them. make sure that you delete the files manually so that you don’t face additional problems with your computer.

4. Run Registry Editor (Click on Start—>Run, type “regedit” and click OK) and delete startup entries of malware :

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “<random numbers and chars>”

Please note that Registry Editor is the essential part of your computer and editing it incorrectly may cause serious further problems to your computer.

5. After removing the malicious registry entries, look inside more folders on your computer to make sure there are no strains of virus on your computer. It is always beneficial to scan your computer with a software to make sure nothing is left on your computer.

After following above steps, your computer should be back on track. If you follow any problems with manual removal steps, you can always try automatic removal method instead. If you’ve any questions or concerns, please post here and we’ll answer those publicly.

 Posted by at 8:30 am
Web Analytics