Monday 3 June 2013

System doctor 2014

System doctor 2014 is a fake anti-spyware tool. It displays fake alert messages, prevent execution of legit programs and detects inexistent infections to scare users.
It is a clone of System Care Antivirus, AVASoft Professional Antivirus, Disk Antivirus Professional, System Progressive Protection, Live Security Platinum, Smart Fortress 2012, Smart Protection 2012, Personal Shield Pro.

This one is multilanguage:

 Main windows:

Very funny broken language in French for example when you enter a bad serial:
"Vous avez entré un code d'enregistrement valide!"
English translation: You have entered a valid registration code!

To register (and help removal), copy paste this code: AF03E-DC96946D-23696B92-EF870D7C-67F6978A or AA39754E-715219C

 Psychedelic art:

Note for reverse engineers ~

• dns: 1 ›› ip: 95.211.229.159 - adresse: SYS-DOCTOR.COM

The file is named 'scarav' and install currently System Care Antivirus.

Payement processor for FakeAV:
smt-sps.com.tn/clicktopay/Avasoft/pay.aspx - 193.95.113.157
 The path is /Avasoft/

7 comments:

  1. The art frightens me. Confusing...
    Maybe a signature or "tag"?

    Nice work btw! What's that on 0012FD48?

    ReplyDelete
  2. T'es un putain de chevalier blanc du net, je lis tout tes articles en écoutant cette musique, ça me met plus dans l'ambiance ^^
    http://www.youtube.com/watch?v=oijunPaCRZo

    Bonne continuation !

    ReplyDelete
  3. Should it be "vous devez", right?

    ReplyDelete
  4. Is the download of System care antivirus on the site an activated copy?
    It actually found legit malwares(other rogues and trojans) on my VM and removed them for me.
    There is even an uninstall button.

    ReplyDelete
    Replies
    1. because they use (steal) the ClamAV database.

      Delete
  5. if the payment process link was to paypal, will say that paypal should be blacklisted ?

    ReplyDelete
    Replies
    1. Paypal would take care to remove them, but this one absolutely don't care.
      And it's not the first time that this payement processor is used for malware.

      Delete