PDA

View Full Version : Sun Java Update 9 Detected as SystemDoctor2006



instantrunoff
2006-11-11, 18:59
Using the latest definitions, Spybot has detected C:\Documents and Settings\Administrator\Local Settings\Temp\ICD1.tmp\jinstall.exe, a file created during the install for Sun J2SE Runtime Environment 5.0 Update 9, as the trojan SystemDoctor2006. This appears to be a false positive; I installed Sun Java yesterday, and the next check brought this up. The properties for the file above appear consistent with the legit software. The Sun software is located at java.com

Zenobia
2006-11-12, 10:52
Me,too.It detected the empty folder as SystemDoctor2006.

SystemDoctor2006: Program directory (Directory, nothing done)
C:\Documents and Settings\Sonya\Local Settings\Temp\ICD1.tmp\

Da Gopha
2006-11-12, 14:50
Me,too.It detected the empty folder as SystemDoctor2006.

SystemDoctor2006: Program directory (Directory, nothing done)
C:\Documents and Settings\Sonya\Local Settings\Temp\ICD1.tmp\


I agree as well.
In addition to the SystemDoctor2006 detection in the same ICD1.tmp empty folder, I also see:

MediaMotor in ...\ICD2.tmp
and
Errorsafe in ...\ICD3.tmp.

These folders are empty.

These are only following the most recent detection updates, 10 Nov 2006.
I note that in the list of detections on http://www.safer-networking.org/en/index.html we see that these three programs are newly added to the detections list.

I think we're all pretty certain these are false detections...?!
Scan with McAfee Antispyware is clean.

Could these please be flagged for correction...?

Kind regards,
Gopha.

Buster
2006-11-13, 08:42
:oops: We will fix these false positives in our next detection update. Thanks for reporting!

Da Gopha
2006-11-13, 14:08
:oops: We will fix these false positives in our next detection update. Thanks for reporting!

Thanks very much! Looking forward to the corrected definitions at the end of this week...

Kind regards,
Gopha.

Da Gopha
2006-11-18, 19:09
Just confirming here that this week's set of updates have resolved these false detections...

Kind regards,
Gopha

egenius
2007-05-11, 00:03
sorry for reopening an old thread but i have just occured this problem.

i am using mozilla firefox and keep getting popups. scanning i have found that it is SystemDoctor2006. the expansion says that it is a tracking cookie for firefox, but the threat bar on the right hand side says that it is a trojan.

i'm assuming that it's not a case of false detections because i update it everytime before scanning.

i have "fixed" the selected problem multiple times but it keeps coming back. how do you suggest that i deal with the problem.

p.s. sending a private message is a reasonable method of responding to me

Yodama
2007-05-11, 14:04
hi,

hm, it is relatively rare to have the firefox infected, looks like the malware writers are getting on this as well :mad:

Please submit a scan and fix log, and maybe a screen shot of the popups.


pm also sent.

egenius
2007-05-18, 19:13
steluta we do not need advertising on this forum. the reason that we are here is so that we can find a way to get rid of spyware and advertising windows.

two pieces of spyware which are part of advertising are "systemdoctor2006" which has now been wiped from my machine and "blackcore".

tashi
2007-05-19, 00:23
The Spambot's posts were removed.

If anyone notices unremoved spam, please send me a PM. (PrivateMessage)

Thanks.