Loading ...
Português|
|
Tweet |  More |
Virus Doctor Description
Virus Doctor is a fake anti-virus application that is a textbook example of how rogue anti-virus programs attacks are able to steal money from their victims. Virus Doctor is linked to the website virus-doctor.com, where victims are instructed to enter their credit card information in exchange for a ‘full version’ of this useless application. Virus Doctor, first seen in 2009, is one of the first examples of fake anti-virus programs and is notable in being the basis for a very large family of rogue anti-virus programs with dozens of members. In fact, new members of the Virus Doctor family of rogue anti-virus programs are detected every day. Fortunately, Virus Doctor’s age and reputation make it reasonably easy to deal with since most legitimate security programs will have a detailed account of how the Virus Doctor infection works and how to remove it. Some of the many known clones of Virus Doctor include older fake security programs like Security Shield as well as the newest batch of members of the Rogue.VirusDoctor family released in 2012, which includes such fake security programs as Windows Firewall Constructor, Windows Trojans Sleuth, Windows Malware Sleuth, Windows PRO Scanner and Windows Firewall Constructor.
If You Want Your PC to Stay Healthy, Definitely Avoid a Check-Up with Virus Doctor
Like most rogue anti-virus programs, Virus Doctor claims that Virus Doctor can carry out all kinds of advanced security tasks, such as monitoring your firewall, downloads and system security. These are all lies – ESG security analysts have found that Virus Doctor has no way to remove or detect malware. This fake security product has been programmed to do nothing but display multiple misleading error messages until victims are scared enough to believe that they need to purchase Virus Doctor to fix the imaginary threats on their computer. Virus Doctor has been known to be associated with Google redirects in order to lead computer users to malicious websites promoting Virus Doctor and its many clones. Components of Virus Doctor have also been found to shut down legitimate security programs and Windows components that are usually needed to deal with malware (such as the Windows Registry Editor and Task Manager). Sometimes, depending on the case, it may be compulsory to start up Windows in Safe Mode or from a removable drive in order to ensure that Virus Doctor cannot start up automatically and interfere with programs used for its removal.
Type: Rogue AntiSpyware Programs
Aliases: Virus Doctor 2.1.4.12, Virus Doctor Freeware.
How Can You Detect Virus Doctor?
Virus Doctor Technical Report
As new Virus Doctor details are reported by our customers and findings from our Threat Research Center, we will update this section.
Author url of Virus Doctor:
- Virusdoctor-online.com
The following Virus Doctor files with its MD5s were created in the system:
| File Name | File Size | MD5 |
|---|
| VirusDoctor[1].exe | 1710074 | 92f0b996b7a93751448856931b8d7e68 |
| VDoc2636.exe | 1388032 | e05775cceef42b4df04d8ad4c53d1d25 |
| VDoctor.exe | 1767936 | b4aee27229aced06f4aebca7f1c2ca32 |
| VDoctor.exe | 1767936 | bb0aa7f23dc1f45188520975f750e3e4 |
| VDoctor.exe | 1718272 | d4f8184b0a576e8fae8380b82bc5b129 |
| VDoctor.exe | 1767936 | ec62a31eecb1c0bcc9ff3fe54c60f652 |
| VDocd201.exe | 1388544 | 635ab761d6e8a486a7cc431271013222 |
Virus Doctor Removal Details
Virus Doctor has typically the following processes in memory:
- c:\Documents and Settings\All Users\Application Data\927e\mozcrt19.dll
- %PROGRAMDATA%\dd09\VDoc2636.exe
- c:\Documents and Settings\All Users\Application Data\927e\VDoca582.exe
- VirusDoctor[1].exe
- c:\Documents and Settings\All Users\Application Data\927e\unins000.exe
- c:\Documents and Settings\All Users\Application Data\927e\sqlite3.dll
- VDoctor.exe
Virus Doctor creates the following files in the system:
- %UserProfile%\Start Menu\Programs\Virus Doctor.lnk
- %UserProfile%\Application Data\Virus Doctor\settings.ini
- c:\Documents and Settings\All Users\Application Data\927e\unins000.dat
- c:\Documents and Settings\All Users\Application Data\927e\System Data Configuration\DBInfo.ver
- c:\Documents and Settings\All Users\Application Data\927e\Languages\VDFr.lng
- c:\Documents and Settings\All Users\Application Data\System Data Configuration\config.cfg
- Virus Doctor.lnk
- %UserProfile%\Start Menu\Virus Doctor.lnk
- %UserProfile%\Application Data\Virus Doctor\uill.ini
- c:\Documents and Settings\All Users\Application Data\927e
- c:\Documents and Settings\All Users\Application Data\927e\System Data Configuration\vd952342.bd
- c:\Documents and Settings\All Users\Application Data\927e\Languages\VDDe.lng
- c:\Documents and Settings\All Users\Application Data\System Data Configuration
- c:\Documents and Settings\All Users\Application Data\System Data Configuration\DB.ini
- %UserProfile%\Desktop\Virus Doctor.lnk
- %UserProfile%\Application Data\Virus Doctor
- %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Virus Doctor.lnk
- c:\Documents and Settings\All Users\Application Data\927e\System Data Configuration
- c:\Documents and Settings\All Users\Application Data\927e\Languages
- c:\Documents and Settings\All Users\Application Data\927e\Languages\VDIt.lng
- c:\Documents and Settings\All Users\Application Data\System Data Configuration\fsvd6398.db
- Virus Doctor
Virus Doctor created the following directories, files, paths:
- %AppData%\Virus Doctor
Virus Doctor creates the following registry entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “URVDoc[]”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virus Doctor_is1
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Virus Doctor”
Important Article Disclaimer
Virus Doctor
Leave a Comment
Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.