English 
Virus Doctor Virus Doctor
By
LoneStar in Rogue Anti-Spyware Program |
0 views
(No Ratings Yet)
Loading ...
Virus Doctor Description
Virus Doctor, or VirusDoctor, is a rogue anti-spyware program. After installed, Virus Doctor may display fake alert notifications and online advertising to make the user believe his/her computer is infected with spyware. Once the user closes the popup, he/she will be redirected to a malicious website pretending to be an online anti-malware scanner. Virus Doctor may scan the user’s computer system and display a fake list of supposed infections. In order to remove these imaginary malware, the user must download and install Virus Doctor’s full version.
In addition, while running Virus Doctor’s fake system scan, the user may receive various alerts, such as: fake firewall, found Spyware, Spam bot being detected, unauthorized remote connections, and hidden remote connection alerts. Some alerts may read:
“An unidentified program tries to access your computer”
“Malicious applications which can contain trojans found on your PC need to be immediately removed. Click here to remove these potentially harmful items immediately with Virus Doctor”
“An unauthorized program has been prevented from accessing your PC.#Port:433 from 92.11.127.10″
Furthermore, Virus Doctor may cause computer slowdowns, damage data and may even destabilize Windows. Virus Doctor is not a solution to the threats it alleges to remove. Virus Doctor is the threat itself.
Type: Rogue AntiSpyware Programs
Automatic Detection of Virus Doctor
Virus Doctor Technical Report
As new Virus Doctor details are reported by our customers and findings from our Threat Research Center, we will update this section.
The following Virus Doctor files with its MD5s were created in the system:
| File Name | File Size | MD5 |
|---|
| VirusDoctor[1].exe | 1710074 | 92f0b996b7a93751448856931b8d7e68 |
| VDoc2636.exe | 1388032 | e05775cceef42b4df04d8ad4c53d1d25 |
| VDoctor.exe | 1767936 | b4aee27229aced06f4aebca7f1c2ca32 |
| VDoctor.exe | 1767936 | bb0aa7f23dc1f45188520975f750e3e4 |
| VDoctor.exe | 1718272 | d4f8184b0a576e8fae8380b82bc5b129 |
| VDoctor.exe | 1767936 | ec62a31eecb1c0bcc9ff3fe54c60f652 |
| VDocd201.exe | 1388544 | 635ab761d6e8a486a7cc431271013222 |
Virus Doctor has typically the following processes in memory:
- c:\Documents and Settings\All Users\Application Data\927e\mozcrt19.dll
- %PROGRAMDATA%\dd09\VDoc2636.exe
- c:\Documents and Settings\All Users\Application Data\927e\VDoca582.exe
- VirusDoctor[1].exe
- c:\Documents and Settings\All Users\Application Data\927e\unins000.exe
- c:\Documents and Settings\All Users\Application Data\927e\sqlite3.dll
- VDoctor.exe
Virus Doctor created the following directories, files, paths:
- %AppData%\Virus Doctor
Virus Doctor creates the following registry entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “URVDoc[]”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virus Doctor_is1
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Virus Doctor”
Important Article Disclaimer
