Fraudtool.Win32.PCDoc

By Domesticus in Trojans

Translate To:

Fraudtool.Win32.PCDoc is a Windows platform Trojan that disguises itself as a legitimate anti-spyware application. Fraudtool.Win32.PCDoc may enter a system through drive-by downloads or when visiting malicious websites. Once inside a system, Fraudtool.Win32.PCDoc will launch bogus warnings, pop-ups and online scan results causing a user to go into alarm and purchase the maliciously recommended rogue security application. Fraudtool.Win32.PCDoc may also download addition computer threats onto a compromised system.

File System Details

Fraudtool.Win32.PCDoc may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	%ProgramFiles%\PC Doc Pro v5\unins000.exe
Name: %ProgramFiles%\PC Doc Pro v5\unins000.exe Type: Executable File
2.	%ProgramFiles%\PC Doc Pro v5\PC Doc Pro Scheduler.exe
Name: %ProgramFiles%\PC Doc Pro v5\PC Doc Pro Scheduler.exe Type: Executable File
3.	%ProgramFiles%\PC Doc Pro v5\eWebClient.dll
Name: %ProgramFiles%\PC Doc Pro v5\eWebClient.dll Type: Dynamic link library
4.	%Temp%\ESW1.tmp\d_PcDocPro_Setup.exe
Name: %Temp%\ESW1.tmp\d_PcDocPro_Setup.exe Type: Executable File
5.	%ProgramFiles%\PC Doc Pro v5\Update.exe
Name: %ProgramFiles%\PC Doc Pro v5\Update.exe Type: Executable File
6.	%ProgramFiles%\PC Doc Pro v5\PC Doc Pro Uninstaller.exe
Name: %ProgramFiles%\PC Doc Pro v5\PC Doc Pro Uninstaller.exe Type: Executable File
7.	%ProgramFiles%\PC Doc Pro v5\eWebControl365.dll
Name: %ProgramFiles%\PC Doc Pro v5\eWebControl365.dll Type: Dynamic link library
8.	%Temp%\is-K7IMC.tmp\_isetup\_shfoldr.dll
Name: %Temp%\is-K7IMC.tmp\_isetup\_shfoldr.dll Type: Dynamic link library
9.	%System%\drivers\dfg.sys
Name: %System%\drivers\dfg.sys Type: System file
10.	%ProgramFiles%\PC Doc Pro v5\PC Doc Pro.exe
Name: %ProgramFiles%\PC Doc Pro v5\PC Doc Pro.exe Type: Executable File
11.	%ProgramFiles%\PC Doc Pro v5\PC Doc Pro Cleanup.exe
Name: %ProgramFiles%\PC Doc Pro v5\PC Doc Pro Cleanup.exe Type: Executable File
12.	%ProgramFiles%\PC Doc Pro v5\Eraser.exe
Name: %ProgramFiles%\PC Doc Pro v5\Eraser.exe Type: Executable File
13.	%ProgramFiles%\PC Doc Pro v5\PC Doc Pro.ini
Name: %ProgramFiles%\PC Doc Pro v5\PC Doc Pro.ini
14.	%Temp%\is-K7IMC.tmp\_isetup\_RegDLL.tmp
Name: %Temp%\is-K7IMC.tmp\_isetup\_RegDLL.tmp Type: Temporary File
15.	%CommonPrograms%\PC Doc Pro v5\Uninstall PC Doc Pro v5.lnk
Name: %CommonPrograms%\PC Doc Pro v5\Uninstall PC Doc Pro v5.lnk Type: Shortcut
16.	%ProgramFiles%\PC Doc Pro v5\unins000.dat
Name: %ProgramFiles%\PC Doc Pro v5\unins000.dat Type: Data file
17.	%ProgramFiles%\PC Doc Pro v5\PC Doc Pro.bin
Name: %ProgramFiles%\PC Doc Pro v5\PC Doc Pro.bin Type: Binary File
18.	%DesktopDir%\PC Doc Pro v5.lnk
Name: %DesktopDir%\PC Doc Pro v5.lnk Type: Shortcut
19.	%ProgramFiles%\PC Doc Pro v5\Version.dat
Name: %ProgramFiles%\PC Doc Pro v5\Version.dat Type: Data file
20.	%ProgramFiles%\PC Doc Pro v5\PC Doc Pro.dat
Name: %ProgramFiles%\PC Doc Pro v5\PC Doc Pro.dat Type: Data file
21.	%Temp%\is-JTH64.tmp\d_PcDocPro_Setup.tmp
Name: %Temp%\is-JTH64.tmp\d_PcDocPro_Setup.tmp Type: Temporary File
22.	%CommonPrograms%\PC Doc Pro v5\PC Doc Pro v5.lnk
Name: %CommonPrograms%\PC Doc Pro v5\PC Doc Pro v5.lnk Type: Shortcut

Registry Details

Fraudtool.Win32.PCDoc may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\eSellerate\Affiliates\PUB1778953386\SKU45089540276]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebSDK.365\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebResultData.365.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebResultData.365\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebPrefillData.365]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AxeServer.AxeNV.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AxeServer.AxeNV\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FD96BC95-A0B9-4533-B0D3-8D47E9924D34}\1.0\FLAGS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24158A0E-DA05-4591-BA7D-D85D801E3F11}\1.0]

[HKEY_CURRENT_USER\Software\eSellerate\Affiliates\PUB1778953386\SKU45089540276]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dfg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebSDK.365.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebResultData.365.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebResultData.365\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebPrefillData.365.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebPrefillData.365\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AxeServer.AxeNV]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FD96BC95-A0B9-4533-B0D3-8D47E9924D34}\1.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FD96BC95-A0B9-4533-B0D3-8D47E9924D34}\1.0\0\win32]

[HKEY_CURRENT_USER\Software\PC Doc Pro2008]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dfg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Doc Pro]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebSDK.365\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebResultData.365]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebPrefillData.365.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebPrefillData.365\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AxeServer.AxeNV.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AxeServer.AxeNV\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FD96BC95-A0B9-4533-B0D3-8D47E9924D34}\1.0\HELPDIR]

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Fraudtool.Win32.PCDoc

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen