Home Malware Programs Trojans Fraudtool.Win32.PCDoc

Fraudtool.Win32.PCDoc

Posted: January 27, 2010

Fraudtool.Win32.PCDoc is a malicious application which spies on the computer user's Internet activities and uses the information to produce related advertisements. The advertisements, mostly pop-up ads, act as scareware and convince the user that the system has become infected with viruses. The main aim of Fraudtool.Win32.PCDoc's developers is to sell unwary computer users a defunct anti-spyware program. Do not fall for this trickery and have Fraudtool.Win32.PCDoc removed with reliable software.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %CommonPrograms%\PC Doc Pro v5\PC Doc Pro v5.lnk
    2 %CommonPrograms%\PC Doc Pro v5\Uninstall PC Doc Pro v5.lnk
    3 %DesktopDir%\PC Doc Pro v5.lnk
    4 %ProgramFiles%\PC Doc Pro v5\Eraser.exe
    5 %ProgramFiles%\PC Doc Pro v5\eWebClient.dll
    6 %ProgramFiles%\PC Doc Pro v5\eWebControl365.dll
    7 %ProgramFiles%\PC Doc Pro v5\PC Doc Pro Cleanup.exe
    8 %ProgramFiles%\PC Doc Pro v5\PC Doc Pro Scheduler.exe
    9 %ProgramFiles%\PC Doc Pro v5\PC Doc Pro Uninstaller.exe
    10 %ProgramFiles%\PC Doc Pro v5\PC Doc Pro.bin
    11 %ProgramFiles%\PC Doc Pro v5\PC Doc Pro.dat
    12 %ProgramFiles%\PC Doc Pro v5\PC Doc Pro.exe
    13 %ProgramFiles%\PC Doc Pro v5\PC Doc Pro.ini
    14 %ProgramFiles%\PC Doc Pro v5\unins000.dat
    15 %ProgramFiles%\PC Doc Pro v5\unins000.exe
    16 %ProgramFiles%\PC Doc Pro v5\Update.exe
    17 %ProgramFiles%\PC Doc Pro v5\Version.dat
    18 %System%\drivers\dfg.sys
    19 %Temp%\ESW1.tmp\d_PcDocPro_Setup.exe
    20 %Temp%\is-JTH64.tmp\d_PcDocPro_Setup.tmp
    21 %Temp%\is-K7IMC.tmp\_isetup\_RegDLL.tmp
    22 %Temp%\is-K7IMC.tmp\_isetup\_shfoldr.dll

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run][HKEY_CURRENT_USER\Software\PC Doc Pro2008][HKEY_CURRENT_USER\Software\eSellerate\Affiliates\PUB1778953386\SKU45089540276][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AxeServer.AxeNV.1\CLSID][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AxeServer.AxeNV.1][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AxeServer.AxeNV\CLSID][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AxeServer.AxeNV\CurVer][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AxeServer.AxeNV][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24158A0E-DA05-4591-BA7D-D85D801E3F11}\1.0][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FD96BC95-A0B9-4533-B0D3-8D47E9924D34}\1.0\0\win32][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FD96BC95-A0B9-4533-B0D3-8D47E9924D34}\1.0\FLAGS][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FD96BC95-A0B9-4533-B0D3-8D47E9924D34}\1.0\HELPDIR][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FD96BC95-A0B9-4533-B0D3-8D47E9924D34}\1.0][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebPrefillData.365.1\CLSID][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebPrefillData.365.1][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebPrefillData.365\CLSID][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebPrefillData.365\CurVer][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebPrefillData.365][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebResultData.365.1\CLSID][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebResultData.365.1][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebResultData.365\CLSID][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebResultData.365\CurVer][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebResultData.365][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebSDK.365.1\CLSID][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebSDK.365\CLSID][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eWebSDK.365\CurVer][HKEY_LOCAL_MACHINE\SOFTWARE\eSellerate\Affiliates\PUB1778953386\SKU45089540276]HKEY..\..\..\..{RegistryKeys}[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dfg][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dfg]HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}PC Doc Pro]
Loading...