Beware of this Misleading Application
by Frank Jovine on 02/05/2009 in Fake Antivirus, Security
There’s a new threat on the internet called Virus Doctor. This misleading application may give exaggerated reports of threats on your computer.
Risk Impact: Medium
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, and Windows 2000.
The program may be downloaded from the following location: [http://]www.virus-doctor.com
The program creates the following registry entry so that it executes whenever Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”Virus Doctor” = “C:\Documents and Settings\All Users\Application Data\[RANDOM]\VDo[RANDOM].exe” /s /d”"
It also creates the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virus Doctor_is1
Removal: Symantec provides the following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines. Visit the link below.
http://www.symantec.com/norton/security_response/writeup.jsp?docid=2009-020410-5338-99&tabid=3
Athlonite
Feb 5th, 2009
Hey Frank !
You might be friends with WOT but , Finjan thinks this page is bad. I was doing a little bit of research and came upon this entry in Google. Thought you might want to have a word with the good folks at Finjan :
http://www.finjan.com/Content.aspx?id=1190&url=http%3A%2F%2Fwww.techjaws.com%2Fbeware-of-this-misleading-application%2F&state=unsafe&category=Other%2C%20Computing%20and%20Internet&reason=Potentially%20malicious%20behavior%20was%20detected%20on%20this%20page%3A%20-Code%20Obfuscation%20(Home-Encoding)%20&more=.
I like your article but, not so much the Norton part. I left a word on WOT in your post about this threat.
Athlonite.
Frank J
Feb 5th, 2009
I wrote them the following;
To whom it may concern,
Your claim on your site https://www.finjan.com/form.aspx?id=41 about this blog post is absolutely 100% incorrect. Please make sure you remove this claim as techjaws.com helps and provides news about security and other related Tech/Sci news. We are a trusted site by many other sites including mywot.com
I am also copying the contact at WOT (Web of Trust) wot about your false claim.
Athlonite
Feb 5th, 2009
Hey Frank !
Good, I hope they listen. I don’t like when our good tech help sites get labeled. They even had AumHa http://aumha.net/ as a iffy site at one point. You guys are our only source for fast info. on what’s happening.
Athlonite.
Frank J
Feb 5th, 2009
You and me both! Thank you for your reply, I appreciate it very much!