MalwareDoctor

Behavior
This misleading application must be manually downloaded and installed.

The program reports false or exaggerated system security threats on the computer.




The user is then prompted to pay for a full license of the application in order to remove the threats.





Installation
When the program is executed, it creates the following files:

• C:\Documents and Settings\All Users\Start Menu\Programs\Malware Doctor\Malware Doctor.lnk
• %ProgramFiles%\Malware Doctor\GUI\help.htm
• %ProgramFiles%\Malware Doctor\GUI\images\about.png
• %ProgramFiles%\Malware Doctor\GUI\images\banner.png
• %ProgramFiles%\Malware Doctor\GUI\images\button-back-active.png
• %ProgramFiles%\Malware Doctor\GUI\images\button-back-hover.png
• %ProgramFiles%\Malware Doctor\GUI\images\button-back.png
• %ProgramFiles%\Malware Doctor\GUI\images\focusled.png
• %ProgramFiles%\Malware Doctor\GUI\images\greenpoint.png
• %ProgramFiles%\Malware Doctor\GUI\images\header-hover.png
• %ProgramFiles%\Malware Doctor\GUI\images\header.jpg
• %ProgramFiles%\Malware Doctor\GUI\images\header.png
• %ProgramFiles%\Malware Doctor\GUI\images\header_right.jpg
• %ProgramFiles%\Malware Doctor\GUI\images\help.ico
• %ProgramFiles%\Malware Doctor\GUI\images\noconnection.png
• %ProgramFiles%\Malware Doctor\GUI\images\ok.png
• %ProgramFiles%\Malware Doctor\GUI\images\options.ico
• %ProgramFiles%\Malware Doctor\GUI\images\options.png
• %ProgramFiles%\Malware Doctor\GUI\images\progress-back.png
• %ProgramFiles%\Malware Doctor\GUI\images\progress-body-dark.png
• %ProgramFiles%\Malware Doctor\GUI\images\progress-body.png
• %ProgramFiles%\Malware Doctor\GUI\images\protect.png
• %ProgramFiles%\Malware Doctor\GUI\images\protection.ico
• %ProgramFiles%\Malware Doctor\GUI\images\redpoint.png
• %ProgramFiles%\Malware Doctor\GUI\images\regicon.png
• %ProgramFiles%\Malware Doctor\GUI\images\register.png
• %ProgramFiles%\Malware Doctor\GUI\images\scan.ico
• %ProgramFiles%\Malware Doctor\GUI\images\sectionheader.png
• %ProgramFiles%\Malware Doctor\GUI\images\sectionheaderred.png
• %ProgramFiles%\Malware Doctor\GUI\images\shield.png
• %ProgramFiles%\Malware Doctor\GUI\images\status.ico
• %ProgramFiles%\Malware Doctor\GUI\images\stripback.png
• %ProgramFiles%\Malware Doctor\GUI\images\support.png
• %ProgramFiles%\Malware Doctor\GUI\images\tab-hover.png
• %ProgramFiles%\Malware Doctor\GUI\images\tab.png
• %ProgramFiles%\Malware Doctor\GUI\images\tabback.png
• %ProgramFiles%\Malware Doctor\GUI\images\thanx.png
• %ProgramFiles%\Malware Doctor\GUI\images\toolbarback.png
• %ProgramFiles%\Malware Doctor\GUI\images\update.ico
• %ProgramFiles%\Malware Doctor\GUI\images\update.png
• %ProgramFiles%\Malware Doctor\GUI\images\warning.png
• %ProgramFiles%\Malware Doctor\GUI\images\warningicon.png
• %ProgramFiles%\Malware Doctor\GUI\index.htm
• %ProgramFiles%\Malware Doctor\GUI\main.css
• %ProgramFiles%\Malware Doctor\GUI\options.htm
• %ProgramFiles%\Malware Doctor\GUI\protect.htm
• %ProgramFiles%\Malware Doctor\GUI\register.htm
• %ProgramFiles%\Malware Doctor\GUI\r_index.htm
• %ProgramFiles%\Malware Doctor\GUI\r_protect.htm
• %ProgramFiles%\Malware Doctor\GUI\r_support.htm
• %ProgramFiles%\Malware Doctor\GUI\status.htm
• %ProgramFiles%\Malware Doctor\GUI\support.htm
• %ProgramFiles%\Malware Doctor\GUI\update.htm
• %ProgramFiles%\Malware Doctor\htmlayout.dll
• %ProgramFiles%\Malware Doctor\maincfg.xml
• %ProgramFiles%\Malware Doctor\Malware Doctor.exe
• %ProgramFiles%\Malware Doctor\unins000.dat
• %ProgramFiles%\Malware Doctor\unins000.exe
• %ProgramFiles%\Malware Doctor\Validation.dll

It also creates the following registry subkeys:

• HKEY_CURRENT_USER\Software\Malware Doctor
• HKEY_LOCAL_MACHINE\SOFTWARE\Malware Doctor
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Doctor_is1

Summary