Thirtyseven4 AntiVirus, AntiMalware, AntiRootkit Protects Against AntiMalware Doctor

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware


	FRAUDTOOL.ANTIMALWAREDOC

Name:

Fraudtool.AntiMalwareDoc

Added:

May 7, 2011

Type:

Fraudtool

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

Description:

Fraudtool.AntiMalwareDoc is polymorphic in nature that performs the following activities:

After execution, it drops the following files:

C:\Documents and Settings\Administrator\Desktop\asecpp70.exe
C:\Documents and Settings\Administrator\Desktop\enemies-names.txt
C:\Documents and Settings\Administrator\Desktop\local.ini

It creates/modifies the following registry entries for auto execution:

- HKU\S-1-5-21-796845957-2147225909-682003330-500\Software\Microsoft\Windows\CurrentVersion\Run\asecpp70.exe:
"C:\Documents and Settings\Administrator\Desktop\asecpp70.exe"

- HKU\S-1-5-21-796845957-2147225909-682003330-500\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor\DisplayIcon: "C:\Documents and
Settings\Administrator\Desktop\asecpp70.exe,0"

- HKU\S-1-5-21-796845957-2147225909-682003330-500\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor\DisplayName: "Antimalware Doctor"

- HKU\S-1-5-21-796845957-2147225909-682003330-500\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor\UninstallString: "C:\Documents and Settings\Administrator\Desktop\asecpp70.exe /uninstall"

After execution it displays the following fake threat messages and forces the user to purchase the software in order to remove the fake threats:

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware




		Malware problems? We can help.



		Evaluate Thirtyseven4 Antivirus Now

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4