Name:

Trojan.SysDoct.gen

Descr. Added:

June 1, 2013

Type:

Trojan

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

Malware problems?   We can help.  Free Removal Tools.

Description:

When Trojan.SysDoct.gen is executed, it performs the following activities:

It installs the fake security application “System Doctor 2014”.




Once installed, it will display a fake alert showing that the system is badly infected.




It will drop the following files:
%AppData%\[RandomFolder]\[random].exe
%AppData%\[RandomFolder]\[random].ini
%AppData%\[RandomFolder]\[random].log
%AppData%\[RandomFolder]\[random].lst
%AppData%\[RandomFolder]\paid
%UserProfile%\Desktop\System Doctor 2014.lnk %UserProfile%\Start Menu\Programs\System Doctor 2014\System Doctor 2014 support.url
%UserProfile%\Start Menu\Programs\System Doctor 2014\Uninstall System Doctor 2014.lnk

e.g.
C:\Documents and Settings\374\Application Data\d5N4L\d5N4L.exe - WinXP C:\Users\374\AppData\Roaming\RDNdN9dR\RDNdN9dR.exe - Win7

The following registry entries are created:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SD2014"="%AppData%\\d5N4L\\d5N4L.exe"

Thirtyseven4 has been updated to contain location based detection (LNK.FraudTool.Gen) at:
%UserProfile%\Desktop\System Doctor 2014.lnk




Behavorial-based detection has also been added as “Trojan.SysDoct.gen” for this threat and future variations.  Thirtyseven4 customers are fully protected against this malware.