What is WinPCDoctor?
- Type: Spyware
- Category: Rogue Programs
- Discovered: 1 June 2008
- Removal tools: Malwarebytes' Anti-Malware, Spyware Doctor
1. Introduction
This program is known as rogue computer security software. The first discernible feature is a popup in the taskbar area saying that "your computer is infected", which after clicking on it is directing user to WinPCDoctor webpage and asking him to download application so that computer scan could be performed. After malware search, the report is given which contains simulated PC infections in order to scare user and make him to transfer money for commercial program version, which (as WinPCDoctor claims) will remove found malware. But in fact program will not act as promised because it is not able to clean computer system properly.
2. WinPCDoctor removal tools:
- Malwarebytes' Anti-Malware (for the installation guide click here)
- Spyware Doctor (for the installation guide click here)
3. Screenshot:
4. WinPCDoctor files:
setup_en.exe (setup file), strpmon.exe, SysRep.exe, ucookw.exe5. Hijackthis entries:
O4 Entries:
O4 - HKLM\..\Run: [WinPCDoctor] C:\Program Files\WinPCDoctor\SysRep.exe
O4 - HKLM\..\Run: [ucookw] "C:\PROGRA~1\WINPCD~1\ucookw.exe" -start
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com ad=http://winpcdoctor.com sd=http://inspaid.winpcdoctor.com
O4 - HKLM\..\Run: [WinPCDoctor] C:\Program Files\WinPCDoctor\SysRep.exe
O4 - HKLM\..\Run: [ucookw] "C:\PROGRA~1\WINPCD~1\ucookw.exe" -start
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com ad=http://winpcdoctor.com sd=http://inspaid.winpcdoctor.com