What is WinPCDoctor?
This program is known as rogue computer security software. The first discernible feature is a popup in the taskbar area saying that "your computer is infected", which after clicking on it is directing user to WinPCDoctor webpage and asking him to download application so that computer scan could be performed. After malware search, the report is given which contains simulated PC infections in order to scare user and make him to transfer money for commercial program version, which (as WinPCDoctor claims) will remove found malware. But in fact program will not act as promised because it is not able to clean computer system properly.
WinPCDoctor removal tool:
- Spyware Doctor (see here for the installation guide)
Screenshot:
WinPCDoctor Entries:
The following files are created: setup_en.exe (setup file), strpmon.exe, SysRep.exe, ucookw.exe
Hijackthis Entries:
O4 Entries:
O4 - HKLM\..\Run: [WinPCDoctor] C:\Program Files\WinPCDoctor\SysRep.exe
O4 - HKLM\..\Run: [ucookw] "C:\PROGRA~1\WINPCD~1\ucookw.exe" -start
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com ad=http://winpcdoctor.com sd=http://inspaid.winpcdoctor.com
O4 - HKLM\..\Run: [WinPCDoctor] C:\Program Files\WinPCDoctor\SysRep.exe
O4 - HKLM\..\Run: [ucookw] "C:\PROGRA~1\WINPCD~1\ucookw.exe" -start
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com ad=http://winpcdoctor.com sd=http://inspaid.winpcdoctor.com