Windows Personal Doctor

March 8th, 2012
Home » Rogue Antispyware » Windows Personal Doctor
Repair and protect your computer easily. Download Windows Personal Doctor removal tool  

Windows Personal Doctor description

Windows Personal Doctor is a fake security tool which gains to trick users into believing their PC is infected and need being healed with its numerous fake warning messages that state about PC infections. The parasite downloads itself automatically without users knowledge and consent.

Malware starts to imitate computer scans and displays mass of security alerts:

Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

Warning! Virus Detected
Threat detected: FTP Server

Infected file: C:\Windows\System32\dllcache\wmpshell.dll

Do not fall for this scam because Windows Personal Doctor is not able to provide any actual computer protection service. It only gains to pilfer money from unwary users. Windows Personal Doctor can redirect your browser to misleading web pages that sell the program. Ignore all notifications and offers but choose decent spyware scanner and remove Windows Personal Doctor upon detection.

Manual Windows Personal Doctor Removal


Windows Personal Doctor processes:

Protector-.exe
Help: A Guideline of Killing Malicious Processes


Windows Personal Doctor registry values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-3-7_2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rb32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows.exe
Help: How to edit windows registry entries


Windows Personal Doctor DLLs:

NPSWF32.dll


Other malicious Windows Personal Doctor files:

%AppData%\NPSWF32.dll
%AppData%\Protector-.exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Personal Detective.lnk
%Desktop%\Windows Personal Detective.lnk

The manual removal of files and registries should be performed by experienced users. A system can be badly affected if any error is done during the manual removal. We recommend using automatic removal tools to delete Windows Personal Doctor, if you are not familiar with deleting malware manually.

Leave a Reply