(The quickest way to register)

Forum

  1. User picture
    • Anonymous on Wed 06 Apr 2011
    • 10:31:33 PM UTC

    pcsafedoctor

    I recently came across to pcsafedoctor.com
    Since images speak better than words, please take a glance at the snaphots posted

    Uploaded with ImageShack.us

    1) pcsafedoctor claims to provide a "free antispyware scan"
    2) There is nothing free of course, you cannot fix any supposed thread or error found unless you pay
    3) They apparenrly provide only a 128 bit encryption
    4) No EULA is displayed during setup (37 Mb size)

    5) Ops
    MBAM Pro real time module detects a Trojan.Agent during setup,.I hit ignore

    6) A very fast scan starts: 33 "unknown" files detected (all legit XP SP3 system files and sandboxie and novirusthanks anti-rootkit free setup files)

    7) I run a scan with MBAM and with HitMan Pro

    Uploaded with ImageShack.us

    Virustotal Report of the driver installed

    http://www.virustotal.com/file-scan/report.html?id...

    File name:
    RKHit.sys
    Submission date:
    2011-04-06 21:42:10 (UTC)
    Current status:
    finished
    Result:
    5/ 41 (12.2%)

    ClamAV 0.97.0.0 2011.04.06 Trojan.Rootkit-2922
    Comodo 8248 2011.04.06 UnclassifiedMalware
    McAfee 5.400.0.1158 2011.04.06 Generic PUP.z!dm
    McAfee-GW-Edition 2010.1C 2011.04.06 Generic PUP.z!dm
    NOD32 6020 2011.04.06 Win32/Adware.SpywareCease

    "Whois"
    http://whois.domaintools.com/pcsafedoctor.com

    Domain name: pcsafedoctor.com

    Administrative Contact:
    Whois Privacy Protection Service, Inc.
    Whois Agent ()
    +1.4252740657
    Fax: +1.4259744730
    PMB 368, 14150 NE 20th St - F1
    C/O pcsafedoctor.com
    Bellevue, WA 98007
    US

    Name Servers:
    dns1.name-services.com
    dns2.name-services.com
    dns3.name-services.com
    dns4.name-services.com
    dns5.name-services.com

    Creation date: 14 May 2010 03:32:26
    Expiration date: 14 May 2011 03:32:00

    Would some security experts do a thorough investigation?
    I'm not an expert even if I think I can recognize such kind of scam

    pcsafedoctor.com

    I shall comment it under "phishing or other scam" even if I think that "spyware or adware" might be another good choice

    any suggestions, advices, corrections etc etc etc are welcome

    Thanks

Comments:

  1. User picture
    • luntik (not verified) on Wed 06 Apr 2011
    • 11:23:06 PM UTC

    Scam, Spyware and Adware!

    Issues:

    • Site's whois record is undisclosed, domain pcsafedoctor.com is registered only for one year, in this case looks suspicious.
    • No contact data (address, phone and so on), only E-Mail.
    • Installation file PCSafeDoctor_Setup.exe has no digital signature in addition has been detected by some antiviruses as spyware. //Edit: detected file RKHit.sys read the OP for clarification.

    So, to me that's enough to rate this site due to these "Ethical issues", and also as "Spyware or adware".

    Thank to leofelix antispyware™ :-)

  2. User picture
    • leofelix (not verified) on Wed 06 Apr 2011
    • 11:00:47 PM UTC

    RE: pcsafedoctor

    Installation file PCSafeDoctor_Setup.exe has no digital signature in addition has been detected by some antiviruses as spyware
    Indeed, if you have a look at the properties you will also notice "Language: Universal".
    It made me smile, I have to confess:-)

    leofelix™

  3. User picture
    • Satchman on Thu 07 Apr 2011
    • 01:05:08 AM UTC

    RE: pcsafedoctor

    Obviously a scam and a fraud. Rated Red.

    Shockingly, virustotal reports this site is clean!???? WTF!?

    http://www.virustotal.com/url-scan/report.html?id=...

    What can we do to alert them of this threatening site?

    Satch

    • User picture
      • leofelix (not verified) on Thu 07 Apr 2011
      • 07:11:31 PM UTC

      RE: pcsafedoctor

      @ satchman
      sorry for late reply.
      Virtutotal cannot scan files larger than 20 Mb size and cannot know what happens once a file is executed.
      The executable is over 37 Mb size.
      Moreover when I tested that "rogue antispyware" I disabled some real time protection modules of EMSISOFT antimalware. this might explain why that driver has not been detected immediately.

      ----------------
      By the way:
      I have found another suspicious website

      threatremove.com

      It provide apparently the same "products, less large in size though

      WhoIs looks like very interesting

      http://whois.domaintools.com/threatremove.com

      Administrative Contact:
      BestQi.com
      Luo Gang ()

      +86.13768395729
      Fax:
      Huojulu Yinda Huanyuan 5dong 2danyuan 212#
      Nanning, GUANGXI 530000
      CN

      Name Servers:
      dns1.name-services.com
      dns2.name-services.com
      dns3.name-services.com
      dns4.name-services.com
      dns5.name-services.com

      http://www.mywot.com/search/node/BestQi.com

      Have a look a this thread for instance
      http://www.mywot.com/forum/7626-free-scan-scam

      Nevertheless while the first website has not been reviewed by siteadvisor the second one was

      http://www.siteadvisor.com/sites/www.threatremove.... (Clean according to McAfee siteadvisor even if apparently they didn't check the setup file)

      which is affiliated to
      http://www.siteadvisor.com/sites/bestspywarescanne...

      The template of the website is different

      Uploaded with ImageShack.us

  4. User picture
    • c۞g on Tue 05 Mar 2013
    • 04:02:59 AM UTC

    RE: pcsafedoctor

    uninstallhelp.com
    reversenow.imebook.hop.clickbank.net

    DL via: http://reversenow.imebook.hop.clickbank.net/?gid=&yid=&aid=&tid=&qs=PerfectUninstaller.php

    ∞ Opto, ergo sum _https://en.wikipedia.org/wiki/And_You_and_I

  5. User picture
    • hotdoge3 on Wed 06 Mar 2013
    • 09:49:46 AM UTC

    RE: pcsafedoctor

    http://www.prevx.com/filenames/X27257074565936976-...
    Malicious Software

    http://systemexplorer.net/file-database/file/pcsaf...
    "pcsafedoctor.exe" with final rating Safe and 2 variants with final rating Threat . Final ratings are based on file reviews, discovered date, users occurence and antivirus scan results.