Results 1 to 7 of 7

Thread: Fraud.Virus Doctor

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. 2009-04-03, 19:15 #1
    ACupOfCffee
    ACupOfCffee is offline
    Junior Member
    Join Date
    Feb 2009
    Posts
    1

    Exclamation Fraud.Virus Doctor

    I was informed of CLIStart.exe being Fraud.VirusDoctor today upon boot. This file is part of my ATI graphics driver which I downloaded from Dell several months ago. I found ran a context menu scan on it from Windows Explorer and found that the detection was not based on signatures but heuristics.

    If it helps to note my AV is avast! Professional. From Resident.log
    Code:
    3/28/2009 9:32:50 AM Allowed (based on user decision) value "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}" (new data: "") added in Browser Helper Object!
3/28/2009 9:32:56 AM Allowed (based on user decision) value "AirShare" (new data: ""C:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A91000000001}\AirShareInstaller.exe" 0;1;1;1.6.65;C:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A91000000001}\;") added in System Startup global entry!
3/28/2009 9:33:19 AM Allowed (based on user decision) value "AirShare" (new data: "") deleted in System Startup global entry!
3/29/2009 11:48:45 AM Allowed (based on user decision) value "scrnsave.exe" (new data: "") deleted in Desktop settings!
3/29/2009 11:48:56 AM Allowed (based on user decision) value "scrnsave.exe" (new data: "C:\Windows\system32\AvastSS.scr") added in Desktop settings!
4/3/2009 11:33:38 AM Encountered and terminated Fraud.VirusDoctor in C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe!
    I most recently updated Spybot late last night and I got the TeaTimer update March 13 according to the log. I will send an email with the detected file and full logs shortly.
    Reply With Quote Reply With Quote
  2. 2009-04-06, 10:21 #2
    Yodama
    Yodama is offline
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    the false positive on Fraud.VirusDoctor is a detection false positive and will be corrected with the next detection update
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.
    Reply With Quote Reply With Quote
  3. 2009-04-06, 18:19 #3
    jbetatum
    jbetatum is offline
    Junior Member
    Join Date
    Aug 2008
    Posts
    1

    Default

    After starting my computer this a.m. Was greeted w/message from Spybot that it had detected Fraud.VirusDoctor in the pppeuser.exe file. That file is from my backup battery (Cyber Power).
    I unchecked the delete file from the spy-bot pop up but left the inform me button highlighted if it encounters again.
    I've attached the report.

    OS is windows xp sp2 and my last spybot update was 04/04/09.

    Is there anything else you need?
    Reply With Quote Reply With Quote
  4. 2009-04-07, 19:13 #4
    ender222
    ender222 is offline
    Junior Member
    Join Date
    Apr 2009
    Location
    Germany DAH
    Posts
    1

    Default find the "Fraud.VirusDoctor"

    Hi,

    SD-Resident detectet: "Fraud.VirusDoctor" I hav deletet over the Botton in Checkbox.
    My Work in this Time, Configuration in the ATI-CCC,Avivo,Presets.

    OS WIN XP/Home SP3
    SpybotSD V 1.6.246 last Update 01.04.09
    Catalyst V: 9.3 Driver V: 8.591...ATI
    Avira premium V:9.0.0421 Vir-def.7.01.03.27 date 07.04.09

    I think this is not Danger, and hope this Report help for the next Update in SD.
    Result for CCC, not Image/Video in Avivo-Presets, thats all.

    by GL
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules