Spyware:Win32/DataDoctor

(?)

Encyclopedia entry
Updated: Apr 17, 2011 | Published: Nov 09, 2010

Aliases

Application.Keylogger.DataDoctor.A

BitDefender

BackDoor.Dumb.120 (Dr.Web)
not-a-virus:Monitor.Win32.KeyLogger.ty (Kaspersky)
Pro Data Doctor (Trial) (other)

Alert Level (?)
High

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.

Detection last updated:
Definition: 1.75.264.0
Released: Feb 02, 2010

Detection initially created:
Definition: 1.55.1054.0
Released: Apr 04, 2009

Summary

Spyware:Win32/DataDoctor is the detection of a program that captures user entered key strokes to a configured data file.

Top

Symptoms

System Changes

The following system changes may indicate the presence of Spyware:Win32/DataDoctor:

The presence of the following file:
%ProgramFiles%\KeyLog\msdts.exe
The presence of the following registry data:
In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sets value: "msdts"
With data: "%ProgramFiles%\KeyLog\msdts.exe"
There are no other obvious symptoms that indicate the presence of Spyware:Win32/DataDoctor on an affected machine.

Top

Technical Information (Analysis)

Spyware:Win32/DataDoctor is the detection of a program that captures user entered key strokes to a configured data file.

Installation

Spyware:Win32/DataDoctor may be present as the following file:

%ProgramFiles%\KeyLog\msdts.exe

The registry is modified to run DataDoctor at each Windows start.

In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Sets value: "msdts"

With data: "%ProgramFiles%\KeyLog\msdts.exe"

When run, Spyware:Win32/DataDoctor requires a password, which is set during the first execution of the program:

DataDoctor can be configured to store captured key strokes to a data file:

DataDoctor configuration screen (trial version)

DataDoctor runs in the background and captures key strokes to the configured data file.

Analysis by Shawn Wang

Top

Prevention

Follow these general security tips to better protect your computer.

Top

Recovery

To detect and remove this program and other potentially unwanted software that may be installed in your computer, run a full-system scan with an up-to-date antispyware product such as the following:

Microsoft Security Essentials

Microsoft Safety Scanner

For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.

Top


	Provide feedback Please note: While your feedback is very important to us, we do not respond to individual submissions through this channel. Feedback, requests, or questions submitted through this form are monitored, however responses are not generated. If you require support, please visit the Safety & Security Center.