"Antimalware Doctor" Virus

philbagg

philbagg

Just Killing Time
This is the THIRD time I've come across this f**king thing. Anybody here had to deal with it before?

It's stronger this time. It won't let me go online to download the files I need to get rid of it. Then it prevented me from viewing "My Computer", so I had to put download the files from the laptop, hook my OS drive up to the laptop with a USB adaptor and put the files onto the desktop where I could get them, and I'm actually fighting with it as I'm trying to get rid of it.
:mad::mad::mad::mad::mad::mad::mad::mad::mad:
 
CFox said:
Ahhhh....yep, gaysian midget p0rn. It'll get you everytime.

What AV are you using ?
Click to expand...

I have McAffee and Microsoft Security Essentials installed on the PC. I'm using Spyware Doctor to scan the drive from the laptop now, because the virus keeps re-activating during scans when it's done natively. Once the scans are done, it tells me to reboot, and then it pops up all over again.
 
CFox said:
http://www.ehow.com/how_6067077_remove-antimalware-doctor-virus.html

Read the comments if you cant find the exe in your processes.

Check your AV settings to ensure it scans boot sectors and master boot.
Click to expand...

I've been through that article a few times.

Quick question. I'm after finding a file called "aermwxnosc" in my startup items.

Type it into Google... NOTHING. It's running from "C:\DOCUME-1\USER\LOCALS-1\TEMP\AERMWXNOSC.TMP"

should i get rid of it?
 
I'm losing my fucking mind here. I can't win. No matter what I delete, what I scan and clean, it keeps coming back :mad::mad::mad::mad::mad:
 
Fuck this. I'm just gonna format the fucking drive. Whoever wrote this thing should be beat to death. It's 6AM here FFS...
 
philbagg said:
I'm losing my fucking mind here. I can't win. No matter what I delete, what I scan and clean, it keeps coming back :mad::mad::mad::mad::mad:
Click to expand...

If you haven't formatted the drive yet, try attaching it with a USB adapter to another machine and scan/clean from that machine.

This way, the virus isn't activated when you're scanning and should be a whole lot easier to clean...
 
If you are already infected, trying to clean it from inside of windows wont work since the virus is already active when you boot up, it will reinstall itself when you try to clean it. It needs to be removed by booting from a boot disk
 
My favorite two anti-virus tools at this moment in time, both free:

Combofix - http://www.bleepingcomputer.com/download/anti-virus/combofix

No need to install it. Just download from that link to a USB flash drive. Then shut off the effected computer, turn it back on and boot into Safe mode. Then copy Combofix to the C: drive and run it.

Or Malwarebyte - http://download.cnet.com/Malwarebyt...22_4-10804572.html?tag=contentMain;contentAux

It needs to be installed, and some viruses will either try to prevent the installer from running, or try to prevent the execuable from running once its installed. In either case you can usually get around this by just renaming the file.
 
HI Phillbagg,

ive had this virus twice as well. Ive found the best way to get rid of it is to open 'regedit', and remove it from your registry manually, before remocving all the files it leaves on your pc.

run regedit from 'run' in your start menu, and remove these files:

Associated Antimalware Doctor Files:

<Path to rogue>\enemies-names.txt
<Path to rogue>\Antimalware Doctor.exe



Associated Antimalware Doctor Windows Registry Information:

HKEY_CURRENT_USER\Software\Antimalware Doctor Inc\Antimalware Doctor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Antimalware Doctor.exe"

i'd search your entire pc for files with 'enemies' written in them too.

http://www.bleepingcomputer.com/virus-removal/remove-antimalware-doctor
 
Hey guys. I just ended up formatting the drive and reinstalling XP. I'm using Norton Ghost to create a backup image of the C drive once I've installed all my updates, drivers, and basic software, so if anything like this ever happens again all I have to do is revert to the backup.

Cheers for all your help. And as for AV, I'm using Spyware Doctor and McAffee. I didn't have Spyware Doctor installed before the virus got me so I reckon that made it a lot easier for it.

Also, another thing to watch out for with this virus:
I managed to beat the virus down quite a bit, so much so that the listed dangerous files (related to AntiMalware Doctor) were gone off my computer, the dangerous registry values were gone, and the "program" didn't start up automatically upon login. However, I was getting a constant message from Microsoft Security Essentials saying it detected a Win32/Trojan of Severe Threat.

I've used MSE before so this didn't seem out of the ordinary. I clicked "Clean Computer", and then it just left me with an option for "Scan online".

Ok? Click that. It gives me a list of known AV programs such as Kaspersky, McAffee, Norton, AVG etc. and tells me which programs are capable of removing it, and offering "free download". This is where it looked a little suspicious. I didn't want to install any more software to the computer, so I just got fed up with MSE and went to remove it from my computer. It didn't exist :confused: I remembered then that I'd never installed it since my last OS install.

Long story short: The virus can pose as Microsoft Security Essentials, and it looks IDENTICAL to the real thing, so be careful.

Also, another way to catch and activate the virus is to click on the "Windows Update" splash it throws up, which, once again, looks identical to the real thing. So be careful.
 
I've had an animalware popup appear 3 or 4 times while on line in the past year or 2. Funny thing is it asks you to install it, I x it off, then it comes back, second time I x it out I have enough time to close the browser. I clear the cache, reset the browser, Safari, and have never had a problem. It does look like a windows popup that's offering free software to optimize web surfing. Since I don't use a PC online I figured it was BS.
 
when my Norton ran out in the spring , i was recommended a prog called
"MalwareBytes" - - unfortunately i picked antivirus docktor on the googled list :/ DOH!!

tho Norton stopped and quarantines it , it never deletes it , so on every scan , it panics itself :/

i dont connect to the net on my other laptop either,
 
You must log in or register to reply here.
Back
Top