How to remove Antimalware Doctor?

I cannot find any of the files you are telling me to remove. But i am sure that my computer is infected. i need to do this the manual way because i am not the administrator so i cannot install any anti malware programs. please help?

I could not find any of the files either. Though I did go into the registry and delete the keys described. ( The third key you refer to the end of it in “quotations” I assumed you meant Run is “Antimalware Doctor”. The process on my computer was under … getnewupdate000.exe … or something similar, I cant remember. No virusscanner revealed all you talk of in your article. only 3 out of 5 (2keys/1file) were ever found with. Went in manually to system 32 and sorted by date modified but no idea as to which were the corrupted ones so I did nothing. About to reboot now, will let know if works.

@IR
Ok. so i rebooted and all seems fine. There may be some residual effect on my computer but im prepared to live with that. The first thing i did was remove a process called getnewupdate000.exe or something like that … cant remember. As soon as i did the popup disapeared so i assumed it was the right one. next i went into my registery (Go to start. go to run. enter regedit ) let it load, and click on the heading HKCU\CURRENT_USER * note * im not a computer guy and all of this i am recalling from memory so the letters might not be exact but probly close enough so u get the picture. ** use the registery entries described on this page above to find what u are looking for. Then right click on it and hit delete. The third one they describe all i could get to was “Run” and i just assumed that where they have “antimalware doctor” in quotations like so, theyre just meaning that run —— means/is—— antimalware doctor.
After the registery keys were deleted i ran malwarebytes free software/ and my norton360. both on full scans. THIS IS THE ONLY WAY I FOUND TO REMOVE IT! I had tried all other methods available on the net. It must be an updated version of the virus cause others ideas just didnt work. I hope they find a way to delete old forums with outdated virus issues so people like me dont get the runnaround for a day and a half…. i dont have time to deal with shit like this!. … Good luck to all.

Sir, I have install Antimalware Doctor from Internet now I will like to removed but I could not removed from my computer.

thanks a lot dude…

Here is help on how to remove it! if you have windows defender, open it up and start a scan (full scan highly recommended). If it has 3 severe leveled viruses, remove them immediately! once i did this, the little antimailware doctor shield icons disapeered (a little while after the removal process was done, so you might have to wait)!

oh yeah, and if you check the task manager, the Antimalware Doctor.exe
and setupapp7070010000.exe things wont be there!!!

after I put in “regedit” in the run program box, it told me the adminstrator had disabled registry editing. guess the virus did that for me too huh? any one know what to do from here?

Avery The Helper : The problem is windows defender removes only basic trojans. In some cases it helps (with older parasites like the ones in antimalit completely.but you are never sure if it fixed it completely.

You can try creating another user account on the same PC, Micha, and install removal program in it. Do a full scan through

If i recall, there was a registery file that i created following a web sites guide and it removed the sucker. There are also different names to this type of MaleWare.

hi i got this problem too
i don’t get how to enter my
registry cuz the virus seem to be
blocking it.
how do i get pass it?
thanks alot
cheers

Guys im really struggling where to find ‘getnewupdate000.exe’ after i delete that im sure ill be ok! Help please!!

Avg got RId of getupdate0000.exe file

Stopzilla took it out right away….a permanent fix.

I downloaded and ran “malwarebytes” and it removed the unwanted program without much interface from me. it found it and selected the negative entries, all I had to do was instigate the “quick scan” and once they were found and selected I clicked to delete them. @micha

Hi guys, I’ve fallen victim to the antimalware doctor thing too. The problem with the fixes prescribed is that the virus wont let me use the internet to download anything to fix it, nor will it let me access task manager to stop processes. I have microsoft security essentials installed and I can’t run that either because the false pop warning comes up saying the file is infected and I should run antimalware scan now. Please help if anyone knows how I can work around this virus to get rid of it.

RM : You have several options.
First, this is how to fix internet connection : http://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem
Second : Try finding MSE executable, and rightclick on it. Choose Run as administrator (if you are on Vista/Win 7).
Another option would be rebooting into safe mode (press F8 on reboot, choose safe mode with networking), downloading and scanning with Spyware Doctor or Malwarebytes,etc.
Third option would be using MSConfig to stopping all fishy processes from starting. You might need to use same trick as with MSE. Then you would just reboot and use antiviruses/Spyware Doctor to clean your PC
Also, you might try to kill Antimalware Doctor by launching task manager and stoping its processes. This might allow execution of security programs.

I just ran into this today, and I’m glad to hear that Malwarebytes’ Anti-Malware will track it down and kill it. I deleted all the files I could find (did a Search for “antimalware” and a few executables popped up to be deleted ) I also deleted any shortcuts I could find in the start menu and quicklaunch bar.

If the program is being annoying while you try to fix it, you can temporarily stop it: when a window pops up with a “remove threat” option, or whatever it is, Ctrl+Alt+Del for the taskbar and end the task from the Applications tab. So far it’s disabled it for me until I restart, but then it bombards me again.

Good luck to everyone! I’ll post whether or not Malwarebytes truly removed it when my full scan is completed.

thank u i funkin hate those dam assholes

yooo what should i do i cant find the getnewupdate000.exe to delete it so i can the pop ups will not come again please help !

The parasite file names might differ, as many parasites start using random file names. Start MSConfig and remove from startup all entries that start from under your user directory or look fishy in another way.
I would suggest using Spyware Doctors (or other anti-spyware) scanner to identify all malicious files.

MSConfig? lol my computer is in french where i go ?

démarrer (or the icon in the bottom left usually) , then type in msconfig in the search field… do not click enter if on vista/7. Rightclick on the name, choose second option (run as administration). On XP you can try launching program by searching for it and then executing as usual.

Hi I am a fallen victom of antimalware doctor to x.x, I have all the problems that FM did with vista (because I have it) but its not letting me start up my computer, here ever I get to the login screen it shows “start up repair” and when it finishes it says “could not repair start up” and it wont let me long in, everytime I try to reboot or start up my computer it keeps doing this, PLEASE HELP ME

One more thing – it might be wise to deactivate and reactivate the System restore after removing the malware. This removes stored restores of your system that may contain the malware. It’s done somewhat differently on different Windows versions, but it’s easy to google how to do it or see support.microsoft.com

I used Malwarebytes Anti-malware and it successfully removed Antimalware doctor. You need to kill the malware process first though. This can be done with the program rkill, found on http://www.technibble.com/rkill-repair-tool-of-the-week/ . Then use Malwarebytes , to rid yourself of Antimalware doctor.

microsoft MSE removed this no problemo.

Hey guys! Just got this myself, and fortunately seem to have cleaned it all in just under the ammount of time it took to read through the page.
Here’s how I did it… I was originally running a Malwarebytes Anti-Malware deep scan (I swear by this program myself!), and then cancelled it to run a quick scan as frankly I’m tired and want to go to bed.
The quick scan pulled up nothing, but then as it was running, there was yet another pop-up stating that my computer was infected with these dangerous files named like ‘c:\users\(my user name)\AppData\Local\Temp\mxwlldgewns.exe’ or something like that (the blah-blah.exe may be different, but u catch my drift).
What I then did was go into the folder specified and looked for the files… low and behold there they were! i selected all four of them (which made the pop-up warning list them all again another 2 times?), right-clicked on them, and selected the option to scan with AVG Free edition. Scanning them proved them to be harmful, so I removed and healed them, and now all seems to be gravy! I’m now running a deep scan with both AVG Free, and IObits security 360 to verify, and if any problems persist I’ll let you all know, though it’ll likely be tomorrow as I’m tired now. Currently though, all looking good! Night all!

oh and the little antimalware doctor shields have gone! yay!

i have installed spywaredoctor and have scanned my computer.but when i pressed the button of fixed checked items of viruses. i have to purchase online to fix it. but when i clicked on purchase online nothing happened. i cant fixed the problem. although now my internet explorer is working… what should i do? at first i used malwarebytes,it cleared some viruses but not all. so i tried spybot after it. it scanned and when i tried clicking fix problem it says (cannot create file “C:/windows/wininit.ini”.Access is denied..what do i have to do.? pls help!

one more thing internet explore is working now but safari is NOT..

Dave: Try Spyware Doctor as well – it has bigger database than Malwarebytes and Spybot. Iobit has serious problems – it copies other software program databases, and thus it is unreliable. I would avoid it.
It is quite typical that these files reside in c:\users\(my user name)\AppData\Local\Temp\… I would enable hidden/system folder view there and just delete every subdir there too, especially with similar random names.

Ada : reboot into safe mode with networking. Try scanning from there.

ada: Safari for windows is one of the most insecure pieces of software (like everything Apple provides for Microsoft users). I would recommend using chrome. Firefox is targeted by some exploits as well, thus I recommend using it with caution.

Well as I sit here mad as hell and read all these posts I am frustrated as Im afraid to use my computer to do any kind of banking or bill paying. Yesterday I was popped by antimalware doctor because my teenager was galavanting all over the net. I had the popup with the “your being compromised” warning and to activate antimalware doctor. I immediately opened my AVG and ran a full scan it found 6 problems and removed them. The popup thing went away yet the antimalware doctor was still in my program files. I have run about 7 more scans and about half has found yet more threats. I have had no more popups from antimalware doctor and I have no problems running my comp or doing things but my AVG keeps finding threats which tells me that it is still here somewhere. I was thinking of dumping my comp and reinstalling but I wanted to backup my large music files, but Im afraid to plug in my externel HD for fear of spreading it to it. Does anyone know if this virus thing can access my saved personal info, i.e. credit card log ins or bank log ins?

Jenispissed : Antimalware doctor do not spreads through network shares usually, however, the trojans that installed it, can. I would advice scanning with Spyware doctor, and seeing which files are infected. If there are no rootkit present, you can remove infections manually by hand.
AVG free is quite poor antivirus nowdays, if you do not want to spend money for antivirus, install at least AVAST or Avira.

I got hit with Antimalware Doctor, and I have run Malwarebytes 3 times in Safemode, the last time I ran it my computer said that the program was gone, so I rebooted and logged in normally. When I logged on, I checked and the program was back on my computer. Since I can’t access the internet to download other programs to help with the removal, my father had to download the malwarebytes onto a disk and mail it to me. Is there anything else I can do to try to get rid of it without an intenet connection?

BJV: have you tried disabling proxy server in your internet options? This is quite often the way internet connection is blocked and quite possible to remove it, especially in safe mode with networking.

@BJV
Did you kill the Malwarebytes process first? Otherwise maybe that’s why it comes back. Check my earlier post on how to kill the process.

MM, BJV Actually, you have to kill Anti-malware doctor process for malwarebytes to work. If it does not find infection (especially in safe mode), this means either rootkit, or something else. In any case, something that Malwarebytes can not handle at the moment (have you updated?). Do a full scan with Spyware Doctor or superantispyware.

Sorry – I meant kill the Antimalware doctor process. I have never tried Spyware doctor. All I know is that Malwarebytes removed Antimalware doctor for me.

I downloaded Spyware Doctor or whatever it’s called, but it won’t open now. I’ve tried to download malwarebytes but that won’t even download. I can’t find any of these processes to delete and now i’m just extremely frustrated. What can I do?

mcsquared : If you are on vista/7 you can try right-clicking on spyware Doctor exacutable and choose “Run as administrator”. Also, you can try rebooting, press F8 during boot. Choose safe mode with networking.

mcsquared: try to use rkill to kill the process. See my earlier post on this.

Hi i tried doing everything but it doesnt work. My task Manager doesnt even pop up. Wat do i do? Please help

Hi, awhile ago I caught the Antimalware Doctor bug and it annoyed me so much that I went out and bought Spyware Doctor and it removed the bug clear from my system. I was good for about three weeks when the bug stuck again and infected my system-again. I used spyware doctor again and it scanned my computer finding the bug. I then proceeded to click fix and it told me it removed the bug from my computer. After that I was bombarded by phony virus scans. The scan did nothing to get rid of the bug. The bug is still on my computer and it is far mor malicious than the first time I got it. What should I do?

Unknown: download and run process explorer instead of task manager. You might want to rename it to processxp.com before launching. Process explorer can be downloaded from here: http://download.sysinternals.com/Files/ProcessExplorer.zip

Suzanne: in your case I would contact PCTools support – they should help to finish cleaning for free, and provide an updated definitions. Appears that a new version of Antimalware Doctor is in the wild.

So, using Malwarebytes, I was able to get rid of the problem, or atleast I think. I went through all my files, processes, and regestry entries, and I cant find any of the files you’ve mentioned, and the popup and shields are gone, but now, I’m unable to get to the internet. I checked my proxy settings, and it appears to be fine. For some reason, Xfire is the only thing that will connect. I can not access anything via IE8 nor FireFox. None of my programs will update. When I try the windows diagnosis tool, it says something like “this website has not been added to the World Wide Web (HTTP) list” or something like that. I can ping Google.com just fine, and like I said, XFire will connect, but nothing else internet related works. I show that i’m connected to my network, as well as the internet, but I cant even access my router’s http control panel on the machine in question. Also, my hard drive is spinning constently as if something is still running. Any thoughts? (running Windows Vista)

I have downloaded spyware doctor and cannot get it to run in normal or safe mode. I cannot connect to the internet in safe mode even though I request that it start with networking. The malware doctor blocks everything from running indicating that it has found a virus. It blocked mcafee from running and downlaoding. What can I do to remove to bug??

Tired: Download process explorer from here: http://download.sysinternals.com/Files/ProcessExplorer.zip . Rename executable to .com from .exe. Launch it. Make sure you see file path visible. Then stop processes that are listed here or A) are started from your user folder (C:\Users… or C:\Documents and Settings ) B) are started from C:\ProgramData C) are started from root directory of C:\Program Files\ . Then you should be able to run malware removal programs.

Kazzar: you haven’t cleaned everything. Scan with Spyware Doctor scanner, also try running Tdss killer from kaspersky. Also, check if settings are not affected by infection: http://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem

I caught this yesterday, been trying to remove it since. I’ve done the rkill to stop the process and I’ve swept the system with SUPERantispyware free and Ad-Aware. After SUPERantispyware was done I rebooted and on startup the ads came back!!! I’m on to Avast now and thats going to be followed by Malwarebytes. I’ve done the regedit delete but they too came back after the reboots? Doesn’t look like any of the popular fixes are going to get the job done. Any “outside the box” tips?

I couldn’t find enemies-names.txt or Antimalware Doctor.exe in the search box to manually delete them but after some web searching someone posted this:
“They were located in C:\Users\”username”\AppData\Roaming\15589DB1FAF8B8E60EFD3CAAD022F7E3
they don’t show up in a search though, not sure why.”
I found them there but the series of numbers in the path may or may not have been different. Either way I clicked on the folder and those two files were in there as well as two others. Avast is still running but hopefully this deletion makes all the difference! Will keep you posted.

Ya, I founder another guide somewhere that had me download a program called ComboFix. When I ran it, it found the file you mentioned above, only they were not in the same place. It was in My Document / Roaming / 797329850342958297 (a double hidden folder named a bunch of random numbers). It found the enemies-names.txt and other files you mentioned in there. Even after that though, I was still unable to connect to the net. I got Spyware Doctor, and I used Tdss killer and also Rkill, which Tdss did remove a rootkit, but Spyware Doctor found nothing. I also followed the “how to fix google results” guide that you linked to, and all of my settings were still correct, even the host file was the same. In the end, I did a system restore to the night before this started happening, and re-ran every test. Nothing was found, but now my internet was working. I’m confident I cleaned it all…I bet there was some setting it changed that I never found, but, oh well. Ever since the system restore, havent had any residual problems.

WTF: Do a full scan with Spyware Doctor and run TDSS cleaner. You are likely to have a rootkit that block removal.

plz help me i hav an antimalware doctor in my pc how can i remove this program? I will like to removed but I could not removed from my computer.

scratch that…it came back…

ok, wait a min…spyware doctor found it this time, but it wants me to buy the full version before it will remove anything…

Okay. So I have been searching the internet for hours to try to fix my computer. Before you reply, here’s some important information to consider.

I can not run ANY programs outside of safe mode, not even Task Manager.

In safe mode, I can not run the internet regardless of whether or not I am in safe mode with Networking. So I am screwed over as far as downloading any sort of software to assist in removing said malware.

I went into rededit and deleted the files for it in the user part.

I do not understand much computer lingo, so please try to be thorough if you can help me. I would really appreciate any sort of help. I need this computer to last me through college, and I’ve still got 4 years to go.

Also, the computer has Windows 7.

Thank you so much.

-Med

Kazzar: Spyware Doctor shows location of files it detects. Though I recommend having full version to prevent reinfections and having full real-time protection.

MedNightmare: Check proxy settings in your browser. Disable it. Tools->Internet Options->Connection->lan settings. This should reenable internet in safe mode with networking.
If it fails, you could try system restore, and scanning your PC afterwards.
Also, some programs can be renamed to .com instead of .exe. They can pass Antimalware Doctor’s process and be launched.

I noticed that…so I went in and manually deleted the files and registry entries. Of course, while I was in there, I saw some other awkward looking registry entries in the same place as the Antimalware Doc ones, and they looked similar, so I removed them too. Of course, I made a back up of my registry before I did this, but it didnt help. Somehow, I royally screwed up my registry to the point of the machine BSODing when it booted into windows…but I could boot into safe mode just fine. I tried restoring my registry back up 3 times, but still got the BSOD on boot. So, I backed up everything, and i’m reloading my machine now. Just hoping the Antimalware Doctor trojan didnt get into any of my external drives.

I got the Antimalware Doctor, on Windows Server 2003. Happened right after started FireFox, got the 3.6 self-install screen. Immediately did a restart, entered Safe Mode and got a GREEN screen and failure restart/reboot.

Using “Disable automatic restart on system failure” I was able to see the green screen: “A problem has been detected and Windows has been shut down to prevent damage to your computer.” … STOP: 0×0000007F (0×00000000,0×00000000,0×00000000,0×00000000).

None of the boot menu choices allow Windows to start, each time there’s a blue flash, or this above green screen for a second and then an automatic reboot. Power cycling doesn’t help. Removed all USB devices, same thing.

Is there anything I can do, or am I well and truly hosed? Thanks!

MarkC: this is kernel stack overflow error. In this case it would be a sign, that you likely have a rootkit or some significant system change. That is quite bad news. You might want to try “repairing” windows install, but overall I would recommend reinstalling

Kazzar: Some of registry keys might need to be modified, not deleted. You might have deleted a bad file, but havent changed registry to point to good one. That is why I recommend using automatic tools.

I just got the virus. I have McAffe, it’s in the process of a scan now… will it remove it or do i need to purchase a different one? I just installed McAffe less then 6 months ago…

B: Try Mcafee, if it fails, try something else. I am not a big fan of Mcafee myself, though.

Hey! Just in case this is any help to someone – I tried removing Antimalware Doctor, but it didn’t seem to work with either McAfee or Malwarebytes – the latter one did detect some harmful files during a quick scan, some of which I recognized from the “manual removal”-guide above, but after deleting these and restarting the computer, the little shields popped up again. Anyway, this is what finally helped remove it:

-I deleted all files on my computer associated with Antimalware Doctor that I could find. The ones Malwarebytes found, but everything in my Start menu as well.

- Then I opened “FileASSASSIN” in Malwarebytes, and this is very important: made it remove the following file; “newsecureapp70700″. It was in user/appdata/roaming/078971672867191 (or some other random numbers) – i found it by doing a search. It did not want to delete (because it was running a process), but thankfully Malwarebytes is brilliant, so after restarting the computer, it was gone!

I’m sorry for any English mistakes, I’m not a native speaker. And I really hope this helps for someone, as it did for me!

I have this exact same problem. Does anyone know how to fix it?

Kazzar :
I noticed that…so I went in and manually deleted the files and registry entries. Of course, while I was in there, I saw some other awkward looking registry entries in the same place as the Antimalware Doc ones, and they looked similar, so I removed them too. Of course, I made a back up of my registry before I did this, but it didnt help. Somehow, I royally screwed up my registry to the point of the machine BSODing when it booted into windows…but I could boot into safe mode just fine. I tried restoring my registry back up 3 times, but still got the BSOD on boot. So, I backed up everything, and i’m reloading my machine now. Just hoping the Antimalware Doctor trojan didnt get into any of my external drives.

Grey: Some registry keys have to be modified instead of deletion. Antimalware doctor replaces some legitimate keys to pass some system functions through its processes (for example file execution). The registry key is required for system to function, but it will not work unmodified if the virus file is deleted.

What I did was go through all of the registry key folders in /Microsoft (because that was where the virus originally was) and looked for similarly named files e.g. {34938-343534-435345} (random numbers) and deleted them.

Now when I load my PC the user login screen won’t show and in its place is just a black screen with the mouse arrow able to move. However, I can log in normally in Safe Mode.

What registry keys do I need to modify and how do I do that?

admin :
Grey: Some registry keys have to be modified instead of deletion. Antimalware doctor replaces some legitimate keys to pass some system functions through its processes (for example file execution). The registry key is required for system to function, but it will not work unmodified if the virus file is deleted.

Obviously, you have messed with the key referencing winlogon . Have you made the backup?

I didn’t make a backup, which I only realised I had to do after visiting this site. I tried a number of other methods from different sites to remove the virus and none mentioned making one, so it didn’t occur to me. Is there still a way to fix it?

Do you have at least a list of keys you have modified? As far as I understood, you have deleted some keys that are not on this guide…
Windows repair might be an option in your case.

No, I don’t have a list, I went through all that were in the Microsoft section and deleted ones with similar names to the virus – there were quite a few that I deleted.

Get another PC with the same OS and open The section you have deleted the keys from. You might have to export registry keys from there.

Thank you soooo much. I got this the other day and could not open anything. Got my laptop and looked at your site for help.

This is what I did.
Restarted in safe mode. Right clicked on the shortcut for the Antimalware Doctor program to see where that was. Went to that location and moved the program and all files to the recycling bin. We to regedit and removed ONLY the FILES LISTED ABOVE!!!!!! Restarted in normal mode and I still got popups and could not do anything.

Restarted in safemode and went to msconfig. Unchecked all suspicious startup programs. There were 3 and they all had weird names. Retarted regular and bang! I was good. Then I went to download Malwarebytes but could not get the internet to open. I had to go to internet options and in the LAN setting unclick “use proxy server for your LAN” and BANG! Good to go. Ran Malwarebytes and in found other things wrong.

I hope this description helps those not computer savvy. Please do not change things in the registry except for what is listed!!!!

Thank you 2-Viruses.com!

Okay, that’s no problem, I can use my laptop. How do I export registry keys? I’m a computer novice.

Grey:

Open Registry Editor.
Select the branch you have deleted all the keys from, and rightclick on the selection
Choose export.
Click Save.

Then you will have to edit it down to the registry keys you have deleted. You do not want to mess up system any more.
Overall, pc novices should not do heavy registry editions or deletion

May help some other people who cant find these files: C:\Windows\System32\enemies-names.txt … C:\Documents and Settings\[Username]\My Documents\New Folder\setupapp7070010000.exe

I downloaded the rkill.exe, launched it, and deleted the processes it identified. Much easier than going on a manhunt through my computer =)

Ex.:
C:\Users\(…)\AppData\Roaming\6E79C3B127801505996EA7BFE741BFC6\enemies-names.txt

How do I edit it down to the keys I’ve deleted and add it to the PC that I’ve messed up?

Bella : rkill identifies lots of harmless processes as well (e.g. ones that are launched from ones user account). They are rare, but there are some : google chrome (by default), dropbox, lots of adobe air applications, etc. That could cripple user account.
Grey: Save as .reg file, use text editor to delete unnecessary entries, then import on infected PC. Use care

I’m currntly trying to import it to the infected PC via my memory stick, but I keep getting the message ‘Cannot import E:\Other\Windows.reg: Error accessing the registry.’

Try starting regedit and imporing from it.

I’ve tried that and it’s still not working. I forgot to add that I’m in Safe Mode with Networking since I can’t access normal mode.

You have to close all windows prior doing so. You can not modify registry keys that are used by programs currently running.

The only window I have running is the Registry Editor. I’m on this website on my laptop and my PC is the one that was infected and the one I’m trying to import to.

I don’t see another way around this. Is there a way I can do a System Restore to the day before I got the virus and deleted registry keys, and would that solve the problem?