How to Remove Antimalware Doctor; Malware Doctor Removal Instructions

October 4, 2010, By Fouad Bajwa

The Antimalware Doctor application belongs to the family of rogue anti-spyware programs usually promoted or installed through trojan viruses when unsuspecting users browse some form of fake online scanners or bogus websites.

Antimalware Doctor after taking control of a victim computer starts to display fake security alerts leading to reporting false scan results convincing the user that their computer is infected with malware while displaying a list of fake threats and infections. After showing these fake results, it tries to convince and provoke the user that they must purchase the registered version of the program in order to remove these infections. This how-to suggests various methods to remove this rogue application.

Identifying Antimalware Doctor Infection Symptoms:

  1. It changes the user’s browser settings.
  2. It displays commercial advertisement pop-ups.
  3. It connects itself in the background to the internet to download more infected files.
  4. It continues to quietly sit in the background.
  5. It displays numerous fake security alerts and notifications in the Windows Task bar.
  6. It provokes you to purchase the registered version of the program because your system is under attack by some hackers from the Internet.
  7. It blocks access to legitimate and famous anti-virus, anti-spyware programs and security related websites.
  8. It displays the following messages upon scan:
    Warning! Removed attack detected!
    Antimalware Doctor has detected that somebody is trying to block your computer remotely via {Trojan Worm BX12.434.CardStoler}.
    Transfer for Your private data via internet will start in: 7
    We strongly recommend you to block attack immediately.
    Your computer is subjected to hacker attack.
    Antimalware Doctor has detected that somebody is trying to transfer your private data via internet.
    We strongly recommend you to block attack immediately.
  9. Look for the following system file and registry key changes:

    Files and folder:
    D:\Windows\System32\Antimalware Doctor.exe
    D:\Documents and Settings\[UserName]\Application Data\[RANDOM CHARECTERS]\secureapp70700.exe
    D:\Windows\System32\enemies-names.txt

    Registry keys and values:
    HKEY_CURRENT_USER\Software\Antimalware Doctor Inc\Antimalware Doctor
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Antimalware Doctor.exe”
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “secureapp70700.exe”

    Files and registry values:
    Files and folder:D:\Windows\System32\Antimalware Doctor.exe
    D:\Documents and Settings\[UserName]\Application Data\[RANDOM CHARECTERS]\secureapp70700.exeC:\Windows\System32\enemies-names.txt

    Registry keys and values:
    HKEY_CURRENT_USER\Software\Antimalware Doctor Inc\Antimalware Doctor
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Antimalware Doctor.exe
    “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “secureapp70700.exe”

Alternate names for Antimalware Doctor Trojan:

  • Trojan.Fakealert.14374
  • Rogue: W32/AntiMalwareDoctor.B
  • Win32/Adware.AntimalwareDoctor.AA

Manually removing Antimalware Doctor

  1. Kill the following process: Antimalware Doctor.exe setupapp7070010000.exe
  2. Delete all of the following registry values:
    HKEY_CURRENT_USERSoftwareAntimalware Doctor IncAntimalware Doctor
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstallAntimalware Doctor
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Antimalware Doctor.exe”
    HKEY_CURRENT_USERSoftwareAntimalware Doctor Inc
    HKEY_CURRENT_USERSoftwareAntimalware Doctor IncAntimalware Doctor
    HKEY_CURRENT_USERSoftwareAntimalware Doctor IncAntimalware Doctordatarl1=KRoAGVdOQwQVExEoAAIQQRsl
    HKEY_CURRENT_USERSoftwareAntimalware Doctor IncAntimalware Doctordatarl2=KRoAGVdOQwQVExE3BAYNQRsl
    HKEY_CURRENT_USERSoftwareAntimalware Doctor IncAntimalware DoctordatarlA=KRoAGVdOQwQVExEoAAIQQRsl
    HKEY_CURRENT_USERSoftwareAntimalware Doctor IncAntimalware Doctorinstall_time=4/12/2010 3:48:12 AM
    HKEY_CURRENT_USERSoftwareAntimalware Doctor IncAntimalware Doctordatabase_version=256
    HKEY_CURRENT_USERSoftwareAntimalware Doctor IncAntimalware Doctorvirus_signatures=62171
    HKEY_CURRENT_USERSoftwareAntimalware Doctor IncAntimalware Doctoraffid=7070010000
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunsetupapp7070010000.exe=D:Documents and Settingsmalwarehelp.orgMy DocumentsNew Foldersetupapp7070010000.exe
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstallAntimalware Doctor
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstallAntimalware DoctorDisplayIcon=C:Documents and Settingsmalwarehelp.org
    My DocumentsNew Foldersetupapp7070010000.exe,0
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstallAntimalware DoctorDisplayName=Antimalware Doctor
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstallAntimalware DoctorUninstallString=D:Documents and Settingsmalwarehelp.orgMy DocumentsNew Foldersetupapp7070010000.exe /uninstall
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstallAntimalware DoctorInstallLocation=D:Documents and Settingsmalwarehelp.orgMy DocumentsNew Folder
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstallAntimalware DoctorNoModify=1
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstallAntimalware DoctorNoRepair=1
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache
    D:Documents and Settingsmalwarehelp.orgMy DocumentsNew Foldersetupapp7070010000.exe
  3. Unregister the following DLL: hookdll.dll
  4. Permanently delete the following files:
    – Antimalware Doctor.exe
    – D:WindowsSystem32enemies-names.txt
    – setupapp7070010000.exe
    – enemies-names.txt
    – hookdll.dll
  5. Delete the following directory:
    D:Documents and Settingsmalwarehelp.orgMy DocumentsNew Folder

Automated malware and trojan removal:

How-to Remove Defense Center and/or Protection Center

  1. Shut down or close all applications and programs running on your computer.
  2. Download and install the Malwarebytes’ Anti-Malware program from here.
  3. When the program’s installation has been completed it will ask you to update it before performing any scan so that it scans your system using the latest database of issues for the program.
  4. Whilst updating, if you run into any kind of downloading problems, you should open and configure your computer’s firewall program to configure it to allow internet access permissions to Malwarebyte’s Anti-Malware.
  5. Finally run Malware Bytes Anti-Malware allowing it to perform a complete scan of your PC and remove any infections that it detects.
  6. Your computer should now be free of Defense Center and Protection Center malware.
© 2008-2012 DeviceMag.com - All rights reserved | Privacy Policy