Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malwarebytes won't remove Antimalware Doctor


  • Please log in to reply

#1
lindiriqui

lindiriqui

    Member

  • Member
  • PipPip
  • 10 posts
I've been trying to remove Antimalware Doctor since it infested my PC yesterday. I've tried using Malwarebytes over and over and it still won't remove. I've even tried deleting the virus from the Registry Editor and it still won't go away. I've used rkill to disable it, tried removing it in safe mode, and still nothing. I've tried using AVG as well. Please help me! This virus is driving me crazy!
  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download The Comedian.exe by Rorschach112 to your desktop
  • Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished
STOP! if you can't complete this step.. Tell me more about it..




NEXT


Please download OTS by OldTimer and unzip it to your Desktop..

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • At the top, tick on Scan All Users section
  • At File Age set it to 90 Days
  • In the Processes, Modules, Services, Drivers and Registry section, please set on Safe List.
  • In the Files Created Within and Files Modified Within section, set it to File Age
  • At the bottom, tick on all Safe List and Use Company Name WhiteList option
  • Under Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:
    • Reg - Disabled MS Config Items
      Reg - Drivers32
      Reg - Ext
      Reg - IE Explorer Bar
      Reg - NetSvcs
      Reg - Safeboot Minimal
      Reg - Safeboot Network
      File - Lop Check
      File - Purity Scan
    • Please copy/paste below script into Custom Scans box
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
  • Do NOT change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Attach the log in your next replies.. Don't post it.. It will be too large to fit into a single post..




NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename or GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.

IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results




ATTACH these logs in your next reply

1. OTS
2. GMER
  • 0

#3
lindiriqui

lindiriqui

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks! I'm going to try it tonight and post what you asked for
  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok, no problem :)
  • 0

#5
lindiriqui

lindiriqui

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Okay, so the good thing is, I don't know how it happened but Antimalware Doctor is gone! The bad thing is, I only got 2/3 through your instructions before my PC froze and I had to restart. Here is what I did and the log that I was able to retrieve:

I downloaded The Comedian and OTS and ran both exactly as you said.

After, I downloaded GMER, renamed it to GAMERS, opened it, etc. A few seconds after the scan, it froze.

I then restarted my computer and noticed that Antimalware Doctor did not pop up for the first time since it got in my PC. I checked the Registry Editor and found that it's files were still in there. I figured, why the [bleep] not try running Malwarebytes one more time. Sure enough, it did the trick! I don't know what it is you had me do to fix it but thank you!!!!!

I'm included the OTS.txt just so you can check it out if you want.

I do have one more problem though: when I click a link from Google, the page redirects me to a totally different site. How can I fix that?

Attached Files

  • Attached File  OTS.Txt   214.29KB   526 downloads

  • 0

#6
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download TDSSKiller.zip and unzip it to your Desktop

Run the TDSSKiller and wait until it finishes (should be just a few seconds or below a minute).. Then find the log at your %systemdrive% (drive that contains Windows)

The log shall be named something like this one..

(TDSSKiller.version_date_time_log) for example.. (TDSSKiller.2.1.1_22.12.2009_19.33.44_log)



Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :)
  • 0

#7
lindiriqui

lindiriqui

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Well, I tried running ESET but when I clicked "Install ActiveX Control", I got a window saying "The page cannot be refreshed without resending the information. Click Retry to send the information again, or click Cancel to return to the page that you were trying to view".

Although, I could not run the scan, my Google links are working! Brilliant! Thanks a million! But is it okay that the Eset couldn't scan?
  • 0

#8
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please try again.. If still couldn't lets do below

Well.. How's the computer now? :)

Please do this step before you sleep or when you don't use the computer as it will take quite a while..

Go to Kaspersky Online Scanner

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases


5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
  • 0

#9
asarous

asarous

    New Member

  • Member
  • Pip
  • 1 posts
So, I had a similar problem. Antimalware Doctor, which I removed through regedit all on my own, as I usually do with things like that. It was the redirect google virus that had me coming to you looking to make sure I'd cleared everything out. I used some not all of your suggestions because your links for Thecomedian didn't work and Gamer was just one more round of screening, when I'd already done a ton of it (checking through the logs diligently as I do actually recognize most of those things). Then I unfortunately ran TDSSKiller...which killed my hard disk with it's "cure".

Now, too late to reverse the problem, I'm seeing that tons of other people have faced this same problem. Leaving TDSSKiller posted as a usable fix at this point puts you on the side of the problem, actually makes you worse than the malware programs, seeing as they just steal information they don't kill your computer.

A warning or removal would be nice. Thanks!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP