Antimalware Doctor is a rogue antispyware program that distributed and installed throught trojans. The rogue detects false infections and displays numerous fake security warnings in order to scare you into thinking that your computer is infected with a lot of malware. It hopes that you will then purchase a full version of Antimalware Doctor.
When the trojan that installs Antimalware Doctor is started, it will download, then install the rogue on to your computer. During installation, the fake antispyware application will be registered in the Windows registry to run automatically when Windows loads. Immediately after launch, Antimalware Doctor will start to scan your computer and reports a lot of various infections that will not be fixed unless you first purchase the software. Important to know, all of these infections are a fake and do not actually exist on your computer.
What is more, Antimalware Doctor constantly displays various security alerts. However, all of these alerts ara fake and like the false scan results supposed to scare you into thinking that your computer is infected. So you can safely ignore all that the parasitic program gives you.
As you can see, Antimalware Doctor is a scam that created with one purpose to trick you into purchasing so-called “full” version of the program. If you find that your computer is infected with this malware, then be quick and take effort to remove it immediately. Use the removal guide below to remove Antimalware Doctor from your computer for free.
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [Antimalware Doctor.exe] C:\Windows\System32\Antimalware Doctor.exe
Use the following instructions to remove Antimalware Doctor (Uninstall instructions)
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Antimalware Doctor infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Antimalware Doctor. MalwareBytes Anti-malware will now remove all of associated Antimalware Doctor files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Antimalware Doctor creates the following files and folders
C:\Windows\System32\enemies-names.txt
C:\Windows\System32\Antimalware Doctor.exe
Antimalware Doctor creates the following registry keys and values
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc\Antimalware Doctor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Antimalware Doctor.exe
Lucas, check Internet explorer proxy settings. Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click OK.
I think this worked so thanks = )
Thank you soooo much it worked!!!!! No more Antimalware Doctor Virus. Thanks again.
I was able to delete the anitmalware virus but for some reason it is still is not letting me log onto to the Internet??? I check the Internet connections by checking the LAN settings…the proxy section was unchecked, like it should!! What can be the issue…does anyone have any thoughts??
Thanks for the help!!
Geo1121, what shows your browser when you trying open any site ?
i downloaded the mbab and it worked! it only took about 10 minutes to get off my computer. i still cant do System Restore because of something about an administrator. THANKS A LOT!!!!!! yours guys help really just saved the day.
I ran malwarebytes but I’m still having this problem:
– Under StartUp Item: newsecureapp70700.exe
I tried removing it from the HKCU but I don’t find anything that corresponds to that title or ‘enemies’ for that matter.
I’m able to run my computer in Safe Mode but when I tried starting up with Safe Mode and Networking, a pop up box appears and my computer shuts down in a minute.
Please help.
SuperAntispyware is the BEST; it is free and it removed all of the garbage called “Antimalware Doctor” and some more!
Everytime i try and open my AntiVirus or Malwarebytes, a box pops up saying “program name here” is infected. Do you want to open your antivirus software?
It jusst takes me back to antimalware doctor!
What do i do!!?
Kate, try update Malwarebytes and perform a fresh scan.
Eddie, you need to rename the core Malwarebytes Anti-Malware executable before running it.
Click Start and type in Search field (if you using Windows 2000/XP, Click Start, Run and type in Open field):
%ProgramFiles%\Malwarebytes` Anti-Malware
Next, press Enter. It will open the Malwarebytes` Anti-Malware folder. Right click to a file named mbam.exe (or mbam) and select rename. Type iexplore.exe (or iexplore) and press Enter. Double click to this file to run Malwarebytes` Anti-malware.
Patrik, I’ve downloaded the MBAM exe, and installed it, but the virus wont let me open it. How do I overcome this problem?
I have this program too.
I did what you guys said. I changed the name of malware and got in the program again. Alas i couldnt update cause of an error message. I did run quick scan though and it found the program. I selected remove restarted the computer but it didnt have any effect.
On laptop here cause i cant even get on the internet on my desktop
I tried following these instructions but i cannot access the internet antimalware doctor file was deleted but every time i go to control panel uninstall its there and cannnot be deleted it says program still running must wait or something. The Hkey folders cannot be deleted. I have norton anti virus n i put full scan wat came was 2 cookies n i took it off but it didnt help me. Please help i use my laptop for school and my fall semester actually starts today ironically. Thank you
ok so i installed superantispyware and this only made it worse. I deleted all the stuff in safemode but now i only get a blue screen saying my windows logon is terminated-. Help!! I cant lose all my data
My computer was infected with antimalware doctor a few days ago, and i’m unable to connect to the internet to download a program to remove it. i have another laptop and external hard drive, and i’ve downloaded both Spyware Doctor and Malwarebytes, however i’m unsure how to transfer the program from my laptop (which is windows 7) to the infected computer (an older windows XP) – i’ve moved the entire file folder onto the computer, and any application i click on doesn’t work except for an application from malwarebytes called “mbam” and all that happens is a message will pop up saying “Run-time error ‘0’”.
i havent found any of the usual .exe processes to look out for that others have come across with the virus, but i have found one called “mediafix70700en02.exe” which has the common numbers.
i just need my internet access back, but i’m completely lost with what steps i can take. i can use IE, firefox + google chrome.
Eva, try the following:
rename the core Malwarebytes Anti-Malware executable before running it. Click Start and type in Search field (if you using Windows 2000/XP, Click Start, Run and type in Open field):
%ProgramFiles%\Malwarebytes` Anti-Malware
Next, press Enter. It will open the Malwarebytes` Anti-Malware folder. Right click to a file named mbam.exe (or mbam) and select rename. Type iexplore.exe (or iexplore) and press Enter. Double click to this file to run Malwarebytes` Anti-malware.
Amjad, download the suggested programs above to another PC and them move them to your computer using a flash or cd disk.
Joey, start a new topic in our Spyware removal forum. We can try a few ways to repair your Windows installation.
Adrienne, download HijackThis from here and save it to your desktop.
Run HijackThis. Click Scan button. After HijackThis completes the system scan, check the box to the left of the following items:
O4 – HKCU\..\Run: [mediafix70700en02.exe] C:\Documents and Settings\User\Application Data\CA196E3D0F2D18F19323483E318BCFD5\mediafix70700en02.exeClick Fix checked and close HijackThis.
Run Malwarebytes and perform a scan.
Okay, so i managed to get malwarebytes working and the virus seems to be gone, no more pop-ups or anything. The only problem is, my internet still isn’t working, and i seem to be having the same issue as Geo1121. It’s definitely not the proxy, i’ve reset the settings and basically reinstalled internet explorer, and there’s nothing wrong with the “hosts” file in the system32 folder.
When i run IE or firefox, it simply says that it can’t establish a connection to the server. Google chrome also says that it can’t connect, and gives me a “102 error”
any idea of what i can do next? thanks so much for your help so far!
Patrik.
Thanks my friend. You are a goof man! Your advice worked like a dream. In summary:
– Go in safe mode OR your guest account (after ensuring you log off the infected account).
– Run Malwarebytes (it did run in the safe or other account)
– Check all the infections and remove then reboot
– You wont have internet connection, so Internet options, uncheck the pgo through a proxy server option and click ok.
– Voila, back comes your internet!
All Patriks work!
ps Patrick…when I wrote “goof man” I meant good man! Apologies…a mistake not an insult! 🙂
Please note important issue!
I have had 2 infected PC’s en this program may give false notices of viruses and malware but it also places some real ones on your PC!! different exe files on different locations! Mainly in temp directories and Documents and Settings{user}Local Settings, Documents and Settings{user}Local SettingsApplication Data and Documents and Settings{user}Application Data directories.
You can also find them as values in the run keys!
Adrienne, any other network apps such ping, skype, icq … are ok ?
Please help. I have kasperksy internet security but when I installed malwarebytes it won’t even let me open it.
It says “This application has failed to start because MSVBVM60.DLL was not found. Re-installing this application may solve this issue.”
What should I do?
Also, does system restore work for it?
Okay everyone, I fixed this problem.
I used registry cleaner to clean my registry. I then downloaded Spyware Doctor with antivirus and it found like 137 infections. I removed those and the program was still there.
I then used COMODO registry cleaner and scanned with that, and it fixed all the errors it found.
All of a sudden, the program closed and I can’t find any traces of it. I’m so HAPPY.
I had another virus before and this process worked great, but now this antimalware doctor disabled my internet. Anytime I would run windows normally, it would blue screen and shut off my computer. Finally I clicked on the antimalware doctor window. I didn’t click to “remove threats” but it made the virus think I was going to proceed. After 10 times of trying, that finally let me run the scan. When I tried to run it in safe mode, it couldn’t find any threats. Now I keep running the scan with malwarebytes, it keeps finding one threat, and I keep removing it and rebooting, but I still have no internet and still cannot get rid of the doctor and those two shields on the taskbar. Any help would be appreciated.
There is no need to buy any additional software (that will cost you just as much as the \Antimalware Doctor\ you are trying to get rid of), or perform elaborate actions in your registry!
On startup, repeatedly push F7, and then select \start up in safe mode\. Now, simply perform a system restore to a point in time before the infectation. Done!