We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Antimalware doctor-
crazyloon_2
Posts: 130 Forumite
in Techie Stuff
Hi
Ive just had this program (Antimalware doctor) install itself onto my computer and keeps giving me pop-ups/warnings every minute or so, AVG is finding nothing, and i cannot seem to find a way to uninstall this malware? just wondering if any of you kind folk can help me please?
many thanks
D
Ive just had this program (Antimalware doctor) install itself onto my computer and keeps giving me pop-ups/warnings every minute or so, AVG is finding nothing, and i cannot seem to find a way to uninstall this malware? just wondering if any of you kind folk can help me please?
many thanks
D
0
Comments
-
download this
http://www.filehippo.com/download_malwarebytes_anti_malware/
install , update it and then do a full scan
post the log file it producesEx forum ambassador
Long term forum member0 -
and download this
http://www.filehippo.com/download_hijackthis/
do a scan and produce a log file , post that as wellEx forum ambassador
Long term forum member0 -
if malwarebytes will not scan then follow the first part of this
http://www.bleepingcomputer.com/virus-removal/remove-antimalware-doctor
about using RkillEx forum ambassador
Long term forum member0 -
hi there, ok ive run Malwarebytes and i think this is the log?-
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
25/01/2011 21:06:40
mbam-log-2011-01-25 (21-06-25).txt
Scan type: Full scan (C:\|)
Objects scanned: 274201
Time elapsed: 19 minute(s), 54 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 10
Memory Processes Infected:
c:\Users\dave\AppData\Roaming\01de3f501a43fda65a0550837fbec3c1\67atrbin87ctr.exe (Trojan.FakeAlert) -> 5008 -> No action taken.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\67atrbin87ctr.exe (Trojan.FakeAlert) -> Value: 67atrbin87ctr.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{15819A04-F197-771F-C63C-5CDE37FD8B3E} (Trojan.ZbotR.Gen) -> Value: {15819A04-F197-771F-C63C-5CDE37FD8B3E} -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\Users\dave\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor (Rogue.AntiMalwareDoctor) -> No action taken.
Files Infected:
c:\Users\dave\AppData\Roaming\01de3f501a43fda65a0550837fbec3c1\67atrbin87ctr.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\dave\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\CZ1WP5M8\725vermainabb[1].exe (Trojan.FakeAlert) -> No action taken.
c:\Users\dave\AppData\Local\Temp\err.l!!!579919 (Trojan.FakeAlert) -> No action taken.
c:\Users\dave\Desktop\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
c:\Users\dave\AppData\Roaming\microsoft\internet explorer\quick launch\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
c:\Users\dave\AppData\Roaming\microsoft\Windows\start menu\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
c:\Users\dave\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> No action taken.
c:\Users\dave\AppData\Local\Temp\0.2506151828919674.exe (Trojan.Dropper) -> No action taken.
c:\Users\dave\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> No action taken.
c:\Users\dave\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor\uninstall.lnk (Rogue.AntiMalwareDoctor) -> No action taken.
is this the correct log?
thanks for the help btw
oh and do i click the "remove selected" option on malwarebytes?0 -
hmmm ive run HijackThis but it says "cannot find ..\HijackThis.log file do you wish to create? if i say yes it just brings up a blank notepad, and im not able to copy paste the scan results either....0
-
crazyloon
oh and do i click the "remove selected" option on malwarebytes?
Yes you will need to click "remove selected" as you will be still infected if you don't.
Re-run Malwarebytes on full scan and remove all items found and then post the log file in your next message.0 -
just to add- update definitions prior to rerunning full scan!0
-
ok scan results are:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5600
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
25/01/2011 22:22:36
mbam-log-2011-01-25 (22-22-36).txt
Scan type: Full scan (C:\|)
Objects scanned: 273909
Time elapsed: 19 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Also ive had no pop-ups, the desktop symbol has disappeared, and its gone from the program files...looking better yes?0 -
That's very strange that the malware aren't showing up especially with the first log showing no action taken.
Check under quarantine and see if anything is in there? Should not be there according to first log but...
If not there, update definitions and rerun the scan and hopefully it will be found.
Is the above post the 2nd or 3rd scan?0 -
hello, yes the above was the 2nd scan after reboot and update, ive just updated and run a 3rd scan and the results are:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5608
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
26/01/2011 14:39:54
mbam-log-2011-01-26 (14-39-54).txt
Scan type: Full scan (C:\|)
Objects scanned: 274508
Time elapsed: 20 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
so far ive not seen any sign of the malware which is much better, many thanks to you kind folks that helped me
D0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.4K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.4K Spending & Discounts
- 245.4K Work, Benefits & Business
- 601.3K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards