Antimalware Doctor

20 February 2010 Rogue 11 Comments

Antimalware Doctor is a security program that is included in the category of rogue. With regards to its performance and functionalities once installed on computer, it will fail your expectations. Same as other of its kind, Antimalware Doctor virus will get into the system by pretending to be a useful computer security tool that can be obtained from websites that acts as its promotional venue. But once installed, this unwanted program will act on its own, scanning computer without user’s intervention. It deceives you by generating dozens of false threats and phony alerts. Also, a continuous display of fake warning messages will appear on the compromised system. It will prompt user to engage in a fraudulent online transaction to purchase the Antimalware Doctor registration key. A frequent warning message it will display is:

Warning! Removed attack detected!
Antimalware Doctor has detected that somebody is trying to block your computer remotely via {Trojan Worm BX12.434.CardStoler}.
Transfer for Your private data via internet will start in: 7
We strongly recommend you to block attack immediately.

It was very obvious that this unwanted application was created to be installed on computer and reside there until the full version was purchased. In fact, all means and options to remove Antimalware Doctor was disabled including its entry on the add/remove programs of Windows. The only safe measure to get rid of this fake program is through the use of a powerful security and antivirus application as discussed on the later part of this page.

Screen Shot Image:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Antimalware Doctor Removal Procedures

Manual Removal:
1. Stop its process by pressing Ctrl+Alt+Del. Windows Task Manager will open. Look for the following process:
Antimalware Doctor.exe

2. Update your installed anti-virus program.
3. Run a full system scan and clean/delete all detected infected file(s). A manual removal of virus-related files should also be performed.
4. Edit Windows registry and delete Antimalware Doctor entries.
- For Windows 2000/XP: Go to Start > Run, type “regedit” on dialog box then press Enter on keyboard.
- For Windows Vista/7: Go to Start > Search Program and Files, type “regedit” and press Enter.

5. Exit registry editor.
6. Remove injected start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. System Configuration Utility will open. Go to Startup tab and uncheck the following Startup item(s):
Antimalware Doctor.exe

7. Click Apply and restart Windows.

Antimalware Doctor Removal Tool:
Remove malicious files from a computer by scanning with anti-spyware program. We highly recommend MalwareBytes’ Anti-Malware. Click here to download MBAM. Install it on infected computer, update the database and do a full scan of the system.

Technical Details and Additional Information:

To fully convince users that computer is under attack, it will continuously display fake alerts with scary messages.

Antimalware Doctor has detected that somebody is trying to transfer your private data via Internet. We strongly recommend you to block attack immediately.

Your computer is subjected to hacker attack. Antimalware Doctor has detected that somebody is trying to transfer your private data via Internet. We strongly recommend you to block attack immediately.

Any attempt to remove threats displayed by the program will lead users into activation of this fake and untrusted application.

Malicious Files Added:
[Rogue Directory]\enemies-names.txt
[Rogue Directory]\Antimalware Doctor.exe

Associated Registry Entries:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc\Antimalware Doctor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Antimalware Doctor.exe”