How To Remove And Uninstall Antimalware Doctor

Yesterday, my wife called to tell me something was wrong with her computer. I told her to shut it off and I’d look when I got home. What I found when I got home was software called Antimalware Doctor reporting fake trojans and slowing down her whole computer. My wife had called because she was immediately suspicious, but so many are easily tricked by software like this that looks credible.

Antimalware Doctor

What Is Antimalware Doctor?

Over the years, the threat of getting a virus or trojan on your computer went from rare to pretty damn scary. The fear of a virus is how software like this works. It disguises itself as legitimate ant-virus software, pretending to help. It will pop up and appear to scan for and then find various threats on your computer. The goal is to make you believe that there is a threat so imminent that you should act right away. I’ve written about scare tactics like this before because they seem to work. You think you have a virus and need to take care of it right away, so you take the suggested action, which leads you to spending money on this horrible software. It’s like finding a burglar in you home, dressed like a cop, and taking him out to dinner to thank him because he says he scared away some burglars.

Antimalware Doctor Removal

Not only does the software pretend to scan and find things, but it is horribly annoying, popping up fake warnings every time you do anything that it thinks might be steps to remove it. Every time I opened the Control Panel, for example, something similar to the image above would appear. Each time, I just used the ALT + F4 key combination to make it go away.

Antimalware Doctor Removal

Programs like this rely on you being stuck with them, so they often do whatever it takes to get installed on your computer and stay there. Usually, you’re enticed into downloading some seemingly harmless software and Antimalware Doctor is bundled with it and installs secretly. Because of this, just uninstalling from your Control Panel will not do the trick. You have to be just as diligent in the removal of this rogue software as the jerks who set it loose on your computer were.

To start, you’ll need to find out where the program is running from. I found its location with the following steps:
1. Press the CTRL, ALT, and DELETE keys at the same time. Then View the Task Manager.
2. In the Task Manager, click the Applications tab and find the Antimalware Doctor application.
3. Right-click on the Antimalware Doctor application in the list and click “Go to Porcess”
4. In the process list, right-click on the process (it should be highlighted) and click “Open File Location”

In the folder with it were two additional files, enemies-names.txt and local.ini. enemies-names.txt contained a list of “offending” software and cookie threats and local.ini contained a bunch of program settings.

Most malware will have another background process that watches for anything trying to remove it. Usually, if you remove the malware executable, it will revive the file from another location immediately. To fool this logic, I opened it in Notepad++ and simply changed the binary contents so that the executable name and location would remain in tact while breaking the program. To do this, I simply added a bunch of random characters a couple lines into the file. In our case, the file was db70virstup.exe. I was not able to save the file until I closed the running process, so I closed it and then saved the file quickly.

Antimalware Doctor Removal

The program also sets up some registry keys. You can really mess up your computer if you change the wrong stuff in your registry, but if you’re careful and know what you’re editing, you should be OK. To view and edit registry keys, go to the Start menu and type “regedit” in the search field and hit ENTER. Once in the registry editor, head to HKEY_CURRENT_USER -> Software -> Antimalware Doctor Inc -> Antimalware Doctor. There, you can see all the registry keys it added, but you really want to just delete the whole HKEY_CURRENT_USER -> Software -> Antimalware Doctor Inc tree.

After removing the registry keys, just delete the folder that the files were found in and you should be all set.

Additional Information

The steps taken above worked for me, but they may not completely remove the software from your computer. Other guides like the one from wiki-security.com have different methods of detection and removal and sometimes even list additional files and/or registry keys to remove.

I don’t remove software threats for a living, nor do I edit my registry often. Any steps listed above are taken at you own risk.

If I missed something or you have questions, just use the comment form below and I’ll be sure to respond.

OMG! Ashley Marc James is a Virus!!!

Oh yes… It happens all the time. You’re on your IM, MySpace, FaceBook, etc., when one of your friends sends you a message in a panic. The warning is of impending doom for your hard drive if you don’t act now.

If someone by the name of Ashley Marc James wants to add you to their list dont accept it. Its a virus. Tell everyone on your list because if somebody on your list adds them you will get it too. It is a hard drive killer and a very horrible virus. Please pass this on to everyone on your list. We need to find out who is using this account. Right click on the group name of your friends’ list and click: Send

That’s today’s message. Actually, that’s last December’s message, only it’s on FaceBook this time. It’s going pretty quickly, too. I checked my email to find two messages from friends on FB and by time I logged in to read them, a third had come through.

How does this happen?
This type of thing is only really a threat when people panic and forward it on. It begins as a message one person posts and a bunch of people believe. Each time it is forwarded, 10 or more people believe it and it spirals out of control. The people sending the warning blindly on to all of their unsuspecting friends become the virus, themselves. Maybe the Matrix was onto something.

What can you do?
Nothing. Well, nothing is a start. By not forwarding the warning, you’ve already decreased its impact on the internet. Go a step further. Reply and let them know it’s a hoax. Feel free to point to this article. I certainly wouldn’t mind all that buzz coming my way.

By the way, I wrote this to educate, not offend. If you’ve sent the warning to someone and feel offended, please don’t. Just consider it a reminder to not take everything on the web at face value.

Reblog this post [with Zemanta]