Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Saturday, February 20, 2010

How to remove Antimalware Doctor fake antivirus program? (Uninstall guide)

Tell your friends:
Antimalware Doctor is a fake (rogue) anti-virus program. It reports false system security threats and displays fake warnings to scare you into thinking that your computer is infected with malware when it's perfectly clean except the AntimalwareDoctor infection of course. If you are reading this then your computer is probably infected with this rogue program. Well, actually it's a trojan virus that pretends to be legitimate anti-malware software. Such fake programs usually come from fake online scanner and misleading video/warez websites. Most likely Antimalware Doctor is also distributed on Facebook and similar sites so be very careful. Don't open any links from people you don't know. However, the good news is that this virus can be removed for free with reputable and legitimate malware removal tools. Please read removal instructions below.



When active, AntimalwareDoctor imitates a system scan and reports numerous infections or threats on your computer and then states that you have to buy the program in order to remove the infections. The scan results are false. This bogus program simply displays fake premeditated infections from enemies-names.txt file. As a typical rogue program, it displays fake warnings claiming that your computer is subjected to hacker attack or that Antimalware Doctor has detected that somebody is trying to block your computer remotely via {Trojan Worm BX12.434.CardStoler}.



Warning! Removed attack detected!
Antimalware Doctor has detected that somebody is trying to block your computer remotely via {Trojan Worm BX12.434.CardStoler}.
Transfer for Your private data via internet will start in: 7
We strongly recommend you to block attack immediately.





Just like the false scan results, these fake security alerts should be ignored. Most importantly, don't purchase it! If you already bought this fake software then contact your credit card company/bank and dispute the charges. Then, get rid of this pesky virus using removal guide below. Good luck!


Antimalware Doctor removal instructions:

1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.

2. Search for such entry in the scan results:
O4 - HKCU\..\Run: [agibck70dl.exe] C:\Documents and Settings\Michael\Application Data\EE3451E8AABFD85FBB47563C26078638\agibck70dl.exe
O4 - Startup: Antimalware Doctor.lnk = C:\Documents and Settings\Michael\Application Data\EE3451E8AABFD85FBB47563C26078638\agibck70dl.exe
Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.



OR you can download Process Explorer and end Antimalware Doctor process:
  • agibck70dl.exe, but in your case can be any [SET OF RANDOM CHARACTERS].exe
3. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe, explorer.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Alternate Antimalware Doctor removal instructions:

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe, explorer.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Associated Antimalware Doctor files and registry values:



Files and folders:
  • C:\Documents and Settings\Michael\Application Data\EE3451E8AABFD85FBB47563C26078638\
  • C:\Documents and Settings\Michael\Application Data\EE3451E8AABFD85FBB47563C26078638\agibck70dl.exe
  • C:\Documents and Settings\Michael\Application Data\EE3451E8AABFD85FBB47563C26078638\\enemies-names.txt
  • C:\Documents and Settings\Michael\Application Data\EE3451E8AABFD85FBB47563C26078638\local.txt
Registry keys and values:
  • HKEY_CURRENT_USER\Software\Antimalware Doctor Inc\Antimalware Doctor
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "agibck70dl.exe"
Share this information with other people:

19 comments:

Anonymous said...

Method 1 worked for my computer. Thanks for the help!

Anonymous said...

~I can't find the system 32 files :/
and antimalware doctor repairs itself when i reboot. so pretty fckd up :s
i would kill the nolifers who build this stupid stuff

Anonymous said...

what if youre internet doesnt work?

Anonymous said...

Doesn't seem to work. I installed the anti-malware, ran the quickscan, it tried to remove the files, but asked for a reboot so as you instructed, I accepted the reboot, but upon reboot, nothing proceeded, the antimalware doctor still exists... same problem. Help!

Anonymous said...

I could not get anything to work as well.
I booted up the system, then hit ctrl-Alt_Del, to get the task manager to boot up right away. Then I was able to stop some process and was abel to reg edit some of the bad reg entry listed above.
also the icons in my tray went away.
Killed a process called tnirstvtssd.exe and the program stoped. Look at processes that are using large amounts of mem when running.

Anonymous said...

What if when you go to boot in Safe mode, your drivers lock up while loading on this file: windows\system32\drivers\crcdisk.sys??? I'm only able to do anything, including internet access on a user profile w/o admin. rights. The profile that does have it, is an admin user profile and while scrolling through the regedit I don't see the file to wipe the program.

Anonymous said...

THANKS MATE. THERE ARE GOOD GUYS OUT THEIR HELPING US!

Anonymous said...

thanks a lot it worked for me very well

Zohreh

Anonymous said...

It won't allow me to download anytthing

Anonymous said...

I know. I've tried everything and the main problem is that everytime I log in as normal mode, it gives me a time limit of 1 minute and it shuts the whole PC down, so how am I meant to even try to scan the computer????!!!!!!!!!!
Someone please help!

Anonymous said...

worked fine for me, I downloaded iexplore.exe ona seperate machine and copied it to infected computer. started in safe mode with networking and than iexplore, then malwarebytes. after scan restarted, and it was gone , some shortcuts were left but when I clicked it could not go to target as were removed by windows. BTW i am using win 7...thanks for the help

Anonymous said...

There are some other options: http://www.bleepingcomputer.com/virus-removal/remove-antimalware-doctor

rkill shuts it down so you can operate without it stopping you opening programs etc.

Anonymous said...

it wont let me download anything.

2.Download one of the following legitimate anti-malware applications

Anonymous said...

If your internet does not work it has been disabled by the malware. Open Internet Explorer. In the menu bar at the top click on Tools > Internet Options. In the Internet Options window click on the Connections tab > LAN settings button. Place a check mark in the box to Auto Detect settings. Remove the check mark to Use Proxy. Save the changes by clicking ok and exiting out. Your internet should be restored now.

Anonymous said...

what type of loser had enough time to make this program any way???

Anonymous said...

thanks a lot man, it really helped!

Anonymous said...

Just reading the Oct 21 post and although no one is probably reading these I completely agree with that person!! Some loser has way too much time on their hands. I just had that crazy antimalware virus this morning. My kids probably pressed a key they should not have. It is really not fair - us hard working folks should not have to spend our time our computers. I'd really like to choke whoever spends their time making these virus's!!! YES I'm Angry!!!!!

Anonymous said...

I'm going to hunt those bastards down and shove my destroyed hard drive up their asses and blow their brains out. And it will be a glorious day.

Anonymous said...

I ALSO HAD THIS MALWIRE BUG, I FOLLOWED YAHOO ADVICE AND UPLOADED ANTI MALWIRE WHICH CLEANED UP 11 INFECTIONS FROM MY LAPTOP BUT NOW IT HAS RENAMED MY FILES PROGRAMS SO I CAN NOT EVEN DOWNLOAD A PDF FILE AND READ IT, PLEASE HELP,
HOWEVER I HAVE DELETED THE STUPID SOFTWARE ANTI MALWIRE FROM MY LAPTOP BY UN INSTALLING IT FROM MY MAIN PROGRAMS, FROM START MENU THEN CLICK UN INSTALL, IT WORKED FOR ME BUT MY PC IS SILL UNABLE TO READ A PDF FILE.