Jump to content

malware doctor keeps coming back on restart..


Recommended Posts

i've run mbam three times/ removed infected files.. but everytime i restart, the "malware doctor" virus comes back! B)

if anyone could walk me through a fix for this, i'd really appreciate it.

i have saved my mbam, DDS, and GMER scan logs - let me know if you would like me to attach them

Thanks in advance!

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4159

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

5/31/2010 5:20:51 PM

mbam-log-2010-05-31 (17-20-51).txt

Scan type: Quick scan

Objects scanned: 132082

Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

THANKS for responding :)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS.txt

Attach.txt

GMER_1.zip

Link to post
Share on other sites

Hi please boot into Safe Mode.

If you do not know how to do this then click here > http://www.computerhope.com/issues/chsafe.htm

Once in safe mode please go to start then start search.

Paste in this %appdata% then hit enter on the keyboard.

It will open a folder list, look for this folder > E7CA7D05752EDB7A54AF6A1B0D1D2DE6 right click on it to delete it.

After that reboot into Windows in normal mode and do the following.

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

interestingly enough, my internet explorer now does not load any pages. so i don't know if the ESET scanner will be possible. i tried downloading the program as it suggests for people with other browsers, but that did not install correctly. is there an alternative?

also - after rebooting, luckily there was no popup from antimalware doctor. however after running mbam, the same 2 infected files came up - (and i had it remove them, again). so i guess it's not completely gone, it just doesn't give me popups at startup anymore

thanks for your help

Link to post
Share on other sites

Please open up Internet Explorer.

Go to Tool's > Internet Options > Connections > Lan Settings.

Uncheck bypass a proxy for local addresses and uncheck use a proxy server for your lan.

Then click on ok at the bottom.

Close out of internet explorer then reopen it and try the scanner one more.

IF it does not work let me know and I will give directions for something else.

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.