Antimalware Doctor is a rogue antispyware program that distributed and installed throught trojans. The rogue detects false infections and displays numerous fake security warnings in order to scare you into thinking that your computer is infected with a lot of malware. It hopes that you will then purchase a full version of Antimalware Doctor.
When the trojan that installs Antimalware Doctor is started, it will download, then install the rogue on to your computer. During installation, the fake antispyware application will be registered in the Windows registry to run automatically when Windows loads. Immediately after launch, Antimalware Doctor will start to scan your computer and reports a lot of various infections that will not be fixed unless you first purchase the software. Important to know, all of these infections are a fake and do not actually exist on your computer.
What is more, Antimalware Doctor constantly displays various security alerts. However, all of these alerts ara fake and like the false scan results supposed to scare you into thinking that your computer is infected. So you can safely ignore all that the parasitic program gives you.
As you can see, Antimalware Doctor is a scam that created with one purpose to trick you into purchasing so-called “full” version of the program. If you find that your computer is infected with this malware, then be quick and take effort to remove it immediately. Use the removal guide below to remove Antimalware Doctor from your computer for free.
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [Antimalware Doctor.exe] C:\Windows\System32\Antimalware Doctor.exe
Use the following instructions to remove Antimalware Doctor (Uninstall instructions)
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Antimalware Doctor infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Antimalware Doctor. MalwareBytes Anti-malware will now remove all of associated Antimalware Doctor files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Antimalware Doctor creates the following files and folders
C:\Windows\System32\enemies-names.txt
C:\Windows\System32\Antimalware Doctor.exe
Antimalware Doctor creates the following registry keys and values
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc\Antimalware Doctor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Antimalware Doctor.exe
Eric, what shows your browser when you trying open any site ?
Hi Patrick
I have malwarebytes anti malware on my computer from a previos virus which happened a month ago. So now the pc is infected with antimalware doctor where pop ups keeps coming up. I can’t connect to the internet either as I’m using my laptop instead and I unchecked the proxy setting but still no connection not even on safe mode with nerworking. I run antimalware it says it got rid of it but because I haven’t updated for a long time maybe that’s why.. But I need to connect to the net to update it.
I would highly appreciate it if you cansolve this problem. Thank you
Preet, download Malwarebytes updates from here and move this file to your infected PC. Then install it. Run Malwarebytes and perform a scan.
Ok thanks I’ll try it now
Hi Patrik,
Thanks for that..it looks like it has deleted it as no pop ups for it have come up. Does that mean it has completely gone out of the system?
When I do a registry editor and go on HKEY_current_user, software, microsoft, windows, current version,uninstall…antimalware is still there so im not completely sure if it has gone although I have deleted it several times but when I reboot the computer it is there.
Also there is still no internet connection.
Your help is highly appreciated. Thank you
preet, what is your version of Windows ?
Hi, it’s windows xp
Preet,
try ping any site, google for example.
Click Start, Run.
Type cmd and press Enter.
It will open a command console window, type into it:
ping google.com
Press Enter.
What is result ?
Hi, I typed it in and pressed enter.. It says ‘ping request could not find host google.com. Please check the name and try again.
Preet, try ping 74.125.232.18
Hi please can someone help me i just got the virus and it wont go away who can help me with it??!!!!!!!
Hi,
Should I uninstall malwarebytes when I’m done removing antimalware doctor? My full scan lasted only 27 minutes. Is that even normal?
Thanks
Hi patrik, it says destination host unreachable… What shall I do next? Thanks
yeah mate i got the virus and it will not let me open any thing i wanna get rid of it?
Alvin, if the instructions above does not help you, then ask for help in our Spyware removal forum.
Sarah, if Malwarebytes detects nothing during a scan, then, of course, you can remove it.
Preet, how to you are connected to the Internet ? WiFi ? Cabel/DSL modem ?
mitch, you have tried to run Malwarebytes in Safe mode ?
Patrik, the main pc which can’t connect to the net is a wireless router ( dsl)
P.s patrik, it says ip address not recognized.. I think the virus changed it or something as every other device like my laptop and iPod can connect to the same internet wirelessly without any problem … It’s just as soon as the pc was infected it could not connect to the net.
I have a problem similar to the one Adrienne had, but with a few other twists. I am not able to access any browser – when I try it says that there is a problem and the only place it will take me is to the site to purchase the software. I tried booting in safe mode and I can, but I cannot access most programs on my computer – it keeps telling me that my there is a program trying to send my crdit card info to a malicious site. I cannot open the ad remove programs, but I can get to the control panel – I also do not have a working cd drive so I can’t download a program to another computer write it and then run it on the one that is hijacked. I have seen that you have said to download the program to the ddesk top, but that is also not possible.
Is there a way to go in through DOS and possibly disable to program to be able to get on the internet and then download the programs?
I have read through everything on here, and don’t see that anyone has had the same problem. Please help.
I can’t start my computer, even in safe mode, to allow me to download the software. Coming up with WINDOWS\SYSTEM32 string of messages and then to blue screen fatal system error.
Tried restoring to last working set up but no joy…
HELP!
Preet, download WinSock XP Fix to another PC, then move it to your computer. Run it, click Fix button.
Carole, reboot your PC in Safe mode.
Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.
Download MalwareBytes, run it and perform a scan.
Hannah, Normal mode is ok?
Patrik, I downloaded winsock xp fix already and clicked on fix but still doesn’t work.
Click Start -> Run.
Type notepad and press Enter.
Copy all the text below into Notepad.
cmd /c (ipconfig /all&nslookup google.com&ping -n 2 google.com&route print) >log.txtSave this as cc.bat to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click cc.bat and wait for the dos window to close and log.txt will appear on the desktop.
Move log.txt to another PC using CD disk or flash drive. Open a new topic in our Spyware removal forum and post the contents of it into your topic.
Hi, I did all of the above and yes the dos window closed and a log.txt file appeared on the desktop. However when I clicked it there was no contents…it was just blank. Don’t know what to do next, help! thanks
preet, i have made a mistake. Please use the following script:
(ipconfig /all&nslookup google.com&ping -n 2 google.com&route print) >log.txtNever mind, I give up… I’m just getting it done from a professional technician – it’s just been too long and nothing seems to be happening. This malware is so deadly it stays in the system even if you think it is deleted.
But thanks for your suggestions anyway, much appreciated.