Skip to main content

[How to] Remove Anti Malware Doctor

By
Recently I have had a laptop to clear up that had been infected with “Anti-malware Doctor“.  Normally I would just recommend rebuilding the machine i.e formatting the drive and reinstalling windows, the problem with this approach was the user had several photos/documents & files that they had not backed up and would not like to lose them.
 

The Problem

This software completely takes over the machine, there was nothing that could be done under the user account, the CPU was constantly pegging at 100% usage and it would not allow any executables to run.
Below are the steps that I took to clean the machine.
At first I logged into another user account, and on a CD I had this little utility, rkill.com which identifies and kills running processes.  After a good while where it could run it managed to kill the following:
C:\windows\system32
egedit.exe
C:\windows\system32
undll32.exe
C:\windows\Temp\_ex_08.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
After these had been killed it allowed the PC to run as normal.

Cleanup

I then quickly installed  Malware Bytes – Anti Malware software, and I updated the software with all the latest files and then immediately ran a Quick Scan.
Once this has completed it had found well over 80 items installed that should not of been there.  It cleaned these off then recommended a reboot, after the reboot had completed I then ran a full scan of the system, this again found around a dozen other items that were removed.
After the software had cleaned all the malware off the system, I decided to clean out the temp directory, before you do this ensure that you have the setting enabled to Show Hidden Files and Folders.
To do this open My Computer, click on the Tools menu then select Folder options (Windows XP) Click on the view tab then in the advanced settings you will see the option.  Once you have clicked the radio button to show hidden files and folders click ok to leave the options window.
Then delete everything (shift-delete, don’t put it in the recycle bin) from C:\Documents and Settings\Username\Local Settings\TEMP, I say this as there were a lot of dubious looking files in there, for example a lot of files relating to _ex_08.exe mentioned above.
They had purchased and wanted  Kaspersky Anti Virus software installed.  I installed this for them and as soon as it started, it found a ROOT Kit, which it removed, then rebooted and started another full scan, it then found a few more small items, it cleared all of these last items out.
After this as a precaution I rebooted the PC and then completed a full malware and antivirus scan once more, just to ensure that there is nothing left around.  I ensured that the automatic updates were running so when the machine started they will always get the latest updates so they can be protected, I am always a bit shocked when users disable the automatic updates of anti virus software.
The final task was to install the latest windows updates, but I found that I could not connect to any web pages, it was somehow setup to use a proxy server once I un-ticked that box all was well again.
To check the settings goto Tools -> Internet Options -> Connections Tab -> LAN Settings and un-tick the box for Use a proxy server.  This had to do be done for all the users.
After all the Windows updates were installed, everything was well, and the laptop was delivered back to them, with a copy of all their pictures burned to DVD.

Recommendations

I did make some recommendations, that they leave the automatic updates on and to purchase a external drive so they can back up the PC at regular intervals if they do not want to lose any data from the machine.  One option is the Hitachi portable drive I have reviewed recently, you can read that review here
The software and utilities I used can be uploaded upon request.

Comments

Post a Comment

Popular posts from this blog

Dash up Your WordPress Dashboard Interface

By
Do you have a multi-author blog ? Do you want to brand your WordPress dashboard with custom logo and unique interface? Then this post is for you only. In this article I am going to tell you how you can change the avatar of WordPress admin page with new style and add some cool features to it. Let’s start. Fluency WordPress Plugin Here is a WordPress plugin for you called Fluency with which you can customize your WordPress admin page according to your needs without any knowledge of PHP. Some top features of Fluency that I personally like are – Display your own custom logo at the top of the WP Menu once logged in : This is my favorite option, with this plugin you can also add your own logo on top of WordPress admin page. A good option if you’ve a multi author blog. Hot keys for menu/submenu access : Fluency provides you with features of hot keys with which you can easily open menu and submenu. Now, no need to take mouse to every menu, simply use the hot keys f...
1 comment
Read more

The Right Way to Clean Your Keyboard, Tablet and Smartphone

By
W e recently came across the list of the top most dirty objects in an average household, and surprisingly, it’s not the toilet seat. Some of the items that were ranked at the top of that list have definitely made us think twice before making a call or looking up updates on Facebook. The keyboard on which you typed to get to this page, or the touchscreen that you swipe on are some of the most bacteria-rich items in your household, so keeping these squeaky clean should be a top priority. While there are lots of methods and products for cleaning these items, most of us ignore this. How similar do you find this scenario: Your smartphone’s screen is really dirty, so you rub it on your shirt, or a piece of cloth that’s close by, or you remember that it’s been some time since you’ve cleaned your keyboard, so you turn it upside down and give it a few slaps. Most of us use this (or a very similar) technique and think “Now it’s clean!”, but the truth of the matter is that it’s j...
Post a Comment
Read more

Best Tools to Customize Your Smartphone Beyond Cases and Covers

By
E xpressing one’s personality through the mobile device they’re using is becoming more of a trend these days. Getting the newest model, choosing the color that matches our way of being, buying a case to go with that and many other ways or customizing the exterior of a smartphone are pretty common among cellphone users. But simply changing the way it looks on the outside is often not enough, so why not customize it inside-out ? You probably know that you can change the ringtone, download or transfer a song you like to set it as a ringtone, change the wallpaper, make the phone ring in a different way for each person calling you and so on and so forth. Apart from doing this manually, there are also quite a few apps out there that can make it even easier for you to turn your smartphone into your baby. Background Pictures When it comes to the wallpaper that shows up the first time you unlock your phone, there are many ways to personalize it. You can simply browse throu...
6 comments
Read more