Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with self-help guide: Antimalware Doctor


  • Please log in to reply
2 replies to this topic

#1 DaVaughn

DaVaughn

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 24 March 2010 - 02:13 AM

Recently have been dealing with the "Antimalware Doctor" and recently found this site to help out with it.

The self-help guide, http://www.bleepingcomputer.com/virus-remo...imalware-doctor, seems to work well but I haven't been able to get beyond the 9th step involving getting Malwarebytes' to work. I've used the program before when it worked fine, but even after using rkill to allow me access, it still doesn't let Malwarebytes' work.

In particular, I'll get the "Perform quick scan"/"Perform Full Scan" screen to pop up a split second, then it's gone and then windows cannot find it.

What did I do wrong, if anything? What should I do with my computer to get it to work? If this makes a lot of difference, btw, I do use Mozilla Firefox and not Internet Explorer... I lost IE to something else a while back >_<

Edit: Recently checked around more thoroughly here and tried to DL Spybot and Ad-ware... but neither of them will download. Spybot cannot get a connection with the server, and Ad-ware locks up mid-download. I've got Windows XP. I've gone around and tried to Download other trustworthy Anti-spyware software programs, but none of the free services work (and I don't have the money to purchase any).

So, with the problem hopefully a bit more clear, how can I get rid of the issues making it so that I can't get rid of "Antimalware Doctor"?

Edited by DaVaughn, 24 March 2010 - 11:18 AM.


BC AdBot (Login to Remove)

 


#2 Nick the Engineer

Nick the Engineer

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 24 July 2010 - 02:20 PM

Hi - not sure if this is going to be much help, but I too had an attack of AntiMalware Doctor and fixed it, maybe slightly luckily, broadly following the instructions - read on to see how.

This was on an old Vaio laptop running XP that I share with my wife, so there are two user accounts one for me (with Admin privileges) one for her (limited use). The lucky bit (maybe) is that it was my wife who caught the virus, so possibly the limited account privileges stopped it getting too far into the system.

To echo DaVaughn's comment, it was tough to deal with from my wife's login - the screen was just too busy with all the spew AntiMalware was throwing up to do anything. So I "switched user" to my login, and was able to run rkill, and then MBAM from there. This found most of the crap. I've had this kind of thing before, I'm sorry to say, and I found it best to run a couple of virus killers while I'm at it, and them multiple times. So I ran SuperAntiSpyware, then MBAM again, then SAS again, and got back to a stable system.

Having said that - everything was ok from my login, but from my wife's still not quite there. First, the AntiMalware thing had left a proxy configuration in my wife's IE configuration - everything HTTP was being redirected through 127.0.0.1 - presumably AntiMalware setup it's own proxy there to stop you going off to any other site. After MBAM had done its stuff, this proxy server was no longer there, so everything HTTP based was failing. This was confusing at first, since ping worked fine, but nothing would browse. Yet it would browse fine from my own login. In the end, I had to enable Admin privileges on my wife's account so that this account could use the Network Diagnostics feature of XP - which then showed up the problem.

So possible help here - DaVaughn - if you can get to your IE proxy config (on IE8 it's Tools->InternetOptions->Connections->LAN Settings and uncheck the "Use a proxy server for you LAN" box) you might find it easier to get through to the other spyware eradication download sites.

The other kinda strange thing, which is still there, is that when logging in to my wife's account, there's a nearly immediate popup from RUNDLL which complains that it can't find a particular DLL - C:\...\redmshk.dll. Again, presumably this was something that AntiMalware put in place that MBAM removed, but MBAM hasn't removed the thing that's trying to load it. I've googled around for redmshk.dll and got no hits at all - nearly a first for me. At this stage this is an irritant more than an infection since I seem to be able to cancel out of the RUNDLL warning popup with no adverse consequences. I'm hoping/presuming that MBAM will update its database soon to take account of this little bit of debris, but if anyone has any help here, I'd gratefully accept it.

Anyway, hope this helps.

Best

N.

Edited by Nick the Engineer, 24 July 2010 - 02:24 PM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,082 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:00 PM

Posted 25 July 2010 - 12:47 PM

If you're having problems running RKill, you can download renamed copies, and try them instead.iExplore.exe
eXplorer.exe
uSeRiNiT.exe
WiNlOgOn.exe
If one of them does not work, then try downloading and running another copy.

-- You may have to make repeated attempts to use Rkill several times before it will run as some malware variants try to block it.

-- If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.

If you cannot use the Internet or download any required programs to the infected machine, try downloading them from another computer (family member, friend, library, etc) with an Internet connection. Save to a flash (usb, pen, thumb, jump) drive or CD, transfer to the infected machine, then install and run the program(s). If you cannot copy files to your usb drive, make sure it is not "Write Protected".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users