First, I mention that i have already found this site's instruction as to how I can get rid of Disk Doctor, so no need to redirect me there just yet. (http://www.bleepingcomputer.com/virus-removal/remove-disk-doctor
The story so far: I first started browsing the internet for malware removal tools to get rid of Vista Internet Security 2012. First I tried SpyHunter 4, which found the virus alright, but wouldn't remove it unless I purchased the full version. I decided to give freeware another chance and after more browsing I finally found Malwarebytes Anti-Malware, which seemed competent enough, and I downloaded it and set it running. During MBAM scan I continued browsing on my other computer and found bleepingcomputer.com. After reading your instructions for removing Internet Security 2012 (http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012
), I paused the MBAM scan on my infected computer, downloaded FixNCR.reg and rkill, ran both files (nothing special came up) and continued the MBAM scan.
MBAM scan found 17 files which I deleted and Internet Security 2012 was no more (hope so). At least, running SpyHunter 4's scan again didn't show Internet Security anymore.
And now we get to this Disk Doctor. The first time I ran SpyHunter 4, it found this Disk Doctor. After deleting Internet Security and completing all the steps in the guide (which were essentially the same as here: http://www.bleepingcomputer.com/virus-removal/remove-disk-doctor
), SpyHunter's second run still found Disk Doctor on my computer.
Now there are a few questions:
1) Why doesn't MBAM scan find and remove this Dick Doctor? Should i just take another try at (http://www.bleepingcomputer.com/virus-removal/remove-disk-doctor
) and carefully follow the guide?
2) I have had none of the annoying messages Disk Doctor should be posting me. Internet Security gave me plenty of those, but Disk Doctor would've remained hidden, had SpyHunter not found it. Could it work to just manually delete the Disk Doctor.Ink - file from the directory? Can I be sure that no files associated with this program are left behind?
3) Is it possible that my virus removal process was incomplete, since I had actually downloaded MBAM and set it scanning (and then paused it) before running FixNCR.reg and rkill? In that case can I even be sure that Internet Security has left for good?
4) I also did all this on a normally started Windows, I wasn't working in a safe mode. Should I have?
My infected computer has Windows Vista Home Premium, Version 6.0 (Build 6002: Service Pack 2), on it.
Thanks a million times in advance!