Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Boulful Sallad goodiesguy's Avatar
    Join Date
    Mar 2010
    Location
    Dunedin
    Posts
    2,856

    Default friends pc has "antimalware doctor" virus

    ok. im in teamviewer looking at his desktop. he has a dell dimension 2400 with xp service pack 1.

    i have run rkill.exe to kill the process. i ran avast also. then today its come back

    any ideas? i ran a malware bytes scan. i'll post the rkill log:This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.
    Ran as Owner on 04/06/2010 at 14:34:58.


    Processes terminated by Rkill or while it was running:


    C:\Documents and Settings\Owner\Application Data\62C0CA9E13364ED83D038C28C519D824\gotnewupdate 005001.exe
    C:\Documents and Settings\Owner\My Documents\Downloads\rkill.com


    Rkill completed on 04/06/2010 at 14:35:06.


    anyways. with teamviewer, does it use their internet connection when im browsing on theirs thru teamviewer?
    PC: Intel® Core™ i5-650 3.20 GHz | Intel® Desktop Board DQ57TM | 8GB DDR3 RAM | Radeon HD 4870 | Windows 10 Pro 64-Bit

  2. #2
    Boulful Sallad goodiesguy's Avatar
    Join Date
    Mar 2010
    Location
    Dunedin
    Posts
    2,856

    Default Re: friends pc has "antimalware doctor" virus

    here's a hijack this log:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:53:28 p.m., on 4/06/2010
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\TeamViewer\Version5\TeamViewer.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = 346a high street dunedin
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [gotnewupdate005001.exe] C:\Documents and Settings\Owner\Application Data\62C0CA9E13364ED83D038C28C519D824\gotnewupdate 005001.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
    O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    --
    End of file - 3445 bytes
    PC: Intel® Core™ i5-650 3.20 GHz | Intel® Desktop Board DQ57TM | 8GB DDR3 RAM | Radeon HD 4870 | Windows 10 Pro 64-Bit

  3. #3
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: friends pc has "antimalware doctor" virus

    Disable system restore, tick these then tick fix checked

    Or use ccleaner and delete the entries in startup, and run it so it removes temp files

    Then update windows

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [gotnewupdate005001.exe] C:\Documents and Settings\Owner\Application Data\62C0CA9E13364ED83D038C28C519D824\gotnewupdate 005001.exe. <- If this file is there after you reboot, go to this folder, and delete this file

    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing).

    Uninstall spybot then reboot, then update malwarebytes, then do a full scan. You have to be on the net to use teamviewer (I think)
    Last edited by Speedy Gonzales; 04-06-2010 at 03:17 PM.

  4. #4
    Computer Technician wainuitech's Avatar
    Join Date
    Aug 2007
    Location
    Wellington
    Posts
    28,370

    Default Re: friends pc has "antimalware doctor" virus

    rkill.exe will temp kill the process, but running malwarebytes and avast is no where near enough. (avast is hopeless anyway, it misses to much)

    You need to run several others as well,all available from my sig,in full scan modes, expect to take at least 4-5 hours of scanning to clean it correctly.

    BUT even that may not be enough - some times you have to manually remove infections or even run programs that "really get in deep" the problem is if they screw the system, and sometimes they do, you have to know how to undo what you have done.

    Sometimes when the infections are removed the system is unbootable.

    It also pays to clone the drive before doing any of the fixes, as if its really badly infected you may make the system totally unbootable.

    Not a job for remote fixing.

  5. #5
    Boulful Sallad goodiesguy's Avatar
    Join Date
    Mar 2010
    Location
    Dunedin
    Posts
    2,856

    Default Re: friends pc has "antimalware doctor" virus

    i hace spybot on it. speedy told be to get rid of it though. but i find spybot does a good job for the harder viruses.

    explain how avast is hopless? what do you reccomend ( i use avast)
    PC: Intel® Core™ i5-650 3.20 GHz | Intel® Desktop Board DQ57TM | 8GB DDR3 RAM | Radeon HD 4870 | Windows 10 Pro 64-Bit

  6. #6
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: friends pc has "antimalware doctor" virus

    Spybot isnt a virus scanner and never will be. And its not good for everything. There are better programs around now

  7. #7
    Computer Technician wainuitech's Avatar
    Join Date
    Aug 2007
    Location
    Wellington
    Posts
    28,370

    Default Re: friends pc has "antimalware doctor" virus

    Example of a clean out, that took most of the day on a customers PC, that had avast, yet the PC was obviously infected.

    Uninstalled Avast.

    Run the following programs one after the other, fully updated, each scan took approx 1 3/4 - 2 Hours (apart from TR, that took about 5 minutes)

    Results from the program along with the number of malware after the name, then a Virus Scan with Nod32. (all with system restore turned off)

    Removed known malware infections

    Trojan Remover -- 18
    then
    Malware Bytes --- 45
    then
    Spybot S&D ---79
    then
    Super Antispyware - 9
    then
    Combofix --- 3


    Then a Scan with Nod32 antivirus -----14

    Avast said the PC was clean -- HA!

    Running another program now - Still scanning est time left 2.5 hours so far at 1/4 way through --- clean

    Edited: still have to fix the damaged system files as some are obviously damaged, as well as update the PC from XP SP2 >> SP3 and run other program updates.

    In this case reinstalling is not an option -- as some of the programs, while legit, can not be reinstalled as the CD's are lost and the programs are used a lot so the person said.
    Last edited by wainuitech; 04-06-2010 at 03:55 PM.

  8. #8
    Boulful Sallad goodiesguy's Avatar
    Join Date
    Mar 2010
    Location
    Dunedin
    Posts
    2,856

    Default Re: friends pc has "antimalware doctor" virus

    hey speedy. i figured out the issue with my pc.

    well changing my second smaller 256 stick of ram didnt work. i was at the stage where it woulnt boot.

    just before i decided to take out my bigger 512mb stick and replaced it with another 256. wolla, it boots fine and works better than ever. im on it now. my 17 inch main monitor seems so big compared the the laptops 12".

    anyways my 511mb stick was knackerd. i found damage on the circut on it. i can take a picture if you like
    PC: Intel® Core™ i5-650 3.20 GHz | Intel® Desktop Board DQ57TM | 8GB DDR3 RAM | Radeon HD 4870 | Windows 10 Pro 64-Bit

  9. #9
    Boulful Sallad goodiesguy's Avatar
    Join Date
    Mar 2010
    Location
    Dunedin
    Posts
    2,856

    Default Re: friends pc has "antimalware doctor" virus

    thanks for the info wanuitech
    PC: Intel® Core™ i5-650 3.20 GHz | Intel® Desktop Board DQ57TM | 8GB DDR3 RAM | Radeon HD 4870 | Windows 10 Pro 64-Bit

  10. #10
    Computer Technician wainuitech's Avatar
    Join Date
    Aug 2007
    Location
    Wellington
    Posts
    28,370

    Default Re: friends pc has "antimalware doctor" virus

    Quote Originally Posted by goodiesguy View Post
    thanks for the info wanuitech
    Not a problem-- this is where you can tell the "Cowboys" in this business, some say you can clean out a badly infected PC in 30 minutes.

    While some times that's true ( very rare), to tell a customer its only going to take that long without even seeing the problem is a ---- -- ---- Well you guess the words

Similar Threads

  1. Replies: 7
    Last Post: 08-12-2009, 10:14 AM
  2. Replies: 19
    Last Post: 12-02-2008, 06:04 PM
  3. Replies: 5
    Last Post: 09-01-2008, 06:19 AM
  4. Replies: 10
    Last Post: 07-12-2006, 09:17 PM
  5. Replies: 2
    Last Post: 03-06-2005, 09:44 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •