Remove Antimalware Doctor

Boot into safe mode with networking. Antimalware should no longer be running. Then ensure Spyware Doctor with Antivirus is up to date. Run a FULL scan. Some people just run the short scan and this is a mistake. Then because you arleady registered the client I would just hit the remove button. If asked to re-boot go ahead and reboot but go back in to Safe mode with networking and download Malwarebytes. Run a full scan with that client as well. It has a free version and it’s worth running the second scan. I need to stress however that the free Malwarebytes client does not offer active protection against threats. However double checking to ensure everything is gone with a secondary client is never a bad idea.

Please go back and read a few of the newer comments. I think this was covered.

What in the guide have you tried? did you locate any of the trace files using the paths we showed?

Are you able to boot into safe mode with networking?

Did you use the proxy removal instructions to fix the internet access?

What is your operating system?

Yes

The file will constantly mutate and change to avoid detection. That is the file you need to kill and delete.

The Task Manager is NOT going to show any of the file traces running while you are in safe mode. That is because they are NOT running when a user is in Safe mode. That is the whole point of going into safe mode in the first place.

Just manually browse to the folder paths shown in the guide and delete the file traces while in same mode. Then you should be able to boot normal and download the updates for the security client.

If you can not connect to the internet in normal mode you will need to remove the proxy settings in your browser.

Hi,

I got this nasty malware on my laptop. I tried to delete it manually, didn’t work so I shut down the computer. When I tried turning it on again, windows would just not start. I’ve tried, safemode, etc. but nothing works, anything related to windows just doesn’t start. I don’t have the windows CD or the startup disks but I have another computer from where I can download any software.

Please help

Thanks!

Run the scan with Spyware Doctor with Antivirus and or Malwarebytes just to be safe. The thing about keyloggers is they are very easy for security clients to pick up. Even the security clients we do not recommend pick them up. If they do not find any keyloggers ( They will let you know if you did ) then consider your self safe.

However if a keylogger is found ( YIKESSSSS ) then a free client version of security software should be able to remove it because they are easy to detect. After that I would purchase a paid client for better protection, make a call to the credit card companies and get a new card, change all my passwords EVERYWERE including the bank, e-mail, social networking sites ect.

You may find our Great articles and Advice section useful. http://www.removevirus.org/virus-prevention.html We have put together a few articles that I think should interest you.

Try a different keyboard. If it is a wireless one or PS2 keyboard I recommend using a USB one.

The file was listed as “releaseversion70700.exe in my Task Manager so look for that too.

Thanks will add it to the list.

I was worried about deleting the wrong files and messing up my computer so i waited for your response before doing so and now the releasesetup70700 has disappeared!! what does this mean?? i was able to get rid of the others!! now what??

I was trying to download spware doctor last night but bad internet connection prevented me and it was 2am!! i’ll try again!!

Yep a use just commented on this as well. Big thanks for the registry key update as well.

I found it in “unitset70700bin.exe”
I delete the “enemies-name txt,” and the “Antimalware Doctor.exe.”

I have deleted the registry keys twice; but, I couldn’t locate the “run’ registry.
It kept popping up everytime I thought it was gone.
I have run spybot scans, Malwarebytes and Semantic antivirus scans. They all indicated that the computer was clean.

I downloaded the Spyware doctor program to a jumpdrive and I am running the scan now. Hpe this works. I have spent all day trying to knock this out.

While this option can and sometimes does work it will not often times fix the problem and can make matters far worse. Many threats infect the system restore and when you try to run it, it will corrupt the OS. We do recommend this option more as a last case scenario.

If you do not have active antivirus software on your computer your just going to get infected again and again. Most free clients out there are simply stripped down versions of a paid security client and they will not actively protect your computer.

We used to always recommend doing system restores going back 4-5 years. However in the last 3 years it just seems to often times do way more harm then good and we no longer recommend people try it until they are out of other options.

Yes it was the proxy settings that was the problem so thanks for the help.

One thing i’m wondering is if it is actually safe to buy anything online now? Is it possible that there is some sort of keylogger left on my system after this attack?

These instructions WORK!!!! Thank you very much ))))

First of all THANK YOU for all the advice on this page, after 24 hours of frustration I’ve finally managed to get rid of this awful virus (as far as I’m aware).

But I now can’t get online at all, not even on msn etc. I have done what’s in the video, but it didn’t help. The boyfriend thinks that the virus/ us trying to get rid of the virus may have messed up the LAN drivers, is this possible/ likely?
Error messages point to the wireless device drivers as the problem but it’s been uninstalled/ reinstalled/ updated lots, so I don’t think that’s the problem. It’s the same in normal mode and safe mode with networks.

We’ve done scans on AVG and malwarebytes (free versions, can’t afford full versions) and nothing shows up.

For anyone else who’s struggling to find the files, one showed up on ours as (lots of random letters)dx.exe in the task manager, and in the registry the files didn’t have quotation marks whereas the legit ones did.

I cannot browse and find the files because as explained above regedit has been ‘disabled by the administrator’ even in safe mode and when I find the enemie-names.txt file in search my computer crashes whenever I try to delete it.

Do you know how else I can find and delete the files? I feels like the virus is blocking any attempt to delete it even in safe mode and I don’t know what else to do.

I cannot change the proxy settings in my browser in normal mode because the virus won’t let my browser window open at all.

Many thanks

Hi I am working to remove the virus as per your guide but it has already cleaned out all my pictures, videos, programs, files and downloads. Is there anyway to recover them? I tried a system restore and the virus has deleted my restore points.

If it’s gone then I can not say why. Perhaps you did the search wrong or looked in the wrong area. Maybe if you res-started your computer the entries were removed because you removed other entries that were related.

Run that scan with Spyware Doctor with Antivirus and Malwarebytes to ensure everything is gone.

I found this virus using the following program name in Task manager:
newsecureapp70700.exe

I found the following registry associated with it (that needed to be deleted):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “newsecureapp70700.exe”

This threat does NOT delete personal data like that. you have something else in addition to this threat.

Yes you can recover that information. I would personally take the harddrive out and mount it on another computer and run a data recovery program to recover the data. Yhea it’s not the easiest. If your data is very important to you then your better off calling in a pro to do the recovery.

If your computer will not boot it’s no longer about just the virus. Your operating system is compromised and with out the Windows Disk or other professional tools you most likely will not be able to resolve it. It’s time to call out an expert or wipe the drive and re-install the operating system.

If you bought a name brand computer then most likely there is a hidden partition on the drive that will let you recover your operating system and restore it to the factory settings. You should contact the maker for directions on how to do this.

I had this virus and have gone through and removed all the offending files, got rid of the registry entries it set up and then I ran a check with AdAware to make sure there was nothing left on my system.

It found a number of infections and said I needed to reboot to remove them all. did that and ever since then my computer won’t open or run any files in Windows (v7) and keeps showing me the blue screen of death. Any ideas or suggestions would be most welcome.

Thanks for the comment and kind words. It’s a very easy virus to remove for those who know how to use special tools like Highjack this. Problem is I can not recommend out the program because it’s way to easy to cause more harm then good. Deleting a few needed items will really make your bad day worse.

Sounds like you got things sorted.

If you are in doubt but already love the security client you are using I would recommend using malwarebytes as a backup client to run the scan with. we still prefer Spyware Doctor over it but if you already have a primary then use the MBAM client as the backup one that is not active.

Thanks for the comments on files and the legit ones having qutation marks. I will have to inverstigate this a little more to see if it’s a way to tell the virus executables in this threat.

No Internet

What is the Operating system and what is the browser that you are using? Are you able to connect wirelessly to the router? Have you tried to hardwire the connection?

If you respond back to the above I will do my best to help you further.

Did you follow the proxy video? Sounds to me like you missed this step as it is effecting Chrome and IE only while other devices can access the internet.

Chrome uses the Same settings as IE for accessing the internet. Follow the proxy video shown in this guide or read the manual guide under the How to Guides section

I have just removed the executable file:
v700binmod.exe

good luck!

Hi,
I have triead all the above suggestion but somehow it does not work for me. first I tried download Spyware Doctor but I just cant open it.seems like it blocked all the applications. my google chrome crashed and I cant open it. I tried to delete it manually but once click ctr + alt + delete, i just my task manager just diasppear. i tried to type regedit and found the four key. but it disappear quickly before i can click delete. nothing seems working for me now.pls help.thanks

Sounds like you missed the step were you scan with Spyware Doctor with Antivirus. AVG while decent offer ZERO up front protection and the free version does not do good enough job of scanning your computer. Run the scan using SDA to ensure you are not infected with anything else. Then simply uninstall the program if you want to continue using AVG. Having both security clients run at the same time is not recommended long term.

I’m using Windows 7 Home edition and I’ve tried internet explorer and google chrome. I’ve also tried to hardwire the connection with an ethernet cable to the router but nothing seems to be working. I even uninstalled the belkin drives and reinstalled them and nothing happened, it just made it worse. before, I was getting limited access, now, nothing. I tried system restore but that didnt help.
Ive also found something called “Rapport” by Trusteer and cant figure out if thats another virus or something legit. Any ideas?

Great walk through on how to get rid of this thing. It worked well for me. But the issue I am running into now that I removed this bug is that I’m getting a random IE pop-ups every few minutes. I’ve run my AVG and found nothing. Is this related to the Antimal Dr?

Hello,

First of all thanks very much for the guide, it is only thing I found that actually removed the antimalware doctor! It has seemed to work ok and scans show no threats present, however now the computer is very slow to start up and when I click to go on the internet i get the Blue screen of death, unless i’m in safe mode when I can then access the internet. I am using Vista and Internet Explorer. The problem semed to start after reboot when Micosoft Security centre started up and said my firewall was no longer enabled and niether were my user account security settings, I then enabled both. any advice would be much appreciated.

i am currently in safe mode and still cant install the programme properly, if thats what im meant to be doing? it still wont let me update and it still wont let me on pctools.com, how is it doing this because im not that good with computers but refuse to pay somebody to come and sort it out? you may have to speak in really basic computer talk for me
cheers james

and sorry i dont know how to reset hosts tool in or side bar? can you please do basic step by step instructions for me?
many thanks
james bourbon

You most likely have a secondary infection that came in along with Antimalware Doctor.

I take it you are using the free version of AVG. It’s not going to help you.

Run a full scan using Spyware Doctor with Antivirus. The scan is free. Yes you have to purchase the client for it to actually remove anything but if you run the scan you will be able to tell what you are infected with and even manually delete the traces yourself like you did with Antimalware Doctor.

Other then that you may be able to reset IE and see if that stops the pop-ups. Your Hosts file may also be infected. We have guides under the How to Guides section of this site that covers both of these things.

The guides I already posted for you have step by step instructions in them. We also list the needed tool for download in the article and in our side bar. These are already broken down STEP BY STEP. There is nothing more basic or simple on the web then the steps we have provided to create a new Hosts file.

As stated you can simply download the re-set hosts file from our side bar.

http://www.removevirus.org/downloads/fix.hosts.msi

Okay, so I used Malwarebytes to scan the computer several times, and now it finally says that there are no more threats. However, Antimalware Doctor is still on my computer, even though I scanned the program and Malwarebytes said it was threat free. Does that mean that Antimalware Doctor is no longer a threat? There aren’t any false warning popups anymore, but I keep getting all these other viruses (esp. trojans).

What does the blue screen message say? This will determine the needed course of action.

What I would honestly do at this point is a system restore. Just type restore in the search box and then select the System Restore Option. Then check the dioloag box at the bottom that says show more restore points. I would choose a restore point at least 7 days back if you have one.

Doing the restore will not loose documents however any recent software you installed or system settings would be removed. The goal is to hopefully undo what ever was done that created the bluescreen issue in the first place. I only recommend this because you already have seemed to remove the virus threat.

Got rid of this virus with the helpful info here – thanks! On my system, the offending file was called bootsecurity700rst.exe – another entry in the list of variants for this rascal…

Follow the guide. It states to scan with Spyware Doctor with Antivirus for a REASON. It will tell you what those other trojans are so you can manually remove them.

Rapport is a web security software developed by Trusteer. You can remove this program in the add and remove programs section in the control pannel.

This alone may help to resolve the issue.

I am still unclear whether or not you have an internet connection. Does it connect to the router but you get no internet access? Will it not even connect to the internet?

Have you already read the No internet after virus infection guide? It’s under the how to Guides section. Try following that article and see if it does not answer your question.

You may also be able to do a system restore if you have not already tried this.

Boot into safe mode with networking. If you do not know how check the How to Guides section.

Then or people that. Check out http://removevirus.org/antivir-solution-pro
The bottom video shows you how to remove the proxy settings from your computer. We also have a written guide for this in the How to Guide section.

Reset the Windows Host file. Again we have a guide for this in the How to Section.

Now you should be able to download and run the above clients. Report back if you have troubles.

Okay, we removed Rapport, but no further luck.

I don’t have an internet connection at all on my computer since removing the virus, it cannot connect to the router either wirelessly or using an ethernet cable. Both give the same result; the computer thinks there are no connections available. It is not a problem with the internet/ router as there are two fully functioning computers connected to it.

I’ve just read the no internet guide, we completed methods 1, 2 and 4 but they didn’t fix it. We’re trying method three, but we can’t seem to create a new text file in the %WinDir%\System32\drivers\etc folder, the only option is to create a new folder.

Thank you again for all your help so far by the way.

Actually, it’s all sorted now we couldn’t do a system restore before cos of Rapport but after we removed it we could and now it’s all fixed.

Thanks again for all your help.

I am first of all totally unable to locate any of the processes or files. This bug has blocked me from editing registry keys, and it has changed my security settings so I cannot download programs like malwarebytes or spyware doctor with antivirus.

This thing has me completely stumped.

I was just going to say to do a system restore again. glad it is all sorted. Because of the system restore you will now need to run a full virus scan to ensure no other threats are on the computer. As you already know we recommend you scan with spyware doctor with antivirus

Got infected with this tonight..ran Malware when it went to delete infected files said some couldn’t be deleted until reboot was completed. rebooted and now it will not reboot past the Windows XP window. Won’t reboot in safe mode or any other mode either…any help or suggestions. Thanks

Go into Safe Mode and deltete the releaseversion70700 trace. Also be sure to run a full scan with Spyware Doctor With Antivirus to ensure you got everything. The free trial will NOT remove threats but it’s very good at detecting them. From there you can manually locate them.

Dear technical admin,

Here I have followed every point on the guide, I haven’t found the map antimalware doctor.

but I have deleted those in uninstall, there was a whole map about antimalware doctor so I deleted that one, done right?

Now I have the problem, I read a post about rootkit thing?..

I have opened system configuration. And there is the anti malware doctor virus.
I’m currently trying to disable it. but it won’t let me disable.
It stays on no matter what I do.

Help me solve this stupid virus.

Hello.
I have read your guide and gone into registry and deleted all of the files except the ones under the ‘/run/’ pathway which i couldnt find

when i go into the list of all programs antimalware doctor is no longer there which is a good sign and when i search for it it cant be found either.

i also couldnt find the enemies-names.txt file or the antimalware doctor.exe file to delete. im guessing theyve mutated to something different but even after reading comments here and trying a number of different locations i still cant find the files.

also, antimalware doctor is continuing to pop up!!
ive performed a full mcafee scan and it removed two trojan viruses before i even began this guide but there was no mention of antimalware doctor although i know that its there.

is there anyway i can stop this or sort it out?

thanks

UPDATE:
i have now found the application file in
C:\Users\…\AppData\Roaming\DCE77BF8422D9E5F4DCD7434BF3CA642

it is called releaseversion70700

when i try to delete it is says its in use so i have opened task manager and closed antimalwaredoctor. then gone on to the processes tab and cannot find an obvious process to close

however, there is a very suspicious looking ‘atieclxx.exe’ process which shows no description or user so i believe it is the correct one. ive tried to end this process but it says ‘the operation could not be completed. Access is denied.’

any help or ideas?

thanks again

Boot into safe mode with networking. Downlaod and install Spyware Doctor with Atnivirus. Run the scan and then manually delete the traces it finds. It really is that simple.

Hi. I saw ‘newsecureapp70700.exe’ in my Start Up Item but I’m not able to locate it in the registry. How should I got about?

Sounds like you deleted something in the registry that you did not mean to delete. You will have to restore it using a backup. I need to stress again to people that we do NOT recommend anyone go into the registry because issues like this are very common. You think your in the right folder and deleting the right thing then bam all the sudden you deleted an entire tree and have not idea you even did it.

If you did not make a backup before you did this than I recommend you run the system restore and go back a week. If system restore still works for you this is your best option.

Did you already follow the manual guide and look in the paths shown for the reg keys? If not that should be your answer.

We would also highly recommend you run a full scan with Spyware Doctor with Antivirus to also help in finding the exact reg paths that needed to be edited or deleted. This will also tell you if you got all the traces of this virus deleted and perhaps more importantly tell you if you are infected with anything else.

I am a intermediate cpu user with limited knowledge but the guide on your page is awesome if you take your time and do as the guide says you will get rid of this nasty malicious virus. i did it to the letter and installed malwarebytes which is pivitol in removing fully thanks a million for your time to post and update the site will recommend everyone that has a problem towards your site

It will not let you update till you do what we already told you to do. Re-set your hosts file first and ensure you do not have the proxy settings on.

You also need to be in Safe Mode WITH NETWORKING. With out being in Safe Mode With Networking you will not have internet access. Be sure you are contected to your network as well and have internet access. Some times over wifi connections you have to enable the card under “Connections”

I under stand the feeling of having to pay someone to fix this for you may be a little iritating but you will not find a better removal guide on the net. We try to break things down in it’s simplest form. However removing viruses and the like for some people can be very hard. http://www.onlinecomputerrepair.org may be your best bet if you can not get things going. Right now they are only charging 89 bucks for removal of all viruses on a computer.

This site sure is a miracle. I think I had more than 1 virus. I removed the antimalware doctor. But the antivir solution pro keeps popping up and it wont let me go to a website. It keeps taking me to their website. Can you help please.

Yes I would uncheck those boxes. The files if not present may already be deleted but the startup traces still there.

You may also still have the folder path but it is hidden. You may need to go into the control panel and unhide those folders in order to view them.

There is no way for me to tell you if your computer is clean or not. It’s seems you have put forth the effort to delete this. I did notice you did not say you ran a full scan with Spyware Doctor with Antivirus. That would be my last suggestion to you. The SDA client is very good at picking up threats. While the program does cost money to remove items it will do a full scan for you and from that scan you can look and see exactly what it finds and manually delete those traces. If it finds nothing but cookies I would consider your computer clean.

Thanks for your reply.

I read through the manual guide and managed to delete ‘newsecureapp’ from the reg.
I deleted some questionable files as well. However, I’ve been doing so through Safe Mode. While using ‘Safe Mode with Networking’, a pop up box appears informing me that a critical error has occurred and my computer restarts after a minute.
In ‘normal mode’, the same error pops up so I must be doing something wrong.

As well, I ran Malwarebytes and it appears that I have no dubious files left to delete.

I will try running a full scan with Spyware Doctor with Antivirus and hopefully that helps. Will check back with you if it doesn’t!

Thanks again for your help.

Sounds like your hosts file is infected. Follow our Reset hosts file guide under the How to Guides section.

You may want to look at the antivir solution pro removal guide we wrote as well. That shows you some added tricks and a video detailing what needs to be done.

my problem goes like this. Icant open contol panel network connection cant use run and i cant oper properties with right click on “my computer“ i reinstal windows and after i finish i restrt my pc
After restart same problem pls help

This virus is driving me crazy! It does not appear that I can find any of the files that were described above. I have deleted every Antimalware file I could find but none of those. I am also having trouble running the Spyware doctor. Is there a way to search for the files listed above that need to be deleted? Any help or suggestions?
Thank youuuu.

Thank you !

My laptop recently became infected with Antimalware Doctor. II downloaded MalwareBytes and ran Norton. I believe the computer’s clean now but want to make sure. I searched for the following files in the C & D drives; none were found:

Antimalware Doctor.exe
070700Setup.exe
Random70700.EXE
newsecureapp70700.exe

I looked for C:\Users\MY USER NAME\AppData\Roaming\DCE77BF8422D9E5F4DCD7434BF3CA642,…but C:\Users\MY USER NAME\AppData doesn’t exist.

And the folder C:\Users\ADMINISTRATOR\AppData\Roaming is empty.

I looked for the following files and folders:

C:\Windows\System32\enemies-names.txt
C:\Windows\System32\Antimalware Doctor.exe
Neither of these were there. Nor were they in D:.

Now, in my System Configuration Utility/Startup, there are two boxes checked, both from unknown sources: newsecureapp70700.exe and amneoxwrcs.exe, and both which are “supposedly” in my C:\Users\MY USER NAME\AppData\Roaming folder (which doesn’t exist). How do I remove these from the Startup? I am assuming I should (at the very least) uncheck these boxes.

Thanks in advance.

Will update the guide. thanks

We list the folder location in the guide. I strongly suggest you scan your computer using spyware doctor with Antivirus to help find the trace locations for you if you are having trouble locating them. Boot into safe mode with Networking and download the SDA client. Update it and run it.

To learn how to stop process or other common questions please view the How to Guide section.

This fake security software does not change your background. You have a secondary if not several other infections on your computer.

ensure the SDA client is up to date and run the FULL scan in safe mode with networking. Also update Malwarebyets again and run that full scan in safe mode with networking as well.

Normally when a desktop is highjacked it is a clear sign of a rootkit. Rootkits are the hard threats to remove. It sometimes does require an expert. Because we do not know the trojan or rootkit on your system there is no one solution fix all guide out there.

Perhaps you could try to do a system restore. This may or may not work for you. If you are able to do a system restore then go back at least 2 weeks if possible. Then re-install the suggested security software and run full scans again.

The other advice I can offer is to have http://www.onlinecomputerrepair.org fix this for you. It will be a battle but the cost is still only 89 bucks right now.

I would not recommend manually searching for them because they may be named different.

What operating system do you have? What security Clients are installed already? Based on those answers we should be able to provide you more help.

Hello! It’s great to know that we’ve got good guys out there (like Mr. technical admin), fighting the bad guys.

I also have the “070700Setup.exe” process. Is this the fakeware programmer’s alternate process name in disguise (rather than “Antimalware Doctor.exe”)? If you deem it so, a suggestion is to please add it to the above “Manual Removal Procedures.”

I had ended this process once already, but it then came back when I intially tried to use Control Panel > Uninstall Programs. I will now be off to follow the given removal instructions. Many thanks!

Hello! i have tried using Malwarebytes to remove antimalware doctor, and it didnt work i also tried using rkill, the comedian ith ots and it crashed, i then tried to find it manually and they werent there either!
i then used Spyware doctor, and the viruses that it picked up i deleted manually, only the first 2 :
64D2AD222334CF6A17C653834E8456BE
Antimalware Doctor shortcut
anyway when i restarted my computer antimalware doctor is still present although not as much, and it also changed all the settings on my laptop, deleted my background picture, and some of the keys are in different places when i type etc.. should i restore what i deleted, and what else can i try to get rid of this program??
Any help would be much appreciated!

It sounds like you do not need and files on your computer if your all for a re-install. What I would do if that was the case is use the Windows disk to first delete the OS and files AKA Format the drive and then do the fresh install. This will kill off the virus. While it is overkill it is a simple way to do things.

Im a bit computer dense im afraid, can you help? In the manual removal procedures where do i go to “stop” one of the following processes? and how do i stop it? Also where do i go to delete the following files and folders?like where would i go to find them. sorry to be a pain! x

Just got rid of this nasty bug from my computer. Virus also installed \gotnewupdate.exe on my computer which was in the startup file. I used TuneUp Utilities start up manager to take it out of start up and went to the path to delete it entirely off my computer. Malwarebytes got rid of the rest, but didn’t find that one. (Also had to delete enemies-names.txt manually)

I can not seem to be able to find any of the directories and registry entries specified in your guide.

BIG THANKS!! for finding this one. I believe ( My thoughts only ) that the gotnewupdate.exe is installing other executables and changing permissions in the registry. This is a must file to remove. We now know that malwarebytes does detect this file thanks to the above contributor so be sure and use this product and run scan to ensure all traces are gone.

Run the Full scan of Spyware Doctor with Antivirus like we direct in the guide. It should show you the exact path to were this threat is. If that does not work report back with the file location that you looked under.

The antimalware is keeping me for getting to my task manage to delete it. I have switched into safe mode but then, there’s nothing to delete. Is there any hope for me to delete it in a different way?

Thank you very much for hosting this and being so proactive on the discussion thread! I’m still in the process of removing the virus (hopefully just doing some final virus scans and such to make sure), but this has been immensely helpful!

One thing I would like to point out to people is that check and double check if the things you THOUGHT were deleted actually are deleted. The first thing I did when I realized I had a virus was delete the executables from appdata. Unfortunately, this did not fix the entire problem and those files were regenerated. So even though I did the registry steps, I still had the virus and had trouble locating the source of the problem, only to find out that it had respawned.

This was one of the nastier viruses I’ve had, and for a while it would not even let me boot up the computer under anything other than safe mode (couldn’t even use safe mode with networking).

I also ended up resetting internet explorer. I don’t even use internet explorer, and the virus originally popped up in internet explorer while I was using google chrome which was pretty obvious that it was a virus at that point.

Those entries look 100% like a trojan virus trace. I would remove them with out thinking twice about it. However they are NOT part of Antimalware Doctor. This is why it’s so important for people to run a full virus scan. These are secondary infections and most likely the reason you got infected in the first place.

remove them and run the full scan again.

You may need to boot into safe mode and then manually delete the needed .exe file.

IE will not work until you remove the proxy settings. You may also need to reset the Windows Hosts file.

Check out how to guides if you have any questions on performing the above.

SDA worked in all our testings. If it does not work for you just take advantage of the free support or get a refund. It’s that simple.

When in doubt http://www.onlinecomputerrepair.org has our vote for remote computer repair. They know exactly what to do to remove this and all other threats from computers.

hello following your guide i got rid of the virus well i thought i did.
i used the program u recomend for a free scan and nothing but low threats came up. nothing serious.
then another virus appeared in the task bar installing itself.
i cudnt use task manger. so i turned my pc of cause i done that wen da first virus came. but this second one i think has made it that when i try to turn on my pc it goes to a black screen with a blinking white line in the top left corner.

what does this mean.

i try to use safe mode but i dont know how on my machine. f8 never works its just a option of where to boot from on my pc.

please help me

hey how do you tell its gone?!? because im not sure if its completley gone or not

No “Antimalware Doctor.exe” on my system. The “070700Setup.exe” is the virus source. It works !!! Thanks.

Wow…it really worked! OMG thanks sooo much…did exactly that and it works….keeping this site on my top list to go to…for shit like this

They are registry keys. You can learn how to edit the registry under our How to Guides.

We do not recommend any average computer user actually go into the registry and edit it. One little slip and you can some major damage. Take it very slow.

As stated in the guide you simply need to run a full scan using trusted security software to ensure it is all gone. We recommend Spyware Doctor with Antivirus. It costs nothing to run a full scan. If it’s clean then you are good to go.

For long term protection and so you never get infected again we do also recommend registering the SDA client.

Boot into safe mode and manually delete the executable that we have listed in the guide.

You also need to turn off the proxy if you have not already done so. A Link is somewere in the comments or just do a search for Proxy.

Also you may need to re-set your hosts file if it is infected. Check out the How to Guides for more on this.

Lastly be sure and run a FULL scan using Spyware Doctor with Antivirus. This will let you know if you got everything or if you are infected with a secondary infection.

help! Five days and cant fix this. I have malwarebytes on a dvd i downloaded from my laptop and then added it to my desk top with tshe problem. Ive run many scans both full and partial and it finds only two of the antimalware doctor files. I delete both and then exit out of the program and restart the computer. The stupid malware doctor pops up. Ive run rkil.exe and tried to follow all these suggestions but i cant fix this! oh please help me here!

regedit says disabled by administrator – but I’m the administrator.

I think my laptop has been attacked most violently by this virus. I can’t even get it to run safe mode with networking. I get to the setup menu, and I manage to press the “safe mode with networking”, but the computer goes blank and then returns again with a list of unknown files or something .. Along the lines of :sim1/0 etc etc. And the list goes on for about half a screen length, and is centered in the middle of the screen. I thought maybe it’s just loading, but I waited half an hour and no change. Any tips? Or is this a hopeless case.. Since I see no one else had this problem. Thanks in advance for trying to help!

This post and the followup comments were extremely thorough and very helpful. One additional tip: run searches using an * in front of the .exe names (i.e. *antimalware) and you’ll be surprised at how many variations there are of this nasty bug that you’ll miss with a straight search. Thanks a million!

Thanks a lot. It worked.

On my PC, its file name has been changed to:
C:\Users\YOUR USE NAME\AppData\Roaming\xxxxxxxx\mediafix70700enz.exe.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “mediafix70700enz.exe.exe”

I hate this virus!!!!

Thanks to this web site, i have managed to remove this bug completely. Prior to finding this website (and the very useful comments by all contributors here), I wasted so much time by trying to remove this bug by other means. I used up-to-date sophos antivirus and Malwarebytes anti-malware. None of the above programmes managed to completely find/remove this annoying bug. Thanks to all contributors here, I managed to do it in no time.

This what I did to remove it completely
1. Stop running the programme by: ctr+alt+del – task manager – end task
2. Go to registry edit by: Start -run-(then type) ‘regedit’
3. Manually delete the following FOUR registry keys:

•HKEY_CURRENT_USER\Software\Antimalware Doctor Inc\Antimalware Doctor
•HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor
•HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Antimalware Doctor.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “gotnewupdate.exe”

This should do the trick. Good luck

It’s blocking me from using my keyboard!! Please help!
Thank you

I’ve been following the manual, but when I get to the “run regedit” portion, I’m told another program is currently using this file. I assume this means that I’ve failed to terminate all the processes…

Can you assist?

Dave

Hey, thanks for the guide. I have this virus, and I am now unable to boot my computer normally, so I’m working in Safe Mode with Networking. I have removed the folder containing the executable file for the program, as well as the enemies-names.txt, but I can’t find these:

* HKEY_CURRENT_USER\Software\Antimalware Doctor Inc\Antimalware Doctor
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Antimalware Doctor.exe”

In fact, I can’t even find any folder on my computer resembling the beginning of this file path.

Any advice on how to find them?

No need to buy any additional software that will cost you just as much as the “Antimalware Doctor” you are trying to get rid of…
On startup, repeatedly push F7, and then select “start up in safe mode”. Now, simply perform a system restore to a point in time before the infectation. Done!

Hello I did all the steps listed above. I ran a scan and removed the infected objects the scan found. I performed all the steps listed above and still nothing. When I restart my computer I start it normally and I can’t get pass the loading windows xp so my computer is dead now can you please help?

sounds like something went wrong in the removal of the virus or the virus it’s self did something.

Because you can no longer start XP normally I would recommend you boot into Safe mode and try running a system restore. We normally do not recommend users doing this when they are infected with a virus but because the core of the operating system seems to be having issues we recommend giving that a try.

Seemed like a fairly simple virus to remove. I would suggest what the user said several posts up, “UPDATE:
i have now found the application file in
C:\Users\…\AppData\Roaming\DCE77BF8422D9E5F4DCD7434BF3CA642

it is called releaseversion70700″

be put into the main page. this is another key that needs to be removed if doing it manually.

try it in safe mode. That should do the trick

I have found all the files i need to delete. When i tried to delete them its says stuff like access denied. If i cant delete it what am i supposed to do??? Iv also tried uninstallingthe anit doctor program frOm the control panal n it wont let me. Ive also tried installing antimalwarebytes and when i would scan the computer it would crash. Please help!

As the guide states. I recommend you run a scan with Spyware Doctor with Antivirus. IF that says your good then I would say your clean.

IF you are using the paid version of Avast I would say most likely you are clean as well. IF it’s the free version then I’m not surprised your seeing traces here and there still.

Help! I used your instructions to remove malware doctor, with success.
BUT…. now I can’t get on the internet anymore. Somehow the stupid thing has changed my TCP/IP settings. No access through network cable or wifi. It can connect to the router, but then nothing. I don’t get an IP address. I tried changing get an IP address automatically to a fixed IP, but that doesn’t work either. I have been searching on the internet for six hours now for a solution (on another computer of course), but I can’t find it!!

I ran MBAM again, zero infections left, so that can’t be it.

Great advise Joe.

If you found the files you should re-name them and re-boot your computer. Once you boot back up you can delete the files. You should also use Spyware Doctor with Antvirus to run a full scan and see what other traces are left over. Then manually delete those traces.

If you still have access denied errors after re-naming and re-booting you should take ownership of those files and then delete.

We can only help those who help themselves. What step in the guide specifically are you having trouble with?
Did you watch the video?
What is your operating system?
Have you tried going into safe mode and following the guide that way?

Some basic information on the exact step you are having trouble with can go a long ways in helping you. Be sure to read through the comments as most questions already have an answer.

Hey there,
I got the antimalware doctor virus on Sunday night. I never signed up for, or clicked on any “registration” requests it sent me. For some reason, this virus didn’t really affect my system too much – so it was quite easy for me to get rid of it. I feel lucky because I know some people had MANY infected files. I only had about 5 virus’s, and a few suspicious looking .exe files on my registry edit, and C Drive.
I just wanted to say thank you for this guide, it is extremely informative and helpful! My computer is now running back to normal, and virus free!
Thanks again,

I have this thing and i cant get on the internet, get to my control panel, access my documents. Everything seems like good advice i just cant seem to get anywhere. Help!

This is no longer about a virus infection but more about general computer repair which we do not support.

However I have an answer for you. Follow the link below and re-set your winsock settings. If that does not work then re-set your hosts file. chances are it will work. Used it a thousand times before in these situations.

http://windows7themes.net/winsock-fix-for-windows-7.html

So I recently got this virus and it’s gotten worse to the stage were I can’t open anything. I can’t access the Internet to download the Remval software. I’ve tried it in safe mode and still can’t. Help!

I ran Spybot S&D as well as Avast. So far, the registry for Antimalware doctor has definately been deleted. However, when I check the icons on my tool bar, I’m still seeing ansi70sepmod.exe, as well as rundll32. I’ve scanned my computer everytime, but I’m no longer detecting anything else. Is the virus still a danger to my computer? It hasn’t popped up ever since I deleted the process and the main exe file.

Yes. Do what the guide instructs and download Spyware Doctor with Antivirus to locate the exact traces in the registry that you need to delete. This program is great at detecting what needs to be removed. While the free trial will not remove anything it will locate the items for you and then you can just manually delete them.

Hey All,

I am so not tech-savvy, but I have tried to follow the directions (on my laptop). This message I am writing is on my desktop. Anyway, I have tried to get to the task Manager to shut off this program, but when I do, I get this popup saying “microsoft Security essentials alert” asking me to clean the computer. I get this alert when I try to run any program on my laptop. I can not find any of these

•C:\Windows\System32\enemies-names.txt
•C:\Windows\System32\Antimalware Doctor.exe

Help!

Cheers

No programs will run. What in the guide have you already tried?

Because you are not tech savvy I would highly recommend you try to boot into safe mode with netowrking and download the Spyware Doctor with Antivirus client and actually pay for the client. This is by far the easiest way to remove this threat.

Hi,

Had a very tough time thinking how to get rid of this buggar from my system;
Thanks for the post was able to quickly clean that up in minutes;

Really helped and suggest others;

Thank you,
Vaidya

I wanted to say thank you for your help! Amazing resource

I’m trying to clean this virus off of a co-worker’s machine. We found the .EXE and .TXT files, but once we get into regedit….I cannot locate the offending components under any of the suggested locations.

This machine is running Windows XP pro, and I was logged in as admin in safe mode when we entered regedit.

any suggestions?

Cheers

Hi
I can’t open any programs – the task manager or run “regedit”. I downloaded the rkill and explorer files on another computer and transferred it over. When I double click, the black screen opens for 2 secs but shuts down and says can’t be loaded. Any help on how to get rid of this?

This method was useful. Also look for whatever ****setup.exe inside those HKEY_CURRENT_USER\… and delete them. Thanks.

As stated in the guide this is normal.

We have already highlighted several ways in the comments about how to stop this process. Please read through the comments for more details. Other wise here is a sampling of things we have already said for people to try.

Boot into safe mode with networking and run the programs

boot into safe mode and just delete the traces if you already know were they are at

the second you log into the computer you may be able to open the task manager and stop the needed process from running

Vista / Win 7: ctrl+shift+esc
XP: ctrl+alt+del

Give those a try or read through the comments and or watch the video again for more tips.

Well – I’m ready for my free fix. I couldn’t find the files mentioned above so I subsequently purchased the spyware doctor with antivirus. I ran a full system scan, fixed the errors it had found, and this program is still here….

help?

the process will not be running while you are in safe mode. That is the point of going into safe mode. You should be able to just browse down to were the threat is and delete it.

oh my goodness, THANK YOU SO MUCH! i have recently bought my new laptop because of a similar virus and was totally horrified when these windows kept popping up!! I’m sooo glad that you were able to help me get rid of it!! Thanks again!!

Is your computer’s Wireless Switch turned off? I tried every suggestion I could find, after Antimalware Doctor blocked my Internet Explorer from connecting. Finally, I found this suggestion, and it worked! For my Dell laptop, I pressed Fn + F2, but the procedure varies.

hi i did all of that above and i deleted the registry keys and everything. i finally found the file in my roaming folder but it says that i need permission to delete the file and it says it won’t let me do it because i don’t have permission. Then i tried enering the administrator command in the command prompt (administrator active: yes) thing I found on the internet but it says that Systme error 5 has occurred. Access is denied. Can you please help me?

Please update the security client again and then boot into safe mode and run the FULL scan. I bet it will pick it up. We just test the SDA client again today and it worked on the latest trace of this.

You may also want to ru na second scan with Malewarebytes to double check things.

Report back results if it does not work for you. We may just want to remote in and take a look to see what is up.

You should be able to edit the registry in safe mode. If not try the default admin account in safe mode.

so i checked all my registry files and could not din it…and any files of it and also task manager..i have done all neccessary scans from trusted programs but on CCleaner it showed the antimaleware but i tried removing or “Uninstalling” it but doesnt seem to work….but when i start up the computer it comes back again the Antimaleware pop up…so any help !! thanks!

HELLO
please help me,
after the spyware doctor locate the antmalware files, how can i find them :the Hkeys programs? what to I have to do to lacate them? the spyware doctor gave me the paces that are infected, but what do I have to do to actually locate and delete them? Having problem to know where are the hkeys
thank you

Where does this come from? My son downloaded a game without my knowledge and what a awful virus.

did you scan with spyware Doctor with Antivirus and or Malwarebytes? both of those clients are well known to pick this threat up.

Please ensure the above clients mentioned are updated and run a full scan. You may also consider running the scan in safe mode.

If it does find something report back the file names and locations for us. If it does not work then please report back for further help.

You simply follow the paths laid out in the SDA software. Manually browse down to them and delete the infected files.

For registry items it’s a bit tricky because you may want to keep the actual item. This is why we list the registry traces in the guide. However I do not recommend the average computer user go poking around in the registry. If you do at least make a backup first.

You can get infected with this on tens of thousands of different sites. There is not one set webpage or location. Most PAID antivirus clients can detect and block antimalware Doctor

It sounds like you were able to get the main part of the threat. The rest most likely does not matter.

I highly recommend you run a full scan using Spyware Doctor with Antivirus and MalwareBytes. If those two scanners pick nothing up then you are good to go.

FYI: We have links to both programs in the side bar.

I just wanted to say thanks for the info and mine showed up as mediarelease70x700hh.exe not sure if anyone had that name before

Your Welcome.

FYI: We use Spyware Doctor with Antivirus to find these file traces so we know that software works. For all users out there you need to make sure your client is up to date.

Hi,

I tried using antimalwarebytes to remove this program from my laptop, it told me that said files were removed but when I rebooted the PC, the antimalware doctowas still there.

Do I have to stop the processes before I run the scan, is this why it keeps coming back?

hi! thanks for the guide. i got this malware doctor virus last night and have been working on it til tonight. norton detected the activities but failed to block the intrusion. was scared to death when i viewed norton history and found that the three differently named viruses made some changes to my system configuration and computer. norton launched an online support instructing me to run in safemode and download the latest update and save it on my desktop. i think its because the virus was blocking it but i dont really know. didnt help though thats what brought me to this wonderful site. i downloaded both spyware doctor with antivirus and malwarebytes, scanned in normal mode with the spyware doctor and located the virus. tried deleting it manually but didnt allow me so i rebooted to safe mode and was able to delete it. was able to find the .exe file in the roaming folder by locating it through the desktop shortcut of the virus and followed the addresses provided by SDA for the registry keys. mine was named terrapoint700x0main.exe and mediarelease70x700hh.exe together with the enemies-names.txt and two other .ini files all in the same folder under roaming. was able to delete it however wasnt able to locate the gotnewupdate.exe mentioned above for the registry keys. then i went back to normal mode ran both spyware doctor and malwarebytes scan and malwarebytes still found traces which i deleted. i had to restart as mentioned in the previous comments and then ran both scans again. malwarebytes detected none but spyware doctor still detects 5 threats and a total of 24 more infections, mostly cookies and adwares but the malwaredoctor virus itself wasnt detected anymore. i think i might have gotten a milder version for it only downloaded itself and tried to make me purchase and also wouldnt let me go to the bleepingcomputer site. everythings fine now now my only concern is if the remaining infections that the SDA detected should be worked on as well, or if they could be related to the malware doctor. i am new to these things in fact it was my first time to use the run function in this computer. i am planning to uninstall both SDA and malwarebytes for ive read somewhere that it may cause conflict with my main antivirus which is norton. i tried to make this as detailed as possible sorry if its too long and i appreciate you helping us here.

Thank you so much! This is so much easier to remove this mess. I am going to save this link on all my computers so I can get rid of it when it comes back.

I have a Windows 7 computer, and Anti-Malware attacked my computer. I tried the steps, and was able to delete the files from the Processes. However, I can’t find enemies-names or the Roaming gotnewupdates files.
I tried Safe Mode, but now I need to know the EXACT locations of the files. Please help a beginner.

I did try to follow your steps. however, I found my system was somehow different from what you described above.

(I have a vista system)

1. the executable and enemies-names.txt were at
c;\users\\appdata\roaming\55ED31C83F4EB1276D68ED4FAB0510F7\gotnewupdate000.exe

I simply deleted entire folder.

2. Regarding 3 registry entries.

I only found one in “Run” location and it was gotnewupdate000.exe (or get…)

not found “antimalware Doctor “in “Uninstall” and in “HKEY_CURRENT_USER\Software”

Does this mean it is gone?

thx.

Kent

Just thought I’d let you know that the Antimalware Doctor on my computer was associated with the process “secureapp70700.exe”. This was not picked up by antimalware software, so I had to stop the process and delete the files associated with it manually (just used the search function to find and delete them).

Details help us help you. Great information!

1. Yes I would uninstall the SDA client if you are already happy with Norton. However you are most likely using the free version of MBMA. This means the software only runs when you start that program. I would keep it installed as it will not be running normally when Norton is. Update the client once a month and do a scan with it. It’s just an extra precaution that we recommend.

2. Not all the registry traces shown in the guide are on EVERY computer. File names change all the time. We list what we and others have found over time. It is my opinion that you did get everything. I would however consider using the hosts fix software found in the sidebar to ensure you hosts file is not infected. I mention this because you stated that bleepingcomputers was blocked. The tool is from Microsoft and only takes 20 seconds to run.

3. Don’t worry about the cookie infections and other simple junk like that from the SDA client. I would ensure Norton is updated and run a full scan with it every other day for the next week just to be sure nothing else comes up. You effectively neutered this virus so even if a trace is left over it will be benign.

4. The reason you were unable to delete the files while in normal mode is because those processes were already running. We normally recommend people re-name them and upon re-boot you should be able to delete them. However going into safe mode is just as good if not a better way to do it.

You are god! Thank you

Nice pickup!

Are you able to boot into normal mode?

What is your operating system?

What in the guide have you already followed and what are you having trouble with?

The EXACT file locations that we know of are in the guide already.

with that said it sounds like you got the main part of this threat already and should not be able to install a security client. We recommend you download and install both Spyware Doctor with Antivirus and Malwarebytes. Run full scans with both clients and you should be able to find all the traces you need to delete.

Take note that the free version of malwarebytes does remove threats but is limited and does not protect your computer. The free trial version of SDA does the opposite. It will protect your computer for 30 days but not remove the threats it finds. However it will show you what they are and the exact file location of those threats so you can just manually browse to the directory and remove the files.

I think terrapoint700x0main.exe (registry key in ../run) is part of this infection on my system.

thanks!!! Go in peace with our blessings.

Can I take those programs, put them on a USB, and then download them to my computer and use them?

Hi all can someone please help me I am trying to load my computer I know I have this annoying virus but it shut me down now even when I try to go in safe mode it just goes blue with loads of errors and restarts any help please email me on (email removed so you don’t get spammed to death) or call me if poss I’ll give number on email I use my com for my work so really need it