AntiMalware Doctor Created 14 years ago2010-08-28 21:13:23 UTC by Captain Terror Captain Terror

Created 14 years ago2010-08-28 21:13:23 UTC by Captain Terror Captain Terror

Posted 14 years ago2010-08-28 21:15:27 UTC Post #284667
Ok. At approximately 3pm, i was kicked in the nuts by a piece of rougue security software called AntiMalware Doctor whilst searching for a no-cd crack for Battlefront II.

This thing blankets your screen with popups pestering you to buy the "full version" of AntiMalware doctor, whilst infecting your system in multiple ways and actively preventing your outlets to stop it. Among the casualties:
  • Your Antivirus resident protection and the ability to update
  • taskmanager
  • revokes administrator privileges
  • regedit
  • gpedit
  • folder options(it sets file extentions to invisible and then borks folder options so you can't change it back)
  • taskbar icons still there, but invisible
  • stops most programs from connecting to the internet for updating
  • god knows what else
Since then, i have been methodically try fixes and unsuccessfully trying to get my system back to normal. I stopped the popups and the main program almost immediately after it happened by following instructions on this site, and have ever since trying to get my system back to normal.

Why am i telling you this now? i would advise everyone to update your antivirus/antimalware software, and perform a full backup of your system (if you have the means).

This fucking malware has wasted my entire day, and i have no idea if i'll be able to fix everything, or if the infection is completely gone, which will probably prompt me to reinstall everything... What a pain in the cock....

If anyone has some helpful hints to fix the aforementioned troubles, most of which are still not fixed, i would be greatly appreciative!
Captain Terror Captain Terrorwhen a man loves a woman
Posted 14 years ago2010-08-28 21:24:33 UTC Post #284668
Yes. Format your primary drive and forget about all that shit. Because you do have your files in a different drive/partition, right?
Posted 14 years ago2010-08-28 22:33:29 UTC Post #284669
ya all my program files are on d drive, tho i might take this opportunity to upgrade to 7..

edit: i got regedit working again by running a vbs script called reg_enable found on one of the multiple webpages describing how to disable/enable regedit. i used a third-party registry editor called "RegScanner" before that to search/delete/modify keys.

got my folder options back by editing this registry entry:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer

and changing the value from "0" to "1". It seems like most of the problems this fucker caused are registry based. i'm learning way more about the registry today than i ever cared to in a lifetime..

Fixed "invisible" tray icons by running "sfc /scannow" at the CMD prompt as administrator! =)

Still fucked up:
-GPedit is still gone
-Avast Antivirus is still fucked up and won't update or run in resident
-Other programs still refuse to update and timeout when you start the updating process
-occasionally i have to reboot to be able to browse the internet with google or ie. (i can still ping websites and run things like steam online, but the browsers are blocked somehow....

fuck my life......

)

Captain Terror Captain Terrorwhen a man loves a woman
Posted 14 years ago2010-08-28 23:04:17 UTC Post #284672
It's amazing how much one can do just by tinkering with the registry. It's also amazing how much one can fuck up by tinkering with the registry. You seem to be doing well, even if you don't completely fix everything, it's going to be great a learning experience.

As a matter of fact, you could take this as an opportunity to fuck with the registry and learn a lot about the inner workings of Windows with no concerns regarding the consequences, and later do what I said in my previous post.
Posted 14 years ago2010-08-28 23:56:25 UTC Post #284675
as much as they usually fail and have no effect whatsoever, have you tried a system restore to before this all happened? assuming you're on windows...
Trapt Traptlegend
Posted 14 years ago2010-08-29 00:03:43 UTC Post #284676
As disco said, no matter how badly you screw up the registry, it doesn't make a single difference to windows setup so you can take this opportunity to learn more about the inner workings of windows.
Crollo CrolloTrollo
Posted 14 years ago2010-08-29 16:52:18 UTC Post #284730
Disco/crollo: ya but wat a pain in the ass. for some things, the malware deleted whole groups of keys, so they all have to be put in manually or by a script. Mostly everything is running again but jeez...

trapt: yeah that was the first/easiest fix available for this bug, except that it disabled system protection years ago.. =)
Captain Terror Captain Terrorwhen a man loves a woman
Posted 14 years ago2010-08-29 17:08:41 UTC Post #284734
You'll want to keep your eyes open for any odd behave once you think your PC is clean, though. Just because it seems it's gone doesn't mean it is, unfortunately.
Good luck.
Notewell NotewellGIASFELFEBREHBER
Posted 14 years ago2010-08-29 18:10:45 UTC Post #284736
Back up!

I suggest you stick to well known security applications and don't try other miscellaneous software. I prefer having Comodo Firewall with Avast antivirus for example.
Striker StrikerI forgot to check the oil pressure
Posted 14 years ago2010-08-29 18:11:57 UTC Post #284737
Just format. It's fast and you can be absolutely sure that everything is gone and the new installation is completely clean.
Posted 14 years ago2010-08-31 23:45:17 UTC Post #284806
I love formatting. Especially when all my hl maps disappear permanently like that.
Posted 14 years ago2010-09-01 17:03:08 UTC Post #284838
If you intend to format and reinstall, boot a live OS, grab the files you want to keep and copy them to some other partition, drive or USB stick. There's a bunch of live Linux distros. Knoppix and Damn Small Linux (DSL) are two, there are plenty others.

As for anti-virus and firewall stuff: meh. I've been running without either for years, never have any problems with viruses or malware.
Posted 14 years ago2010-09-01 17:29:47 UTC Post #284839
...That you know of.
Notewell NotewellGIASFELFEBREHBER
Posted 14 years ago2010-09-03 11:31:40 UTC Post #284893
http://www.bleepingcomputer.com/virus-removal/remove-antimalware-doctor

No need to reformat, unless you were planning on doing so as routine computer maintenance anyway.
RabidMonkey RabidMonkeymapmapmapfapmap
Posted 14 years ago2010-09-03 12:35:08 UTC Post #284896
I got that fucker on my system some time ago, reformatted my system :P.

Haven't got a virus in a while now however, thanks to using Noscript plugin for my firefox, it basically stops all scripts through out the internet unless you allow them, preventing you from getting those pesky little viruses.
Skals SkalsLevel Designer
Posted 14 years ago2010-09-03 13:53:25 UTC Post #284899
As for anti-virus and firewall stuff: meh. I've been running without either for years, never have any problems with viruses or malware.
Lol ya i never had a problem before this either, but running without any anti-virus whatsoever?! I'm guna go out on a limb and say you have at least 50 trojans and god-knows-what else on you machine..
:P

Zombie: thanks for the tip on the reinstall btw! =)

RabidMonkey: thanks that was the first helpful site i found after first getting infected... (it's linked to in my first post but hard to see..)

)

Skals: thanks for the Noscript firefox plugin, i will surely check it out. Also btw, do you remember what you were doing when you got infected?
Captain Terror Captain Terrorwhen a man loves a woman
Posted 14 years ago2010-09-03 19:34:48 UTC Post #284908
Man, how on earth did you succumb to that?!
AJ AJGlorious Overlord
Posted 14 years ago2010-09-03 19:52:39 UTC Post #284914
Ant: i was searching for a no-cd crack for battlefront II... Let me tell you it was NOT WORTH the trouble (And i never did find and easy way to play BFII without the cd in the tray..)

(

Skals: Hey thanks for the lead on that NoScript firefox addon... it's pretty neat works a lot like a firewall..
Captain Terror Captain Terrorwhen a man loves a woman
Posted 14 years ago2010-09-03 19:58:11 UTC Post #284915
Everyone should have Spybot-Search and Destroy. I've only had one thing ever that it couldn't fix, and I had to reformat.
Posted 14 years ago2010-09-03 20:24:53 UTC Post #284918
I understand that, Captain, but for it to actually have done something, you would've needed to have installed it or clicked something to get it to install on your system. Blitz is right though, Spybot-Search and Destroy is one of the best programs to use for those kinds of things. Also, I hope you're not using Internet Explorer...
AJ AJGlorious Overlord
Posted 14 years ago2010-09-03 20:34:00 UTC Post #284919
I don't recall clicking "yes" to install any new sofware(i mean, i hope you don't think i'm that dumb :smile:)if that's what you mean. I suppose if i was clicking fast that's probably how it happened... And no, no IE just firefox.

I've never tried Spybot but i will def check it out, as it seems to be one of the highest-rated malware protection softwares out there..
Captain Terror Captain Terrorwhen a man loves a woman
Posted 14 years ago2010-09-03 21:11:54 UTC Post #284920
Fair enough and no I don't. ;)

Definitely get Spybot on board.
AJ AJGlorious Overlord
You must be logged in to post a response.