3 Replies Latest reply on Jun 3, 2010 4:59 AM by Peter M

    McAfee IS 2009 intruded by AntiMalware Doctor (fake antivirus software)!!HELP!!

      I use internet on daily basis, tonight I surfed as usual when McAfee IS went crazy all at sudden ( shutting down itself and installed a software called AntiMalware Doctor as well as many other weird stuff on my PC. Outrageous is that this "AnitMalware Doctor" kept prompting me to make a system scan, and I did and  was asked to register the software..what that heck.and why??!..)


      At the moment I suspected that my PC has probably been infected, so I restarted it...after getting through the welcome screen, this AntiMalware Doctor ran automatically and I CANNOT turn back on the McAfee Scanning functionality(its disable by sth!!). That's so bad! I felt this was getting nasty, so I used my netbook to get on internet for help and downloaded a software from Malwarebytes.com, I followed the instruction exactly and the software did found and killed some trojan and malware (like 36 of them), but after rebooting, this AntiMalware Doctor was simply still there!!


      Now my PC is in safe mode(with network), but even in safe mode, IS 2009's scanning service is still kept disabled by malware. Then I got into services.msc to enable it manually, now I am doing a full scan of my PC, and its gonna take couple of hours to finish, cuz my PC was very heavy loaded.


      My question so far is, does McAfee provide with some easy way to remove such kind of virus/Trojans to the date May 31 2010? Obviously, it was IS 2009 that failed to protect my PC from the attacks by these viruses and .I am pretty disappointed.. I hope I could get some help from you asap! I will check the forum tomorrow.



        • 1. Re: McAfee IS 2009 intruded by AntiMalware Doctor (fake antivirus software)!!HELP!!
          Peter M

          The removal instruction for that are here:  http://www.bleepingcomputer.com/virus-removal/remove-antimalware-doctor scroll down the page as the first linkis are merely advertising.


          Major antivirus applications usually have difficulty dealing with fake anti-malware applications and extra tools are then needed.



          Message was edited by: Ex_Brit on 02/06/10 2:48:48 EDT PM
          • 2. Re: McAfee IS 2009 intruded by AntiMalware Doctor (fake antivirus software)!!HELP!!

            Thx for the replay Ex_Brit. I have solved the problem after 4 hours of instense fight against it.


            Below lists what I did to remove the virus


            1. Download "Malwarebyte's Anti Malware"

            2. Download “PC Tools Spyware Doctor with AntiVirus" I actually paid for this software!! Excellent product!

            3. Uninstall McAfee IS, cuz its already been compromised

            4. Install software you've got in step 1 and 2

            3. Do a complete scan (it took almost 4 hours for my case) using "Spyare Doctor with Antivirus" immediately. (You will find out after this most of the infections if not all, some of which cannot be identified by McAfee!!).

            3. Get your PC into Safe mode with network, update your Malwarebyte's Anti Malware software to the latest.

            4. Run Quick Scan (You will probably find another couple of infections), remove them all as instructed. Restart your PC

            5. Hopefully your PC will be cured after this Double Kill. Now roboot your PC in normal mode, you still need to check a few places in your file system.

                a. type msconfig in command console, check if there is a startup entry called gotnewupdate000.exe, if yes, delete it using regedit!!!

                b. users\yourname\appData\roaming\random sequence\gotnewupdate000.exe and a text file called enemylist..sth like that, if yes, delete all the related files

                c. control panel, uninstall programs -- see if AntiMalware Doctor is still there.

                d. program list under Start button -- see if AntiMalware Doctor is sitll there.


            if all places are free of gotnewupdated000.exe, then I believe your PC is safe now.


            I believe that gotnewupdate000.exe is the crux of my case and that I have removed it successfully from my pc.


            sorry for any misspelling and typos..