Malware Doctor removal?

Scania · 31 May 2009 at 13:23

My brother in law has "Malware Doctor" on his PC (XP Sp3), it seems to be a piece of nasty malware itself and I'm having trouble killing it.

I have ran a full scan (4 hours!) using MalwarebytesAnti-Malware and it seems not to find it.

Despite him being the PC administrator, his task manager has been disabled also which is not helping!

Any ideas?

Thanks.

miniyazz · 31 May 2009 at 14:28

Reformat, reinstall. Safest/easiest way.

Scania · 31 May 2009 at 14:34

miniyazz said:
Reformat, reinstall. Safest/easiest way.

Whilst I know that and you know that, its not very practical.

Ideally, I'd simply like to remove the malware not the whole OS.

Pho · 31 May 2009 at 14:46

Malwarebytes should be able to remove this. Have you tried renaming mbam.exe to just say m.exe incase the malware is blocking it somehow?

This guide explains how to remove it using Malwarebytes, but you could maybe manually clean it by removing all of its associated files: http://www.bleepingcomputer.com/malware-removal/remove-malwaredoc

miniyazz · 31 May 2009 at 15:09

R420LA6X2/4MNA said:
Whilst I know that and you know that, its not very practical.

Ideally, I'd simply like to remove the malware not the whole OS.

Ideally, you would be able to be confident that you'd removed all the malware. Unfortunately, that's not the case, so I'd advise your brother-in-law that you can try removing all the malware but can't guarantee that his system will be secure afterwards. On his own head be it if he decides to go with convenience and suffers internet banking fraud or something because of it.
Anyway, just my thoughts

Scania · 31 May 2009 at 16:45

Pho said:
Malwarebytes should be able to remove this. Have you tried renaming mbam.exe to just say m.exe incase the malware is blocking it somehow?

This guide explains how to remove it using Malwarebytes, but you could maybe manually clean it by removing all of its associated files: http://www.bleepingcomputer.com/malware-removal/remove-malwaredoc

I have taken his tower home with me & will try that guide tonight, cheers.

miniyazz said:
Ideally, you would be able to be confident that you'd removed all the malware. Unfortunately, that's not the case, so I'd advise your brother-in-law that you can try removing all the malware but can't guarantee that his system will be secure afterwards. On his own head be it if he decides to go with convenience and suffers internet banking fraud or something because of it.
Anyway, just my thoughts

I hear what your saying & have already told him as much.

Trouble is, he's reluctant to lose a lot of data thats on the PC, equally, backing up the data prior to a re-format does not guarantee anything unwanted will be backed up also!

Malwarebytes is atleast finding & "fixing" it now, but, on re-boot, the "Malware Doctor" popup returns within about 5 minutes.

A reformat would be my choice but he's reluctant to let me do this.

theheyes · 31 May 2009 at 17:47

The files themselves will most likely be okay. You hear the odd case of executables being hijacked but if you are just backing up Word documents etc. you should be fine. I'm sure you'll politely explain this is why backups should be made.

The problem is because this machine has been infected there is always a chance it's been rootkitted, which is why a re-install is the only way to be sure you get everything. It might be, it might not - you just can't know with any certainty. Without preaching to the converted a reinstall always seems a crude solution but it's really the best.

Have you tried running the anti-malware in safe mode? Try this, and if not you might want to look into the Live CD option.

miniyazz · 31 May 2009 at 22:34

Is malwarebytes a virus scanner then? At the end of the day, if that's having difficulty, try a different one. I recommend Kaspersky, and there's a thread knocking around somewhere about which AV people recommend.

Pigeon_Killer · 31 May 2009 at 23:02

Disable System Restore, run Disk Cleanup and remove everything then install Spybot S&D, Malwarebytes and Superantispyware and run each in safe mode.

Edit: Make sure you update each program before using them.

Scania · 31 May 2009 at 23:04

Just completed a 4 hour (!) scan in safe mode on his PC and, thus far, it seems to have cured it.....

The report given by Antimalware Bytes points to the user accounts of his two 7 year olds as the likely culprits!

miniyazz said:
Is malwarebytes a virus scanner then? At the end of the day, if that's having difficulty, try a different one. I recommend Kaspersky, and there's a thread knocking around somewhere about which AV people recommend.

Its a bit like a virus scanner but more angled toward malicious programs like browser embedded toolbars & the like (I think!) anyway, its a good 'un and I use it (without issue) on my own PC's.

Cheers for the feedback guys, hopefully its sorted. I'll leave it running for a day or so & see if anything returns.

theheyes · 1 Jun 2009 at 00:07

R420LA6X2/4MNA said:
The report given by Antimalware Bytes points to the user accounts of his two 7 year olds as the likely culprits!

Just check that these two accounts aren't administrator accounts. If they are, downgrade them.

Scania · 1 Jun 2009 at 02:33

theheyes said:
Just check that these two accounts aren't administrator accounts. If they are, downgrade them.

Done, nice tip, (which I'd not given a thought!) my brother in laws account is now the only admin.

No signs of a return thus far.