Groups

    antimalware doctor - advice please.

    Yo peeps,

    Managed to be an utter noob and get this piece of crap on my comp last night. I did some googling and ran rkill and then malwarebytes (all done in safe mode) and after a restart it was still there.

    I will give it another bash tonight but I have the feeling it's going to be persistent an annoying. Has anyone had any experience with this malware?

    if I were to reformat I assume it would wipe it completely? Also what would I need to backup from my pc apart from music etc?

    Cheers!

    23 Comments

    Banned

    Your parents should have installed net nanny to keep you off the porn sites brah!

    Banned

    I'd just reformat.

    Safer.

    Next time use firefox and turn on private browsing when looking at naughty ladies.

    go to bleepingcomputer.com - v useful when i had a virus that redirects searches on google.
    The article i found suggested using rkill, then combofix. I ran antimalwarebytes again after that too, and it seems to have done the trick

    Banned

    grimlocksbrain

    go to bleepingcomputer.com - v useful when i had a virus that redirects … go to bleepingcomputer.com - v useful when i had a virus that redirects searches on google.The article i found suggested using rkill, then combofix. I ran antimalwarebytes again after that too, and it seems to have done the trick



    Ta for that... I'll take a peak too! I know my machine has some sort of infection too as Kasperskys says I need to run the scan as threats detected... but then finds nothing and tells me itys detected threats again.

    Its annoying as quite often when using the machine it reboots midway through typing a senten

    Original Poster

    vibeone

    I'd just reformat.Safer.Next time use firefox and turn on private … I'd just reformat.Safer.Next time use firefox and turn on private browsing when looking at naughty ladies.



    yo brah, if I just back up my photos, music, programs I want to keep is that enough?
    Do I need to backup drivers and stuff?
    I sound like a complete noob but since I got my pc about 4 years ago I've never had to reformat so I don't know what I'm doing haha!
    Ironically I have always kept it in good shape with uptodate virus protection, scanning defragging etc.

    guv

    Your parents should have installed net nanny to keep you off the porn … Your parents should have installed net nanny to keep you off the porn sites brah!


    I'll remembed not to google for naked wimmins of hukd again.

    Banned

    vibeone

    I'd just reformat.Safer.Next time use firefox and turn on private … I'd just reformat.Safer.Next time use firefox and turn on private browsing when looking at naughty ladies.

    guv

    Your parents should have installed net nanny to keep you off the porn … Your parents should have installed net nanny to keep you off the porn sites brah!



    Depends if you've got the drivers :P Back up as much as you can to be safe.

    As for hukd wimmin, no need to google, PM on its way.

    Original Poster

    vibeone

    Depends if you've got the drivers :P Back up as much as you can to be … Depends if you've got the drivers :P Back up as much as you can to be safe.As for hukd wimmin, no need to google, PM on its way.



    safe brah, I'll try removal once more tonight if not I'll reformat, lucky Ive got my netbook just incase

    thanks for the PM I like the way you made it into a collage and put usernames next to it. Its nice to put names to faces...well in some cases

    numptyj

    I will give it another bash tonight



    I think its best you dont oO

    Banned

    numptyj

    thanks for the PM I like the way you made it into a collage and put … thanks for the PM I like the way you made it into a collage and put usernames next to it. Its nice to put names to faces...well in some cases



    The naked picture he sent of me is a fake. Be prepared to receive a letter from my solicitor should you chose to ignore that information and add my username to that picture on your collage.

    numptyj

    I'll give it another bash tonight



    Wasn't it your need to do this the reason you got into this mess in the first place?


    Edited by: "guv" 27th Sep 2010

    Banned

    numptyj

    thanks for the PM I like the way you made it into a collage and put … thanks for the PM I like the way you made it into a collage and put usernames next to it. Its nice to put names to faces...well in some cases

    numptyj

    I'll give it another bash tonight



    It's my collage, and has been built up over the years. It includes women like missp, fish girl, pink, boots and tinks, as well as men like guv, numpty, ASB and angelfairee.

    £3.50 PP gift.

    Edited by: "vibeone" 27th Sep 2010

    Banned

    vibeone

    It's my collage, and has been built up over the years. It includes women … It's my collage, and has been built up over the years. It includes women like missp, fish girl, pink, boots and tinks, as well as men like guv, numpty, ASB and Angelfairee.£3.50 PP gift.



    This is a blant lie. I was watching my daughter laughibly trying to play football when the alleged photo was taken. I have forward your post to my solicitor. I take this attempted assasination of my character very seriously. (Seriously.)

    What a coincidence, I got this 2 days ago, and finally got round to remove it.

    I'll write something up

    So the main program that sorted this out for me was Windows Defender

    Basically from what I had, it disables everything you try to open, so the first thing you do it boot into safe mode and open up whatever malware scanner you have, quick scan (I had Malware Bytes), restart and boot into normal windows.

    So the files for this peice of **** are located in somewhere like (was for me anyway)

    C/ User / YouName / AppData / Roaming

    Appdata is a hidden folder, so you got to enable hidden files and folders.

    Now basically there is a folder called "8498297248742740420" or something with 4-5 files and you might have a hotfix.exe in the Roaming folder. You can delete a few files but the rest are protected and even MalwareBytes file deleter cannot delete them, so if you have Windows Defender load it up and go to.

    Toos - Software Explorer

    Now it might be in Startup Programs and if it's there, click it and remove it.

    Then go to Currently Running Programs - And you'll see a **** load of services running (qt5, jdihidhf.exe, twodo.exe etc etc), they are not official services and check the date of them, if they are the date around the time you got the Antimalware Doctor, just click End Process for them all.

    Now it's all disabled, you can go back to the Roaming Folder and delete the protected files you couldn't delete before, as the services are disabled so are the file protections.

    Then update MalwareBytes, quick scan, remove, restart.

    It will be gone.

    PM me your MSN and Ill talk you through it if you want
    Edited by: "Wotwot123" 27th Sep 2010

    Original Poster

    Wotwot123

    So the main program that sorted this out for me was Windows … So the main program that sorted this out for me was Windows DefenderBasically from what I had, it disables everything you try to open, so the first thing you do it boot into safe mode and open up whatever malware scanner you have, quick scan (I had Malware Bytes), restart and boot into normal windows.So the files for this peice of **** are located in somewhere like (was for me anyway)C/ User / YouName / AppData / RoamingAppdata is a hidden folder, so you got to enable hidden files and folders.Now basically there is a folder called "8498297248742740420" or something with 4-5 files and you might have a hotfix.exe in the Roaming folder. You can delete a few files but the rest are protected and even MalwareBytes file deleter cannot delete them, so if you have Windows Defender load it up and go to.Toos - Software ExplorerNow it might be in Startup Programs and if it's there, click it and remove it.Then go to Currently Running Programs - And you'll see a **** load of services running (qt5, jdihidhf.exe, twodo.exe etc etc), they are not official services and check the date of them, if they are the date around the time you got the Antimalware Doctor, just click End Process for them all.Now it's all disabled, you can go back to the Roaming Folder and delete the protected files you couldn't delete before, as the services are disabled so are the file protections.Then update MalwareBytes, quick scan, remove, restart.It will be gone. :)PM me your MSN and Ill talk you through it if you want



    cool thanks! I'll have a go at this tonight

    Pm'ing of pics of members X), strong sex life brahs

    Original Poster

    kungfu

    Pm'ing of pics of members X), strong sex life brahs



    Dont worry I'll forward to you

    Banned

    kungfu

    Pm'ing of pics of members X), strong sex life brahs



    u want a copy sending brah?

    vibeone

    u want a copy sending brah?



    cool!!!! i was hoping my reverse psychology would work...... and id get the nudes AND look cool and nonchalant into the bargain! High fives all round!

    Banned

    numptyj

    Dont worry I'll forward to you



    vibeone

    u want a copy sending brah?



    It wasn't really a too subtle way of asking for it tbh!

    Banned

    kungfu

    cool!!!! i was hoping my reverse psychology would work...... and id get … cool!!!! i was hoping my reverse psychology would work...... and id get the nudes AND look cool and nonchalant into the bargain! High fives all round!



    I worked it out brah!

    (Unfortunately I've put a bar on receiving PMs from Numpty and Vibeone on account of the gay pictures they keep sending me - so unable to forward!)

    Original Poster

    guv

    I worked it out brah! :p(Unfortunately I've put a bar on receiving PMs … I worked it out brah! :p(Unfortunately I've put a bar on receiving PMs from Numpty and Vibeone on account of the gay pictures they keep sending me - so unable to forward!)



    loool

    dont make me start reporting comments guv

    guv

    I worked it out brah! :p(Unfortunately I've put a bar on receiving PMs … I worked it out brah! :p(Unfortunately I've put a bar on receiving PMs from Numpty and Vibeone on account of the gay pictures they keep sending me - so unable to forward!)



    i can do without looking at a load of donkeys anyway, works boring but not that boring

    Original Poster

    fingers crossed that it's gone.

    Kept running malwarebytes and trying bits and bobs, tried the above that wotwot said and it was still being a dick.

    Tried to update malwarebytes was coming up with an error message, googled it. Turns out malwarebytes needed a fresh install. Installed again in safe mode with networking allowed me to get the latest update and then bam kept picking up infected objects and everything appears to be ok now...for the moment Malwarebytes is a pretty kick ass piece of free software
    Post a comment
    Avatar
    @
      Text
      Top Discussions
      1. ❅☁☁❅ I want☼to talk☼about the☔WEATHER☔no politics☃no religion❅☁☁❅18846300
      2. Surprise! The HUKD Summer Flamedeer Hunt 2017 **OFFICIAL THREAD** (trading …199541
      3. Your dream gaming set up?1846
      4. miikeyblue and shabbird's (but mostly shabbird's) Tuesday night pub quiz!523422

      See more discussions