Antimalware Doctor update

Since the last post Rogue Warning: Antimalware Doctor,

there are some new discoveries in the samples that came our way.

ThreatExpert report:-


Antimalware Doctor installer has added a screen that attempts to trick unsuspecting victims that installing Antimalware Doctor is actually a System Security Pack Upgrade.

The malware has also changed its usual installation locations to these:-

  • C:Documents and Settings[UserName]Application Data.743ADCD1FFF70805DED4CDD860DD6317enemies-names.txt
  • C:Documents and Settings[UserName]Application Data???????????????????????????????????libcore707en0setup.exe [note ???????? refers to alphanumeric characters]
  • C:Documents and Settings[UserName]Application Data743ADCD1FFF70805DED4CDD860DD6317local.ini
  • C:Documents and Settings[UserName]DesktopAntimalware Doctor.lnk
  • C:Documents and Settings[UserName]Start MenuAntimalware Doctor.lnk
  • C:Documents and Settings[UserName]Start MenuProgramsAntimalware DoctorAntimalware Doctor.lnk
  • C:Documents and Settings[UserName]Start MenuProgramsStartupAntimalware Doctor.lnk
  • C:Documents and Settings[UserName]Start MenuProgramsAntimalware DoctorUninstall.lnk

Manually remove Antimalware Doctor:-

To manually remove Antimalware Doctor, please delete the files mentioned above if found.

This entry was posted in Malware Alerts and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>