Hey everyone, dev here. I haven't been a linux user long, and I havent really developed a relationship with the wonderful people on this site, and for that I apologize, but I was needing a favor. My teacher has this virus called antimalware doctor on his windows computer. Linux using many various commands through command prompt so I was wondering if possible, that someone could tell me how to delete this program through cmd (windows command prompt). The uninstall does not work and I have tried all I know with cmd to delete it and nothing has worked. I completely understand that this is a windows based question, but seeing as I also am a linux user I thought I would ask all the friendly faces around here. I won't have a problem if no one would like to answer due to it being a windows based question because I know it does not fit with linux issues.

Thank to anyone who helps,

with love.

I am not familiar with this particular spyware but there are two easy ways that likely will fix this


1) Download and Run Combofix from a reputable site then install and run Malwarebytes afterward.

2) Download a linux distro, ask the user to back up his data, delete all partitions on the hard disk, format the hard disks, and install linux. Copy back just the data he needs access to.

If you want to do it the hard way, find someone who has manually fixed it and try similar steps or setup a test environment, install the spyware, and figure out a way to run a diff on the registry keys and system files that change. You can then use that information to fix the other computer assuming it always performs that same (or very similar) actions. I imagine anti-virus vendors do something like, running a diff on the registry and using some kind of hash of system files to see which were changed.

Have you tried MalwareBytes Anti Malware? There's a free edition on filehippo.com

Safe mode?
Use task manager to find the exe file, find it's location and use cmd line to change directory and delete it?

download RKILL and Malwarebytes
boot into safe mode (f8)
rename RKILL to iExplore.exe and run 3 times
I MalwareBytes is already installed uninstall it
rename the MalwareBytes installer to iExplore.exe
install it, scan and reboot

start it in safe mode w/network ( f8 ) download highjackthis and some good scanners get rid of the scary ;)things that are staring on boot (highjackthis)and use some good scanners. But I also am not familiar with this virus. So I don't know if it effects the bios Good luck

Well all of these things are great suggestions and I really appreciate all of your help:D. You guys are truly amazing but the problem is that its a school computer and we have to log in through novell so safe mode is out. Also, the computer runs so slowly due to this virus that I am unable to download so I was hoping theres a manual way to delete programs like this because uninstall a program doesnt do anything but open the program. Thanks very much though:D. I can't extend my gratitude. If you can think of anything else please let me! I'll let you guys know as soon as I fix the problem.

Thanks everyone:3

http://my.opera.com/internetsecurity/archive/

moved to other forum

I think your best bet is to ask at a Windows related forum. Just because Linux users tend to utilize the command line more frequently, doesn't make them Windows malware experts.

Well all of these things are great suggestions and I really appreciate all of your help:D. You guys are truly amazing but the problem is that its a school computer and we have to log in through novell so safe mode is out. Also, the computer runs so slowly due to this virus that I am unable to download so I was hoping theres a manual way to delete programs like this because uninstall a program doesnt do anything but open the program. Thanks very much though:D. I can't extend my gratitude. If you can think of anything else please let me! I'll let you guys know as soon as I fix the problem.

Thanks everyone:3

Some questions:
What version of Microsoft Windows are we talking about here?
Is there a local Administrator account (Windows root) and can you obtain the password?
What is the Network OS? Netware? What version? SUSE? What version?

If one can get local administrator access then one can proceed to remove the malware using some of the suggestions in this thread or one can search for the malware name on a search engine and look for suggestions on reputable sites and forums to remove the malware

If this fails then boot the computer from an Ubuntu live CD, back up the data to an external USB drive and reinstall Windows. Before restoring the data scan it with an up to date anti virus / anti malware prodct know to remove this particular malware. One will also need administrative access on the Novell network to reconnect the computer to the network and also set up the scripts for network boot, directory mapping etc.

It is a Rogue Security Infection. You should be able to locate it in:

(XP)

C:\Documents and Settings\%username%\LocalSettings\ApplicationData\

(Vista/7)
C:\Users\%username%\AppData\
C:\Program Data\


Most of the scareware infections do not infect System32 on Vista/7 but for XP they have the ability to as System32 was never secured well in XP.

I suggest using AVZ from Kaspersky (http://www.kaspersky.com/downloads/utils/avz4.zip) and using it's System Restore functionality (File -> System Restore) for a quick reset of certain (extermely important) system parameters that the infection may have tampered.

I don't suggest Combofix as it is very dated, but I do suggest using Norton Power Eraser (http://us.norton.com/support/DIY/index.jsp).

Run TDSSKiller (http://support.kaspersky.com/viruses/solutions?qid=208280684)

I would suggest running CCleaner (http://www.filehippo.com/download_ccleaner/)to remove temps, broken registry, and fix startup items.

Then finally run the antivirus of your choice. Some great ones are Kaspersky, Microsoft Security Essentials, Norton, or Webroot and then also for antispyware Malwarebytes is great.

I think your best bet is to ask at a Windows related forum. Just because Linux users tend to utilize the command line more frequently, doesn't make them Windows malware experts.

For Windows problems with XP & Vista I've found this site to be excellent - Suggestafix.

Not huge but very helpful. Free to register.

Main site http://www.suggestafix.com/index.php?act=home

How to get help with Malware etc, basic stuff & scans they ask you to run:

http://www.suggestafix.com/index.php?showtopic=35466

Other Windows free support sites reviewed and compared:
http://www.techsupportalert.com/best_free_tech_support_sites.htm

If it's a school computer, shouldn't the school's IT department be able to take care of it?