Antimalware Doctor

By Domesticus in Rogue Anti-Spyware Program

Translate To:

Threat Scorecard

Ranking:	14,276
Threat Level:	100 % (High)
Infected Computers:	14,157

First Seen:	March 19, 2010
Last Seen:	July 25, 2023
OS(es) Affected:	Windows

Antimalware Doctor Image

Antimalware Doctor is a great example of why you should never let your guard down when it comes to malware. Although Antimalware Doctor is relatively old in malware terms, having caused periods of high infection rates in 2010, as of March 2011 Antimalware Doctor is back with a vengeance. Obviously, Antimalware Doctor needs to be treated with caution and removed as quickly as possible, because Antimalware Doctor can severely impair your ability to use your PC.

Table of Contents

History of Antimalware Doctor

Most sources will report that Antimalware Doctor had Antimalware Doctor's heyday in the spring and summer of 2010, and some people even claim that Antimalware Doctor did not appear on the Internet until February 2010. However, the fact of the matter is that February 2010 was when the English-speaking world began to see infections with Antimalware Doctor. Beginning in the fall of 2008, Antimalware Doctor was causing problems for French PC users, and Antimalware Doctor infected a large number of PCs in French-speaking parts of the world throughout 2009. Regardless of Antimalware Doctor's long history, Antimalware Doctor does not seem to be any different now than it was then, and Antimalware Doctor causes symptoms that are standard for a fake security program.

Symptoms of Antimalware Doctor Infection

Antimalware Doctor uses scare tactics and ransoming in order to try to force the users of infected PCs to pay money for worthless software licenses. Usually, the first sign you'll see is that something is wrong when Antimalware Doctor takes over your computer in order to run a fake scan of the system. Antimalware Doctor will run one of these bogus scans every time you start Windows, from an interface that is labeled "Antimalware Doctor Protection Center," and which is similar in appearance to Microsoft Security Center, a legitimate component of Windows. Antimalware Doctor's scans will always turn up long, fake lists of results, and then Antimalware Doctor will tell you that the only way to remove all of these different threats is for you to "unlock" Antimalware Doctor by paying for a registration. Also, the Antimalware Doctor Protection Center interface will tell you – falsely – that your firewall and Windows updates are turned off. Don't let that trick you into paying to register Antimalware Doctor, since Antimalware Doctor has no legitimate affiliation with Windows.

Once the fake scan is complete, assuming you haven't believed Antimalware Doctor's lies and paid to register the malware, Antimalware Doctor will pester you with error messages and security alerts. Most of these alerts will say, in one way or another, that your computer is under attack from someone or something that is remotely stealing your personal information. The alerts will urge you to scan your computer using Antimalware Doctor or to "block the attack" by unlocking the full, registered version of Antimalware Doctor. Eventually, Antimalware Doctor will even show error messages when you try to run other programs, and when you try to visit any websites other than Antimalware Doctor's own. As a result, Antimalware Doctor can make all of your other programs – and the Internet – completely inaccessible. Antimalware Doctor stands to reason that not everything else on your computer or on the Internet is malicious; Antimalware Doctor is simply trying to prevent you from uninstalling Antimalware Doctor's fake security software.

Where Does Antimalware Doctor Come From?

It is common for Antimalware Doctor to seem to appear out of nowhere. Many users of infected PCs report that they did not download anything to cause the Antimalware Doctor infection. This reflects the fact that Antimalware Doctor relies on Trojans in order to find a way into victim PCs, and the entire point of using Trojans is that you download them without knowing it. It is highly likely that Antimalware Doctor is currently being spread via Trojans installed through drive-by-downloads, which occur when a Trojan is downloaded to your computer automatically, unnoticed, when you click on an advertisement or visit a site that exploits vulnerabilities in your computer's settings. Antimalware Doctor's Trojan is also known to be bundled with freeware downloads, and Antimalware Doctor may be disguised as a video codec or program update. When the Trojan is downloaded, it sets up Antimalware Doctor. Antimalware Doctor will become active the next time you start Windows. Therefore, in addition to using real, legitimate anti-virus software, you can protect yourself by using safe web browsing practices.

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software	Detection
AVG	SHeur3.ABVK
AhnLab-V3	Dropper/Fraudrop.1051136.D
Antiy-AVL	Trojan/Win32.FrauDrop.gen
McAfee-GW-Edition	Artemis!E4C053ED084A
Kaspersky	Trojan-Dropper.Win32.FrauDrop.atf
eSafe	Win32.GenVariant.Tds
F-Prot	W32/Trojan2.DMR
McAfee	Artemis!DF4DC4435480
AVG	Generic18.CHP
NOD32	a variant of Win32/Kryptik.EUA
McAfee-GW-Edition	Artemis!36AA2D70D002
Kaspersky	Trojan-Dropper.Win32.FrauDrop.ask
AVG	Generic18.BYQ
McAfee-GW-Edition	Artemis!CFE7282C6DB3
Kaspersky	Trojan-Dropper.Win32.FrauDrop.asd

SpyHunter Detects & Remove Antimalware Doctor

File System Details

Antimalware Doctor may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	formtell70700loadraw.exe	b756b592069d0d9f8dd605c2a4a07fcf	275
Name: formtell70700loadraw.exe MD5: b756b592069d0d9f8dd605c2a4a07fcf Size: 1.04 MB (1040384 bytes) Detections: 275 Type: Executable File Path: %APPDATA%\FA68FFCE7DFB52A6EC2D7DA557D2FC69 Group: Malware file Last Updated: October 25, 2010
2.	badoversion707001000lux.exe	cea0493a4b5fafb27dca7b181c1527fa	185
Name: badoversion707001000lux.exe MD5: cea0493a4b5fafb27dca7b181c1527fa Size: 1.04 MB (1040896 bytes) Detections: 185 Type: Executable File Path: %APPDATA%\E06FFF1668B833174DB7958BC05AD647 Group: Malware file Last Updated: October 22, 2010
3.	terrapoint700x0main.exe	c339f9bb47083dc3fa7c1993cb8dff0b	157
Name: terrapoint700x0main.exe MD5: c339f9bb47083dc3fa7c1993cb8dff0b Size: 1.05 MB (1057792 bytes) Detections: 157 Type: Executable File Path: %APPDATA%\0DAA4913C7F48A483A93669FCCBA9DF0 Group: Malware file Last Updated: October 19, 2010
4.	truefix70700duo.exe	78b9531192cc8ebf5dcbda5273e5d798	155
Name: truefix70700duo.exe MD5: 78b9531192cc8ebf5dcbda5273e5d798 Size: 1.05 MB (1057792 bytes) Detections: 155 Type: Executable File Path: %APPDATA%\545807ABA7BDBD5E0D0A18B0C7E5DED6 Group: Malware file Last Updated: October 25, 2010
5.	ultradimiso70700xr.exe	5df31bb7800d6fe6ba7d057d9038d03c	139
Name: ultradimiso70700xr.exe MD5: 5df31bb7800d6fe6ba7d057d9038d03c Size: 1.04 MB (1040896 bytes) Detections: 139 Type: Executable File Path: %APPDATA%\1FC0C8F4AEA4D6D16C04A2A65A8389D8 Group: Malware file Last Updated: November 22, 2010
6.	techupdate700x00ver.exe	31701dd97c8a7a34563a81a255bf8662	135
Name: techupdate700x00ver.exe MD5: 31701dd97c8a7a34563a81a255bf8662 Size: 1.04 MB (1041920 bytes) Detections: 135 Type: Executable File Path: %APPDATA%\9DB9179A494635524E489E98F7B8EF9C Group: Malware file Last Updated: November 12, 2010
7.	fixcore70700bin.exe	bc3cde884d40d5c133df6b9d49aa0631	100
Name: fixcore70700bin.exe MD5: bc3cde884d40d5c133df6b9d49aa0631 Size: 1.05 MB (1054208 bytes) Detections: 100 Type: Executable File Path: %APPDATA%\6CEF8097BFAC922017792B16752713AE Group: Malware file Last Updated: October 25, 2010
8.	mediarealease70x700hh.exe	948032e01587a8fdea8e94f100e26680	87
Name: mediarealease70x700hh.exe MD5: 948032e01587a8fdea8e94f100e26680 Size: 1.04 MB (1041408 bytes) Detections: 87 Type: Executable File Path: %APPDATA%\140BB89B663F70F8FD772A10E87534FF Group: Malware file Last Updated: October 21, 2010
9.	corlight70700mode.exe	e160a7de7bde40a5117c04df33533ccb	83
Name: corlight70700mode.exe MD5: e160a7de7bde40a5117c04df33533ccb Size: 1.05 MB (1057792 bytes) Detections: 83 Type: Executable File Path: %APPDATA%\0CA99BCA131DD1E72D8AFF32355B30D3 Group: Malware file Last Updated: October 25, 2010
10.	signsetup70700v0.exe	f31356aaa50f2bf92e3bd1079c5fba0c	82
Name: signsetup70700v0.exe MD5: f31356aaa50f2bf92e3bd1079c5fba0c Size: 1.04 MB (1041920 bytes) Detections: 82 Type: Executable File Path: %APPDATA%\8855E72C65960AD9CCCC20F5AE8D54BF Group: Malware file Last Updated: November 22, 2010
11.	fixmediaset70700en00.exe	db2621bd2722cfa7235800af799ae31c	71
Name: fixmediaset70700en00.exe MD5: db2621bd2722cfa7235800af799ae31c Size: 1.05 MB (1058816 bytes) Detections: 71 Type: Executable File Path: %APPDATA%\43F3722198011F59579348C8F541A72B Group: Malware file Last Updated: October 25, 2010
12.	mediarealease70x700hh.exe	67200d9d3da797efe98a1c0e51383b8e	68
Name: mediarealease70x700hh.exe MD5: 67200d9d3da797efe98a1c0e51383b8e Size: 1.03 MB (1039872 bytes) Detections: 68 Type: Executable File Path: %APPDATA%\9E410B52E6A3B2648AA2E61211031FF0 Group: Malware file Last Updated: October 19, 2010
13.	setadvance700t0md.exe	cbd8ae8831d02498383c4c738f718a77	64
Name: setadvance700t0md.exe MD5: cbd8ae8831d02498383c4c738f718a77 Size: 1.32 MB (1322496 bytes) Detections: 64 Type: Executable File Path: %APPDATA%\828B13BCCE70711123B1248A94087135 Group: Malware file Last Updated: November 19, 2010
14.	libcore707en0setup.exe	ae4d38fabd89c21569fcad7168a6756c	53
Name: libcore707en0setup.exe MD5: ae4d38fabd89c21569fcad7168a6756c Size: 1.05 MB (1054208 bytes) Detections: 53 Type: Executable File Path: %APPDATA%\C36C1E6E83CA5A904367B31E6D20BA29 Group: Malware file Last Updated: October 25, 2010
15.	aerovisionsetup70700.exe	2613f5c0b90a0ea1c6aa8899fa5c760d	47
Name: aerovisionsetup70700.exe MD5: 2613f5c0b90a0ea1c6aa8899fa5c760d Size: 1.04 MB (1041408 bytes) Detections: 47 Type: Executable File Path: %APPDATA%\7C2547CC4984A8FA7D696DB4F922F28C Group: Malware file Last Updated: October 21, 2010
16.	packwww7070010000setup.exe	510bcd4e99c31b0dacabe9547da10863	42
Name: packwww7070010000setup.exe MD5: 510bcd4e99c31b0dacabe9547da10863 Size: 1.29 MB (1293312 bytes) Detections: 42 Type: Executable File Path: %APPDATA%\A2CC1590849AAB416EF667A6EAF2AA17 Group: Malware file Last Updated: November 19, 2010
17.	smartcore70700bin.exe	f1e0ffd464681ade9af3aa50e09daea6	41
Name: smartcore70700bin.exe MD5: f1e0ffd464681ade9af3aa50e09daea6 Size: 1.04 MB (1048064 bytes) Detections: 41 Type: Executable File Path: %APPDATA%\47A88536B5DB1828203CABC2463865B1 Group: Malware file Last Updated: November 22, 2010
18.	iso70700ultrabox.exe	8a2beffc88f5bc6bde5aa6f1c4fd043a	38
Name: iso70700ultrabox.exe MD5: 8a2beffc88f5bc6bde5aa6f1c4fd043a Size: 1.04 MB (1041408 bytes) Detections: 38 Type: Executable File Path: %APPDATA%\5FABD690DEB40CF3EB88200461F93A6F Group: Malware file Last Updated: October 25, 2010
19.	core700extrasetup.exe	babb2bc103eecb8141a535391dafe490	32
Name: core700extrasetup.exe MD5: babb2bc103eecb8141a535391dafe490 Size: 1.31 MB (1313792 bytes) Detections: 32 Type: Executable File Path: %APPDATA%\1A914658A0A69FFCA44B3891EF7F2CF2 Group: Malware file Last Updated: November 19, 2010
20.	xtokupd708dlgur.exe	f6516e42f7df3db017a581465fb69fbc	26
Name: xtokupd708dlgur.exe MD5: f6516e42f7df3db017a581465fb69fbc Size: 1.05 MB (1050112 bytes) Detections: 26 Type: Executable File Path: %APPDATA%\20E38EFBE6A6CA558E51C634724C4673 Group: Malware file Last Updated: November 22, 2010
21.	getmedia70700vers.exe	204f6eac4a4f40c50b36624b3475b31d	20
Name: getmedia70700vers.exe MD5: 204f6eac4a4f40c50b36624b3475b31d Size: 1.04 MB (1041920 bytes) Detections: 20 Type: Executable File Path: %APPDATA%\E40F76568890F9FC75885A50DF09CEB7 Group: Malware file Last Updated: November 22, 2010
22.	fixcore70700bin.exe	28921e1ef94bd0e0498bc14dfa6b7d12	17
Name: fixcore70700bin.exe MD5: 28921e1ef94bd0e0498bc14dfa6b7d12 Size: 1.05 MB (1055232 bytes) Detections: 17 Type: Executable File Path: %APPDATA%\8BE968F9C1B717DFB2F7FE52E711D9DB Group: Malware file Last Updated: November 22, 2010
23.	duosmart700mod0en.exe	01ace78986aead77de26cfeb3370f89e	12
Name: duosmart700mod0en.exe MD5: 01ace78986aead77de26cfeb3370f89e Size: 1.05 MB (1057792 bytes) Detections: 12 Type: Executable File Path: %APPDATA%\715C9B5A4F68B34205A91DBE1716EA3A Group: Malware file Last Updated: November 22, 2010
24.	aerovisionsetup70700.exe	39a7ad164096469ee256cb99043d3059	11
Name: aerovisionsetup70700.exe MD5: 39a7ad164096469ee256cb99043d3059 Size: 1.04 MB (1041408 bytes) Detections: 11 Type: Executable File Path: %APPDATA%\2C1BD48D0A08DD638A063DAA65DC1A03 Group: Malware file Last Updated: October 25, 2010
25.	setup710binfile.exe	9a06e4f4b53f4b6fff85077f23f1481b	10
Name: setup710binfile.exe MD5: 9a06e4f4b53f4b6fff85077f23f1481b Size: 1.06 MB (1065472 bytes) Detections: 10 Type: Executable File Path: %APPDATA%\33593C23BFF741BEE73DB5579E0D3F63 Group: Malware file Last Updated: October 25, 2010
26.	fixmediaset70700en00.exe	3a98aca0eecd5795e7e776eca283a63b	1
Name: fixmediaset70700en00.exe MD5: 3a98aca0eecd5795e7e776eca283a63b Size: 1.1 MB (1100288 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\4CDF0A57C214C2DC162AD983841FB80E Group: Malware file Last Updated: October 25, 2010
27.	packwww7070010000setup.exe	bfe68fe6e735254cce202f2655684ce1	1
Name: packwww7070010000setup.exe MD5: bfe68fe6e735254cce202f2655684ce1 Size: 126.97 KB (126976 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\948A55ECD5B10103C9B218EAF5DD13BC Group: Malware file Last Updated: November 19, 2010
28.	packwww7070010000setup.exe	91d92f9e6f006219e3d33555d000d868	1
Name: packwww7070010000setup.exe MD5: 91d92f9e6f006219e3d33555d000d868 Size: 422.3 KB (422309 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\948A55ECD5B10103C9B218EAF5DD13BC Group: Malware file Last Updated: November 19, 2010
29.	gotnewupdate005000.exe	e4c053ed084a51ffbf1ff9683e877f7a	1
Name: gotnewupdate005000.exe MD5: e4c053ed084a51ffbf1ff9683e877f7a Size: 1.05 MB (1051136 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\8E38F4603F1866514C3F7626166EC171 Group: Malware file Last Updated: December 11, 2012

More files

Registry Details

Antimalware Doctor may create the following registry entry or registry entries:

File name without path

Antimalware Doctor.lnk

HKEY..\..\..\..{RegistryKeys}

Software\Antimalware Doctor Inc

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

Antimalware Doctor

URLs

Antimalware Doctor may call the following URLs:

alicantedirectorio.com/css/114.exe

alicantedirectorio.com/css/softina.exe

Messages

The following messages associated with Antimalware Doctor were found:

Desktop Spy threat has been detected. This threat module advertises websites with explicit content. Be advised of such content being possibly illegal.

Infections on your PC can cause: system slowdown and crash, unwanted advertising displaying, loss of internet connections, lost documents and settings, major data loss.

Warning! Hidden file transfer to remote host was detected. Antimalware Doctor has detected that somebody is trying to transfer your private data via internet.

Warning! Removed attack detected! Antimalware Doctor has detected that somebody is trying to block your computer remotely via Trojan.win32.Agent.azsy. Transfer for your private data via internet will start in 10.

Warning! Your system is infected! 34 dangerous objects have been found during last system scan. You need registered version of Antimalware Doctor to remove these infections.

2 Comments

Michael J Evans 13 years ago Reply

I believe Antimalware Doctor has been created by people who want to sell their product to allegedly ermove it - the whole thing is a scam to raise money. Is there a clever software writer out there who can provide a free fix - most say it is free but when applied they want payment !!!

LoneStar 13 years ago Reply

Hello Michael,

We honestly believe that it is getting more and more difficult for computer users to separate the rogues from the legitimate antispyware programs. Many of the rogues that we see today are blocking legit security programs from running. One way to decipher if a security program is a legitimate one or not, is by its support system. In other words, check to see if there is a support team on the other end that will actually assist you with issues or support their product. Usually rogue applications lack a support team but you must be aware, there have been instances that rogues send you to some bogus customer support number that may or may not speak clear English. This was evident in the case of the rogue 'Live PC Care'. You can read more about this at http://www.enigmasoftware.com/live-pc-care-tricks-users-with-live-technical-support/.

Antimalware Doctor has been classified as a rogue anti-spyware program and not found to be associated with any type of legitimate security program to this date. However, applications such as Antimalware Doctors were created by clever scam artists and hackers in an attempt to collect money from unsuspecting computer users by use of their deceptive tactics. Please use extreme caution when you encounter such a program and never assume that it is legitimate until you are able to verify it and, as mentioned earlier, one way to verify it is to contact the support team of the company that created the product and state your concerns.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Antimalware Doctor

Threat Scorecard

EnigmaSoft Threat Scorecard

History of Antimalware Doctor

Symptoms of Antimalware Doctor Infection

Where Does Antimalware Doctor Come From?

Aliases

SpyHunter Detects & Remove Antimalware Doctor

File System Details

Registry Details

URLs

Messages

2 Comments

Submit Comment

Related Posts

Antimalware Doctor Protection Center

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen