Thursday, May 28, 2009

Uninstalling Malware Doctor

Uninstalling Malware Doctor

Malware Doctor is a particularly annoying piece of spyware. Not only does it load your system with Malware Doctor, but it also hijacks your browser settings, adding a proxy connection. The image illustrates the location of the malicious executables associated with Malware Doctor.

The associated path is C:\Documents and Settings\LocalService\Application Data

Removal of Malware Doctor

The first step in removal of Malware Doctor is:
1) Disable "system restore" on your PC (this is only temporary)
2) Delete these 3 exe files (the most important one is 691447002.exe.
3) Empty your recycle bin
4) Reboot

The next step is to run a scan of your pc using a bona fide spy-malware scanner. There are many - I have used PC Tools Spyware Doctor, you may use that, or Hijack This, Adaware etc. make sure these programs are updated!

5) Scan your registry for the 691447002.exe entry and delete if it exists.
6) Scan your registry for any unwanted processes in the startup folder and delete them as well.
7) Reboot
8) Scan your system once again.

Browser Hijacks

The easiest way to tell if you still have malware Doctor installed is to try to open your registry editor, or task manager. If these do not launch (registry editor\ Task manager has been Disabled by Your administrator) then you are still infected.

If you are unable to rowse websites, you are still infected. The first step to regaining the ability to browse the internet is to remove any proxy settings from your browser. Unless you use a proxy, in which case, you will need to reset those settings.