It looks as though that Virus Doctor (or Virusdoctor) is an older rogue antivirus application, but since it seems related to the search I was seeing lot’s of last night about rootscan.info I thought I would devote an article to the removal instructions for virus doctor. Since it may be related to Windows PC Defender, you may see an article on that coming up this evening. But, first to the matter at hand: How to carry out a virus doctor removal.
First of VIrus Doctor is a rogue antivirus application that claims to find problems on your system and then it claims to be able to fix them if and only if you pay for the software. It usually finds its way on your system through a popup ad that claims your system is infected and then closing the popup redirects you to another web page with an animation of a scan of your pc claiming that it’s finding problems.
You may see messages such as this:
Malicious applications which can contain trojans found on your PC need to be immediately removed. Click here to remove these potentially harmful items immediately with Virus Doctor.
An unauthorized program has been prevented from accessing your PC.#Port:433 from 220.127.116.11
It should be possible to remove virus doctor by downloading malwarebytes antimalware, updating it to the latest version and running a full scan of the system. (You can find a link to malwarebytes antimalware on my virus removal toolkit page.
You may want to try running malwarebytes antimalware in safe mode if the first attempt is unsuccessful. I would try this before a manual removal.
If you need to do a manual removal you can use the following information to help:
The following sites should be blocked (using the hosts file):
You may make use of Task manager to kill of the following processes:
The following dll files will need to be unregistered:
And the following files and their folders should be removed:
%UserProf%Application DataMicrosoftInternet ExplorerQuick LaunchVirus Doctor.lnk
%UserProf%Application DataVirus Doctorsettings.ini
%UserProf%Application DataVirus Doctoruill.ini
%UserProf%Start MenuProgramsVirus Doctor.lnk
%UserProf%Start MenuVirus Doctor.lnk
%Docs%All UsersApplication Data[RANDOM]LanguagesVDDe.lng
%Docs%All UsersApplication Data[RANDOM]LanguagesVDFr.lng
%Docs%All UsersApplication Data[RANDOM]LanguagesVDIt.lng
%Docs%All UsersApplication Data[RANDOM]System Data ConfigurationDBInfo.ver
%Docs%All UsersApplication Data[RANDOM]System Data Configurationvd[RANDOM].bd
%Docs%All UsersApplication Data[RANDOM]unins000.dat
%Docs%All UsersApplication DataSystem Data Configurationconfig.cfg
%Docs%All UsersApplication DataSystem Data ConfigurationDB.ini
Some of the above may be created using random strings so be suspicious of files or folders that don’t seem to be naturally named.
Even after a manual removal, I suggest running a tool such as malwarebytes antimalware for a more thorough cleaning. Update and run it again after it cleans out the things it finds. (I like to run such utilities until it comes clean.)
Virus Doctor may be relate to the newer rogue Windows Additional Guard.
Related PostsRelated Posts
- How to Remove Antivir | Antivir Removal Guide Antivir is a rogue antivirus application that is pushed through web site popup ads on unsuspecting users. Basically in web browsing you may see a popup claiming that your computer is infected and you should run a malware scan. Clicking to proceed will probably show an animation of a scan......
- How to Remove AntiKeep | AntiKeep Removal Guide AntiKeep is a rogue antivirus application from the same family as ReAnti and AntiAdd which we've written about in the last few days. Like many of these rogue application they will try to trick you into consenting to install it, or install without your permission. They will claim that there......
- How to Remove Malware Professional 2010 | Malware Professional 2010 Removal Guide Malware Professional 2010 is a rogue security application. It is not a trusted malware removal utility and I hope users won't be fooled by their claims of problem on their system that it claims only can be removed if you pay for their software. Unfortunately many users may be tricked......
- World Wide Web Security Essentials Is Not A Real Spyware Remover. It Resembles The Functions And Looks World wide web Security Essentials is not a real spyware remover. It resembles the functions and looks of genuine spyware removal software but has no capacity to eliminate any virus, trojan or malware. Web Security Essentials is the newest addition to the growing list of rogue Antivirus programs. Internet Security......
- How Can Marketplace Samurai Aid Your Organization Increase? On the web marketplace is often a extremely competitive marketplace currently where surviving for any online company just isn't quick. Today a number of web sites are launched each and every now and then either to promote items or services of companies. Right way of marketing is critical for your......
- Get Your Doctor Involved In Your Weight Loss One of the first steps that you are going to want to deal with when it comes to beginning any healthy weight loss journey is going to be to actually schedule an appointment with your normal family doctor or health care provider. You are going to want to let the......
- How to Remove Windows System Defender | Removal Guide
- Remove Total Security 2009 | TotalSecurity 2009 Removal
- How to Remove Windows Smart Security (Removal Guide)
- How to Remove Windows PC Defender | Windows PC Defender Removal
- How to Remove Windows Enterprise Defender (Removal Guide)