How to Remove Virus Doctor (or Remove VirusDoctor) | Virus Doctor Removal

It looks as though that Virus Doctor (or Virusdoctor) is an older rogue antivirus application, but since it seems related to the search I was seeing lot’s of last night about I thought I would devote an article to the removal instructions for virus doctor. Since it may be related to Windows PC Defender, you may see an article on that coming up this evening. But, first to the matter at hand: How to carry out a virus doctor removal.

First of VIrus Doctor is a rogue antivirus application that claims to find problems on your system and then it claims to be able to fix them if and only if you pay for the software. It usually finds its way on your system through a popup ad that claims your system is infected and then closing the popup redirects you to another web page with an animation of a scan of your pc claiming that it’s finding problems.

You may see messages such as this:

Malicious applications which can contain trojans found on your PC need to be immediately removed. Click here to remove these potentially harmful items immediately with Virus Doctor.

An unauthorized program has been prevented from accessing your PC.#Port:433 from

It should be possible to remove virus doctor by downloading malwarebytes antimalware, updating it to the latest version and running a full scan of the system. (You can find a link to malwarebytes antimalware on my virus removal toolkit page.

You may want to try running malwarebytes antimalware in safe mode if the first attempt is unsuccessful. I would try this before a manual removal.

If you need to do a manual removal you can use the following information to help:

The following sites should be blocked (using the hosts file):

You may make use of Task manager to kill of the following processes:

The following dll files will need to be unregistered:


And the following files and their folders should be removed:

%UserProf%\Application Data\Microsoft\Internet Explorer\Quick Launch\Virus Doctor.lnk
%UserProf%\Application Data\Virus Doctor\settings.ini
%UserProf%\Application Data\Virus Doctor\uill.ini
%UserProf%\Desktop\Virus Doctor.lnk
%UserProf%\Start Menu\Programs\Virus Doctor.lnk
%UserProf%\Start Menu\Virus Doctor.lnk
%Docs%\All Users\Application Data\[RANDOM]\Languages\VDDe.lng
%Docs%\All Users\Application Data\[RANDOM]\Languages\VDFr.lng
%Docs%\All Users\Application Data\[RANDOM]\Languages\VDIt.lng
%Docs%\All Users\Application Data\[RANDOM]\System Data Configuration\DBInfo.ver
%Docs%\All Users\Application Data\[RANDOM]\System Data Configuration\vd[RANDOM].bd
%Docs%\All Users\Application Data\[RANDOM]\unins000.dat
%Docs%\All Users\Application Data\System Data Configuration\config.cfg
%Docs%\All Users\Application Data\System Data Configuration\DB.ini

Some of the above may be created using random strings so be suspicious of files or folders that don’t seem to be naturally named.

Even after a manual removal, I suggest running a tool such as malwarebytes antimalware for a more thorough cleaning. Update and run it again after it cleans out the things it finds. (I like to run such utilities until it comes clean.)

Virus Doctor may be relate to the newer rogue Windows Additional Guard.

   Send article as PDF   

Similar Posts