How to remove ANTI MALWARE DOCTOR

• 重启到安全模式, 删除对应的文件和注册项
  

\enemies-names.txt
\Antimalware Doctor.exe

HKEY_CURRENT_USER\Software\Antimalware Doctor Inc\Antimalware Doctor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Antimalware Doctor.exe"



• 注意病毒文件是隐藏的, 要在"Folder Options"里显示隐藏文件才能看到病毒文件

如果"Folder Options"被禁止, 使用如下注册表恢复:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFolderOptions"=dword:0000000
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]
"NoBrowserOptions"=dword:00000000

• 如果注册表工具已经被禁止

把以下内容存成vbs后缀的文件, 并运行它:

'Enable/Disable Registry Editing tools
'?Doug Knox - rev 12/06/99

Option Explicit

'Declare variables
Dim WSHShell, n, MyBox, p, t, mustboot, errnum, vers
Dim enab, disab, jobfunc, itemtype

Set WSHShell = WScript.CreateObject("WScript.Shell")
p = "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\"
p = p & "DisableRegistryTools"
itemtype = "REG_DWORD"
mustboot = "Log off and back on, or restart your pc to" & vbCR & "effect the changes"
enab = "ENABLED"
disab = "DISABLED"
jobfunc = "Registry Editing Tools are now "

'This section tries to read the registry key value. If not present an
'error is generated. Normal error return should be 0 if value is
'present
t = "Confirmation"
Err.Clear
On Error Resume Next
n = WSHShell.RegRead (p)
On Error Goto 0
errnum = Err.Number

if errnum <> 0 then
'Create the registry key value for DisableRegistryTools with value 0
WSHShell.RegWrite p, 0, itemtype
End If

'If the key is present, or was created, it is toggled
'Confirmations can be disabled by commenting out
'the two MyBox lines below

If n = 0 Then
n = 1
WSHShell.RegWrite p, n, itemtype
Mybox = MsgBox(jobfunc & disab & vbCR & mustboot, 4096, t)
ElseIf n = 1 then
n = 0
WSHShell.RegWrite p, n, itemtype
Mybox = MsgBox(jobfunc & enab & vbCR & mustboot, 4096, t)
End If