Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Spyware and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
MalwareByte's Anti-Malware Download

> 

When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

2 Pages V   1 2 >  
Reply to this topicStart new topic
> Help Me Kill 'whataboutadog', I got it all: doginhispen, tribalfusion, skitodayplease, 88.80.7.66
DreamofSun
post Feb 13 2008, 09:29 PM
Post #1


New Member
*

Group: Members
Posts: 12
Joined: 13-February 08
Member No.: 190,052



Hi.
I'm totally infected by these viruses. They're all showing in my browser history: doginhispen, tribalfusion, skitodayplease, 88.80.7.66. Anti-Spyware software not helpfull. I downloaded FindAWF.exe, but need some help how to step through the cleanup process. Would be greatly appreciated.
Thanks,
DreamofSun
Go to the top of the page
 
+Quote Post
quietman7
post Feb 14 2008, 11:18 AM
Post #2


Bleepin' Janitor
******

Group: Global Moderator
Posts: 14,074
Joined: 9-July 05
From: Virginia, USA
Member No.: 26,513



  • Double-click on FindAWF.exe to start.
  • If a "Security Alert" shows, allow the program to run.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
      1. Press 1 then Enter to scan for bak folders
      2. Press 2 then Enter to restore files from bak folders
      3. Press 3 then Enter to remove bak folders
      4. Press 4 then Enter to reset domain zones
      5. Press E then Enter to EXIT
  • Press 1 then 'Enter' to scan for bak folders
  • The FindAWF tool will begin scanning your computer for the infected AWF files and backups created by the trojan.
  • It may take a few minutes to complete so be patient.
  • When complete, it will open a text file in notepad called awf.txt which will be saved to your desktop.
  • Copy and paste the contents of the awf.txt file in your next reply.


--------------------
"THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"

Microsoft MVP - Windows Security 2007-2009
Go to the top of the page
 
+Quote Post
DreamofSun
post Feb 14 2008, 07:36 PM
Post #3


New Member
*

Group: Members
Posts: 12
Joined: 13-February 08
Member No.: 190,052



Hi Qietman7,
thanks for helping. Here's the contents of the awf.txt file:


Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Thu 02/14/2008
The current time is: 19:32:00.21


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ITUNES\BAK

11/15/2007 01:11 PM 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes

Directory of C:\PROGRA~1\MICROS~4\BAK

07/07/2006 06:14 PM 576,320 itype.exe
1 File(s) 576,320 bytes

Directory of C:\PROGRA~1\MIFB84~1\BAK

07/07/2006 06:15 PM 600,896 ipoint.exe
1 File(s) 600,896 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

11/14/2007 11:43 PM 286,720 QTTask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\WIFD1F~1\BAK

11/03/2006 11:20 AM 866,584 MSASCui.exe
1 File(s) 866,584 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 07:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\CREATIVE\SBDRIV~1\BAK

12/03/2002 06:06 PM 45,056 SBDrvDet.exe
1 File(s) 45,056 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-S~1\BAK

11/10/2006 11:35 AM 90,112 CLIStart.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\CREATIVE\SBAUDI~1\DVDAUDIO\BAK

06/18/2003 01:00 AM 45,056 CTDVDDet.EXE
1 File(s) 45,056 bytes

Directory of C:\PROGRA~1\CREATIVE\SBAUDI~1\SURROU~1\BAK

09/17/2003 10:43 AM 57,344 CTSysVol.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

06/06/2005 04:46 PM 57,344 apdproxy.exe
1 File(s) 57,344 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14860 Feb 4 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
267048 Nov 15 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Dec 8 2007 "C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe"
116008 Nov 15 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer

Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
14860 Feb 4 2008 "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
576320 Jul 7 2006 "C:\Program Files\Microsoft IntelliType Pro\bak\itype.exe"
14860 Feb 4 2008 "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
600896 Jul 7 2006 "C:\Program Files\Microsoft IntelliPoint\bak\ipoint.exe"
14860 Feb 4 2008 "C:\Program Files\QuickTime\QTTask.exe"
286720 Nov 14 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
14860 Feb 4 2008 "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe"
45056 Dec 3 2002 "C:\Program Files\Creative\SB Drive Det\bak\SBDrvDet.exe"
14860 Feb 4 2008 "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
90112 Nov 10 2006 "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\bak\CLIStart.exe"
14860 Feb 4 2008 "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE"
45056 Jun 18 2003 "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\bak\CTDVDDet.EXE"
14860 Feb 4 2008 "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe"
57344 Sep 17 2003 "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\bak\CTSysVol.exe"
14860 Feb 4 2008 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"


end of report
Go to the top of the page
 
+Quote Post
quietman7
post Feb 14 2008, 10:43 PM
Post #4


Bleepin' Janitor
******

Group: Global Moderator
Posts: 14,074
Joined: 9-July 05
From: Virginia, USA
Member No.: 26,513



Double-click the FindAWF icon once again.
  • If a "Security Alert" shows, allow the program to run.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 2 then 'Enter' to restore files from bak folders
  • A text file named files.txt will then open.
  • Click below the line and copy/paste the following list of files in the quote box into the text file:
QUOTE
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\Microsoft IntelliType Pro\bak\itype.exe"
"C:\Program Files\Microsoft IntelliPoint\bak\ipoint.exe"
"C:\Program Files\QuickTime\bak\QTTask.exe"
"C:\Program Files\Windows Defender\bak\MSASCui.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\Program Files\Creative\SB Drive Det\bak\SBDrvDet.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\bak\CLIStart.exe"
"C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\bak\CTDVDDet.EXE"
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"
  • Close the text file and click Yes to save the changes. Once files.txt is saved, FindAWF does the following:
    • It attempts to terminate the process represented by each filename on the list (if running).
    • Deletes the rogue file from the parent folder (if present).
    • Copies the original file to the parent folder.
  • When done, it automatically runs a new scan and opens a new log.
  • Please copy/paste the contents of the new awf.txt log in your reply.


--------------------
"THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"

Microsoft MVP - Windows Security 2007-2009
Go to the top of the page
 
+Quote Post
DreamofSun
post Feb 15 2008, 06:42 AM
Post #5


New Member
*

Group: Members
Posts: 12
Joined: 13-February 08
Member No.: 190,052



OK then, below is the result of the AWF Option 2 text file. I did reboot by the way between running option 1 and option 2. I hope that doesn't mess anything up? Thanks again....


Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Fri 02/15/2008
The current time is: 6:37:23.20


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ITUNES\BAK

11/15/2007 01:11 PM 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes

Directory of C:\PROGRA~1\MICROS~4\BAK

07/07/2006 06:14 PM 576,320 itype.exe
1 File(s) 576,320 bytes

Directory of C:\PROGRA~1\MIFB84~1\BAK

07/07/2006 06:15 PM 600,896 ipoint.exe
1 File(s) 600,896 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

11/14/2007 11:43 PM 286,720 QTTask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\WIFD1F~1\BAK

11/03/2006 11:20 AM 866,584 MSASCui.exe
1 File(s) 866,584 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 07:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\CREATIVE\SBDRIV~1\BAK

12/03/2002 06:06 PM 45,056 SBDrvDet.exe
1 File(s) 45,056 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-S~1\BAK

11/10/2006 11:35 AM 90,112 CLIStart.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\CREATIVE\SBAUDI~1\DVDAUDIO\BAK

06/18/2003 01:00 AM 45,056 CTDVDDet.EXE
1 File(s) 45,056 bytes

Directory of C:\PROGRA~1\CREATIVE\SBAUDI~1\SURROU~1\BAK

09/17/2003 10:43 AM 57,344 CTSysVol.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

06/06/2005 04:46 PM 57,344 apdproxy.exe
1 File(s) 57,344 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

267048 Nov 15 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267048 Nov 15 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Dec 8 2007 "C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe"
116008 Nov 15 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
576320 Jul 7 2006 "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
576320 Jul 7 2006 "C:\Program Files\Microsoft IntelliType Pro\bak\itype.exe"
600896 Jul 7 2006 "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
600896 Jul 7 2006 "C:\Program Files\Microsoft IntelliPoint\bak\ipoint.exe"
286720 Nov 14 2007 "C:\Program Files\QuickTime\QTTask.exe"
286720 Nov 14 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
45056 Dec 3 2002 "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe"
45056 Dec 3 2002 "C:\Program Files\Creative\SB Drive Det\bak\SBDrvDet.exe"
90112 Nov 10 2006 "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
90112 Nov 10 2006 "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\bak\CLIStart.exe"
45056 Jun 18 2003 "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE"
45056 Jun 18 2003 "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\bak\CTDVDDet.EXE"
14860 Feb 4 2008 "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe"
57344 Sep 17 2003 "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\bak\CTSysVol.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"


end of report
Go to the top of the page
 
+Quote Post
quietman7
post Feb 15 2008, 09:01 AM
Post #6


Bleepin' Janitor
******

Group: Global Moderator
Posts: 14,074
Joined: 9-July 05
From: Virginia, USA
Member No.: 26,513



Double-click the FindAWF icon once again.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 3 then 'Enter' to remove bak folders.
  • A text file named files.txt will then open.
  • Click below the line and copy/paste the following list of folders in the quote box into the text file:
QUOTE
C:\Program Files\iTunes\bak
C:\Program Files\Microsoft IntelliType Pro\bak
C:\Program Files\Microsoft IntelliPoint\bak
C:\Program Files\QuickTime\bak
C:\Program Files\Windows Defender\bak
C:\WINDOWS\system32\bak
C:\Program Files\Creative\SB Drive Det\bak
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\bak
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\bak
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\bak
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak
  • Close the text file and click Yes to save the changes.
  • When done, it automatically runs a new scan and opens a new log.
  • Please copy/paste the contents of the new awf.txt log in your reply.


--------------------
"THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"

Microsoft MVP - Windows Security 2007-2009
Go to the top of the page
 
+Quote Post
DreamofSun
post Feb 15 2008, 07:14 PM
Post #7


New Member
*

Group: Members
Posts: 12
Joined: 13-February 08
Member No.: 190,052



Hi again Quietman7. Here's the result of running AWF option 3 txt file (looks good huh?):


Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Fri 02/15/2008
The current time is: 19:06:35.70


bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report
Go to the top of the page
 
+Quote Post
DreamofSun
post Feb 15 2008, 08:08 PM
Post #8


New Member
*

Group: Members
Posts: 12
Joined: 13-February 08
Member No.: 190,052



mad.gif Bummer,
hasn't fixed it. I still get a.doginhispen.com showing up in my history as soon as I open IE7. What now?
Go to the top of the page
 
+Quote Post
quietman7
post Feb 16 2008, 09:13 AM
Post #9


Bleepin' Janitor
******

Group: Global Moderator
Posts: 14,074
Joined: 9-July 05
From: Virginia, USA
Member No.: 26,513



Double-click the FindAWF icon once again.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 4 then 'Enter' to reset domain zones.
  • You will receive a warning to reset domain zones.
  • Press 1 then 'Enter'.
  • When done, you will receive a message: "Done! Zones have been reset".
  • After resetting the domain zones, the program will return to the main menu.
  • Press E then 'Enter' to EXIT.
  • Note: If you had manually added any sites in the trusted zones, they will need to be re-inserted.

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".


--------------------
"THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"

Microsoft MVP - Windows Security 2007-2009
Go to the top of the page
 
+Quote Post
DreamofSun
post Feb 16 2008, 09:33 AM
Post #10


New Member
*

Group: Members
Posts: 12
Joined: 13-February 08
Member No.: 190,052



Thanks Quietman7!
So far so good. This morning on bootup and again after cleansing the system with ATF, the rogue history entries are not showing. Do you by any chance know what information may have been snatched by these rogue sites/groups (tribalfusion/doginhispen/etc)? My wife made an online purchase while these trojans were in place. Wondering if there's any chance they could have snatched credit card or other personal info?
Go to the top of the page
 
+Quote Post
quietman7
post Feb 16 2008, 12:08 PM
Post #11


Bleepin' Janitor
******

Group: Global Moderator
Posts: 14,074
Joined: 9-July 05
From: Virginia, USA
Member No.: 26,513



Your infection was related to Downloader.Agent.awf. IMO anytime your machine is infected its always "best practice" to change all your passwords and let credit card companies know that your machine may have been compromised.

To protect yourself against malware and reduce the potential for re-infection, be sure to read:
• "Malware Prevention - Preventing Re-infection".
• "How did I get infected?, With steps so it does not happen again!".
• "Best Practices - Internet Safety for 2008".
• "Hardening Windows Security - Part 1".
• "Hardening Windows Security - Part 2".
• "IE Recommended Minimal Security Settings".


--------------------
"THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"

Microsoft MVP - Windows Security 2007-2009
Go to the top of the page
 
+Quote Post
DreamofSun
post Feb 16 2008, 01:18 PM
Post #12


New Member
*

Group: Members
Posts: 12
Joined: 13-February 08
Member No.: 190,052



Thanks Quietman7. Seems however that I'm not yet clean. I still have tribalfusion showing in IE history. It popped up after we finished everything. In IE7 history it reads as follws:
a.tribalfusion (a.tribalfusion.com)
Can you assist to remove that as well. It seems also to be a virus.
Go to the top of the page
 
+Quote Post
DreamofSun
post Feb 16 2008, 01:48 PM
Post #13


New Member
*

Group: Members
Posts: 12
Joined: 13-February 08
Member No.: 190,052



One more thing...I just scanned with Spybot and found/killed DSSAgent. Not sure if that's related to tribalfusion?
Go to the top of the page
 
+Quote Post
quietman7
post Feb 16 2008, 02:51 PM
Post #14


Bleepin' Janitor
******

Group: Global Moderator
Posts: 14,074
Joined: 9-July 05
From: Virginia, USA
Member No.: 26,513



Use ATFCleaner again to remove all your cookies.

Download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates...". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Click Close to exit the program.
Then add Tribalfusion to your hosts file to block that site. Better yet, download and use a custom HOSTS file which already has that site added for blocking along with numerous others.

MVPS HOSTS File zipped version: http://www.mvps.org/winhelp2002/hosts.zip
Download includes a batch file (mvps.bat) that will rename the existing HOSTS file to HOSTS.MVP, then copy the included updated HOSTS file to the proper location.

MVPS HOSTS File text version: http://www.mvps.org/winhelp2002/hosts.txt
Extract the zip file to the following location and let it replace your existing hosts file: C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Blocking Unwanted Parasites with a Hosts File Instructions

This post has been edited by quietman7: Feb 16 2008, 02:52 PM


--------------------
"THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"

Microsoft MVP - Windows Security 2007-2009
Go to the top of the page
 
+Quote Post
DreamofSun
post Feb 28 2008, 04:06 PM
Post #15


New Member
*

Group: Members
Posts: 12
Joined: 13-February 08
Member No.: 190,052



Hi again Quietman,
its back again, and again, and again.
a.doginhispen keep showing up. I re-ran the entire FindAWF process + ATF Cleaner + Superantispyware last night. Rebooted and then its back along with skitoftheday. I rescrubbed again, taking all 4 steps with FindAWF, etc, etc. Turned computer on again and there it is a.doginhispen in the history. In between I was deleting all history, cookies, temp files, etc. I just now ran AWF step 1 and it's clean (attached below). Why then does this keep showing in history. Do you know where it resides? Any other more comprehensive way to find/kill it? Please help again. Thanks.

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Thu 02/28/2008
The current time is: 15:56:02.67


bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report
Go to the top of the page
 
+Quote Post

2 Pages V   1 2 >
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



Lo-Fi Version Time is now: 9th January 2009 - 07:40 AM