Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help Remove Whataboutadog


  • This topic is locked This topic is locked
4 replies to this topic

#1 xiao_zhu

xiao_zhu

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 10 October 2007 - 09:48 AM

my office computer got infected by whataboutadog. and i've download AWF and had checked it. and here is the result.


Find AWF report by noahdfear 2006
Version 1.40

The current date is: 10/10/2007
The current time is: 10:18:24,34


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\WINAMP\BAK

13/12/2003 07:50 33.792 winampa.exe
1 File(s) 33.792 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

29/08/2002 10:41 13.312 ctfmon.exe
09/07/2001 11:50 155.648 NeroCheck.exe
2 File(s) 168.960 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

02/11/2004 20:24 32.768 PDVDServ.exe
1 File(s) 32.768 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

28172 Oct 7 2007 "C:\Program Files\Winamp\winampa.exe"
33792 Dec 13 2003 "C:\Program Files\Winamp\bak\winampa.exe"
13312 Aug 29 2002 "C:\WINDOWS\system32\ctfmon.exe"
13312 Aug 29 2002 "C:\WINDOWS\system32\bak\ctfmon.exe"
28172 Oct 7 2007 "C:\WINDOWS\system32\NeroCheck.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
28172 Oct 7 2007 "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
32768 Nov 2 2004 "C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"


end of report

please tell me what should i do to remove it? really need your help...

thanks in advance!
xiao_zhu

Moderator Edit: Moved topic to the more appropriate forum, from the HJT Forums since there is not a HJT log attached. ~ Animal

Edited by Animal, 10 October 2007 - 06:32 PM.


BC AdBot (Login to Remove)

 


m

#2 xiao_zhu

xiao_zhu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 12 October 2007 - 01:14 AM

please help me.... now IE running very slow when i open a site :thumbsup:

#3 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 12 October 2007 - 03:40 AM

Please double-click the FindAWF icon once again
If a "Security Alert" shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders
A text file opens called: files.txt.
Click below the line and paste the following list of files to be restored:

"C:\Program Files\Winamp\bak\winampa.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\WINDOWS\system32\bak\NeroCheck.exe"
"C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"


Next, close it and click Yes to save the changes.
Once files.txt is saved, FindAWF does the following:It attempts to terminate the process represented by each filename on the list [if running]
Deletes the rogue file from the parent folder [if present]
Copies the original file to the parent folder
When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#4 xiao_zhu

xiao_zhu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 20 October 2007 - 09:37 AM

thanks rookie147 for reply and your help, but i've repost my problem with hijackthis log on the forum and sifumike helps me...
i just saw this post again today and just now that you reply my post.. thanks alot... really appreciate it!

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,558 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:05 PM

Posted 20 October 2007 - 01:30 PM

I see your log is posted here and you are already getting assistance.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

To avoid confusing, I am closing this topic.

Thanks for your cooperation and good luck with your log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users