Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Need Help Remove Whataboutadog

  • This topic is locked This topic is locked
4 replies to this topic

#1 xiao_zhu


  • Members
  • 10 posts
  • Local time:04:48 AM

Posted 10 October 2007 - 09:48 AM

my office computer got infected by whataboutadog. and i've download AWF and had checked it. and here is the result.

Find AWF report by noahdfear 2006
Version 1.40

The current date is: 10/10/2007
The current time is: 10:18:24,34

bak folders found

Directory of C:\PROGRA~1\WINAMP\BAK

13/12/2003 07:50 33.792 winampa.exe
1 File(s) 33.792 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

29/08/2002 10:41 13.312 ctfmon.exe
09/07/2001 11:50 155.648 NeroCheck.exe
2 File(s) 168.960 bytes


02/11/2004 20:24 32.768 PDVDServ.exe
1 File(s) 32.768 bytes

Duplicate files of bak directory contents

28172 Oct 7 2007 "C:\Program Files\Winamp\winampa.exe"
33792 Dec 13 2003 "C:\Program Files\Winamp\bak\winampa.exe"
13312 Aug 29 2002 "C:\WINDOWS\system32\ctfmon.exe"
13312 Aug 29 2002 "C:\WINDOWS\system32\bak\ctfmon.exe"
28172 Oct 7 2007 "C:\WINDOWS\system32\NeroCheck.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
28172 Oct 7 2007 "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
32768 Nov 2 2004 "C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"

end of report

please tell me what should i do to remove it? really need your help...

thanks in advance!

Moderator Edit: Moved topic to the more appropriate forum, from the HJT Forums since there is not a HJT log attached. ~ Animal

Edited by Animal, 10 October 2007 - 06:32 PM.

BC AdBot (Login to Remove)


#2 xiao_zhu

  • Topic Starter

  • Members
  • 10 posts
  • Local time:04:48 AM

Posted 12 October 2007 - 01:14 AM

please help me.... now IE running very slow when i open a site :thumbsup:

#3 rookie147


  • Members
  • 5,321 posts
  • Local time:10:48 AM

Posted 12 October 2007 - 03:40 AM

Please double-click the FindAWF icon once again
If a "Security Alert" shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders
A text file opens called: files.txt.
Click below the line and paste the following list of files to be restored:

"C:\Program Files\Winamp\bak\winampa.exe"
"C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"

Next, close it and click Yes to save the changes.
Once files.txt is saved, FindAWF does the following:It attempts to terminate the process represented by each filename on the list [if running]
Deletes the rogue file from the parent folder [if present]
Copies the original file to the parent folder
When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image

#4 xiao_zhu

  • Topic Starter

  • Members
  • 10 posts
  • Local time:04:48 AM

Posted 20 October 2007 - 09:37 AM

thanks rookie147 for reply and your help, but i've repost my problem with hijackthis log on the forum and sifumike helps me...
i just saw this post again today and just now that you reply my post.. thanks alot... really appreciate it!

#5 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,908 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:48 AM

Posted 20 October 2007 - 01:30 PM

I see your log is posted here and you are already getting assistance.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

To avoid confusing, I am closing this topic.

Thanks for your cooperation and good luck with your log.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users