Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another B.whataboutadog And A.adoginhispen Virus


  • Please log in to reply
2 replies to this topic

#1 bionate

bionate

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:South coast of Mass
  • Local time:02:58 PM

Posted 02 February 2008 - 06:09 PM

Hi all. On the family computer, we've become infected with the B.whataboutadog And A.adoginhispen virus. In addition to those two domains showing up in our history, the IP address 88.80.7.66 also shows up. I'm running XP Media Center Edition on this PC.

Might this also have anything to do with our iTunes getting all messed up recently? If it wouldn't affect iTunes, I'll start a different topic there.

Thanks!
Nate

Here's what the awf.txt file said:

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Sat 02/02/2008
The current time is: 17:56:16.60


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\AIM\BAK

08/01/2006 02:35 PM 67,112 aim.exe
1 File(s) 67,112 bytes

Directory of C:\PROGRA~1\BITTOR~1\BAK

06/04/2007 05:14 PM 216,064 dna.exe
1 File(s) 216,064 bytes

Directory of C:\PROGRA~1\BITTOR~2\BAK

09/07/2007 06:01 PM 43,008 bittorrent.exe
1 File(s) 43,008 bytes

Directory of C:\PROGRA~1\DIGITA~1\BAK

12/09/2005 08:44 PM 139,264 readericon45G.exe
1 File(s) 139,264 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

01/15/2008 03:22 AM 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\MICROS~3\BAK

06/20/2006 10:36 PM 1,207,080 wcescomm.exe
1 File(s) 1,207,080 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

01/10/2008 03:27 PM 385,024 QTTask.exe
1 File(s) 385,024 bytes

Directory of C:\WINDOWS\EHOME\BAK

08/05/2005 11:56 PM 64,512 ehtray.exe
1 File(s) 64,512 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/10/2004 02:00 PM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\CANON\MYPRIN~1\BAK

03/21/2006 08:30 PM 1,191,936 BJMyPrt.exe
1 File(s) 1,191,936 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

07/21/2007 11:56 AM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes

Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK

09/26/2005 12:26 PM 110,592 MskAgent.exe
08/12/2005 03:16 PM 1,121,792 MSKDetct.exe
2 File(s) 1,232,384 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

09/22/2005 05:29 PM 303,104 mcagent.exe
01/11/2006 11:05 AM 212,992 mcupdate.exe
2 File(s) 516,096 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK

11/11/2005 04:00 PM 1,005,096 MpfTray.exe
1 File(s) 1,005,096 bytes

Directory of C:\PROGRA~1\SCANSOFT\OMNIPA~1.0\BAK

03/21/2006 12:19 PM 69,632 OpwareSE4.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

03/30/2006 03:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\COMMON~1\SCANSO~1\SSBKGD~1\BAK

09/29/2003 11:14 PM 155,648 SSBkgdupdate.exe
1 File(s) 155,648 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

67112 Aug 1 2006 "C:\Program Files\AIM\bak\aim.exe"
61440 Nov 13 2002 "J:\Retrospect Backup\Backup copy of Drive C ©\Program Files\AIM95\aim.exe"
216064 Jun 4 2007 "C:\Program Files\BitTorrent_DNA\bak\dna.exe"
43008 Sep 7 2007 "C:\Program Files\BitTorrent\bak\bittorrent.exe"
139264 Dec 9 2005 "C:\Program Files\Digital Media Reader\bak\readericon45G.exe"
29696 Sep 23 2005 "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
267048 Jan 15 2008 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Jan 26 2008 "C:\WINDOWS\Installer\{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}\iTunesIco.exe"
79144 Jan 15 2008 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.0.29\iTunesSetupAdmin.exe"
108096 Jan 24 2007 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\L0GKIZZB\iTunesSetupAdmin[1].exe"
1207080 Jun 20 2006 "C:\Program Files\Microsoft ActiveSync\bak\wcescomm.exe"
385024 Jan 10 2008 "C:\Program Files\QuickTime\bak\QTTask.exe"
77824 Jan 3 2003 "J:\Retrospect Backup\Backup copy of Drive C ©\Program Files\QuickTime\qttask.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
14348 Jan 30 2008 "C:\WINDOWS\ehome\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
13312 Aug 29 2002 "J:\Retrospect Backup\Backup copy of Drive C ©\WINDOWS\SYSTEM32\ctfmon.exe"
1191936 Mar 21 2006 "C:\Program Files\Canon\MyPrinter\bak\BJMyPrt.exe"
52272 May 21 2007 "C:\Program Files\Google\googletoolbar3user.exe"
138168 May 21 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 Jul 21 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
110592 Sep 26 2005 "C:\Program Files\McAfee\SpamKiller\bak\MskAgent.exe"
1121792 Aug 12 2005 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
582992 Aug 3 2007 "C:\Program Files\McAfee.com\Agent\mcagent.exe"
303104 Sep 22 2005 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
394576 Aug 18 2007 "C:\Program Files\McAfee.com\Agent\mcupdate.exe"
212992 Jan 11 2006 "C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe"
1005096 Nov 11 2005 "C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe"
69632 Mar 21 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
155648 Sep 29 2003 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"


end of report

BC AdBot (Login to Remove)

 


#2 SpySentinel

SpySentinel

  • Staff Emeritus
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:02:58 PM

Posted 02 February 2008 - 06:59 PM

Please follow the steps below so we can see if we can get your computer cleaned up:

Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

Click 'Do a System Scan and Save log'. The HJT log will open in notepad. Don't try to fix anything yourself.

Copy and paste the contents of the HJT log into a NEW TOPIC in "HijackThis Logs and Malware Removal"
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Also include a link to this topic. Please be patient as our HJT team members work on serveral forums.

Also you can read the Preparation Guide for use before posting a HijackThis Log

Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#3 bionate

bionate
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:South coast of Mass
  • Local time:02:58 PM

Posted 02 February 2008 - 08:50 PM

Thanks. Posted here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users