Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Doginhispen Trojan/virus


  • Please log in to reply
2 replies to this topic

#1 Omfugga

Omfugga

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 08 February 2008 - 05:08 PM

Hello, I am new to this forum and I've been looking around the threads to see if they can help me, but so far to no avail. I did however download FindAWF to see if I can get any help.

OS: Windows XP Home edition Service pack 2.

Here is the log that I recieved from FindAWF:


Find AWF report by noahdfear 2006
Version 1.40

The current date is: Fri 02/08/2008
The current time is: 16:53:24.82


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\DELLSU~1\BAK

08/28/2006 08:57 PM 395,776 DSAgnt.exe
1 File(s) 395,776 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/29/2007 05:24 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\WINAMP\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 04:00 AM 15,360 ctfmon.exe
10/08/2004 10:52 AM 221,184 LVCOMSX.EXE
12/19/2005 02:08 PM 1,347,584 WLTRAY.exe
3 File(s) 1,584,128 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATI.ACE\BAK

05/10/2006 09:12 AM 90,112 CLIStart.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\DELL\QUICKSET\BAK

02/20/2007 11:29 AM 1,191,936 Quickset.exe
1 File(s) 1,191,936 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK

07/08/2007 11:56 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

09/22/2006 10:47 AM 761,947 SynTPEnh.exe
1 File(s) 761,947 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

06/11/2007 05:16 PM 4,670,968 YAHOOM~1.EXE
1 File(s) 4,670,968 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

09/08/2005 04:20 AM 122,940 DLACTRLW.EXE
1 File(s) 122,940 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

07/27/2004 03:50 PM 221,184 ISUSPM.exe
1 File(s) 221,184 bytes

Directory of C:\PROGRA~1\COMMON~1\NERO\LIB\BAK

03/01/2007 02:57 PM 153,136 NeroCheck.exe
10/23/2007 02:18 PM 202,024 NMBgMonitor.exe
2 File(s) 355,160 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

07/06/2007 08:07 PM 185,896 realsched.exe
1 File(s) 185,896 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

11/10/2005 12:03 PM 36,975 jusched.exe
1 File(s) 36,975 bytes

Directory of C:\PROGRA~1\NERO\NERO8\NEROBA~1\BAK

09/20/2007 08:51 AM 1,836,328 NBKeyScan.exe
1 File(s) 1,836,328 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14860 Feb 4 2008 "C:\Program Files\Dell Support\DSAgnt.exe"
395776 Aug 28 2006 "C:\Program Files\Dell Support\bak\DSAgnt.exe"
14860 Feb 4 2008 "C:\Program Files\QuickTime\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
8192 Feb 20 2001 "C:\WINDOWS\Temp\UB MS Office Professional 2003\FILES\SYSTEM\CTFMON.EXE"
14860 Feb 4 2008 "C:\WINDOWS\system32\LVCOMSX.EXE"
221184 Oct 8 2004 "C:\WINDOWS\system32\bak\LVCOMSX.EXE"
14860 Feb 4 2008 "C:\WINDOWS\system32\WLTRAY.exe"
1347584 Dec 19 2005 "C:\WINDOWS\system32\bak\WLTRAY.exe"
14860 Feb 4 2008 "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
90112 May 10 2006 "C:\Program Files\ATI Technologies\ATI.ACE\bak\CLIStart.exe"
14860 Feb 4 2008 "C:\Program Files\Dell\QuickSet\Quickset.exe"
1191936 Feb 20 2007 "C:\Program Files\Dell\QuickSet\bak\Quickset.exe"
40960 Jun 12 2007 "C:\Program Files\Google\googletoolbar1user.exe"
14860 Feb 4 2008 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
1145896 Jul 6 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 Jul 8 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 Jul 8 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
14860 Feb 4 2008 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
761947 Sep 22 2006 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
761947 Sep 22 2006 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
14860 Feb 4 2008 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
4670968 Jun 11 2007 "C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE"
14860 Feb 4 2008 "C:\WINDOWS\system32\DLA\DLACTRLW.EXE"
122940 Sep 8 2005 "C:\Program Files\Roxio\DLA\install\dlactrlw.exe"
122940 Sep 8 2005 "C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE"
14860 Feb 4 2008 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
14860 Feb 4 2008 "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
153136 Mar 1 2007 "C:\Program Files\Common Files\Nero\Lib\bak\NeroCheck.exe"
14860 Feb 4 2008 "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
202024 Oct 23 2007 "C:\Program Files\Common Files\Nero\Lib\bak\NMBgMonitor.exe"
14860 Feb 4 2008 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185896 Jul 6 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
14860 Feb 4 2008 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"
14860 Feb 4 2008 "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
1836328 Sep 20 2007 "C:\Program Files\Nero\Nero8\Nero BackItUp\bak\NBKeyScan.exe"


end of report

Thank you guys in advance.

BC AdBot (Login to Remove)

 


m

#2 Omfugga

Omfugga
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 08 February 2008 - 11:49 PM

Sorry for the double post and I'm sorry if I seem a bit inpatient, but this Trojan is really aggravating me. I've tried spy ware removal tools (Spy Doctor & Spybot) and I ran a Norton 2006 scan and nothing seems to be picking it up. :thumbsup:

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,703 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:32 PM

Posted 09 February 2008 - 12:07 AM

Hello Omfugga and welcome to BC :flowers:

You have a tricky infection related to downloader.awf and it has been known to come back. It will take several steps to remove the infection. A malware expert will need to study your AWF log and guide you through the next steps. Please be patient until one can get to you.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users