Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A.doginhispen And 88.80.7.66 Viruses. Help!


  • Please log in to reply
16 replies to this topic

#1 shawnlomax

shawnlomax

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 15 February 2008 - 06:38 PM

for like i week, i have seen these two sites in my history. what do i need to do?

BC AdBot (Login to Remove)

 


#2 shawnlomax

shawnlomax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 15 February 2008 - 06:49 PM

i ran the awf program and this is what i got:


Find AWF report by noahdfear 2006
Version 1.40

The current date is: Fri 02/15/2008
The current time is: 17:39:31.54


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ITUNES\BAK

12/11/2007 12:10 PM 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

12/11/2007 10:56 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 01:56 AM 15,360 ctfmon.exe
10/19/2005 07:59 AM 126,976 hkcmd.exe
10/19/2005 07:59 AM 155,648 igfxtray.exe
3 File(s) 297,984 bytes

Directory of C:\PROGRA~1\BROADJ~1\CLIENT~1\BAK

09/10/2002 08:26 PM 368,706 CFD.exe
1 File(s) 368,706 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

12/02/2003 04:11 PM 54,296 ccApp.exe
12/02/2003 04:11 PM 58,392 ccRegVfy.exe
2 File(s) 112,688 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~1\BAK

01/19/2006 11:06 AM 110,592 mm_tray.exe
1 File(s) 110,592 bytes

Directory of C:\PROGRA~1\NORTON~1\ADVTOOLS\BAK

08/26/2002 09:35 PM 79,480 ADVCHK.EXE
1 File(s) 79,480 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

08/06/2003 12:04 AM 114,741 tfswctrl.exe
1 File(s) 114,741 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

11/06/2007 08:26 PM 185,632 realsched.exe
1 File(s) 185,632 bytes

Directory of C:\PROGRA~1\COMMON~1\SONIC\UPDATE~1\BAK

08/19/2003 01:01 AM 110,592 sgtray.exe
1 File(s) 110,592 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

03/11/2003 02:08 AM 172,032 hpztsb08.exe
1 File(s) 172,032 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 Jan 30 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
267048 Dec 11 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Jan 5 2008 "C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe"
116008 Dec 11 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
14348 Jan 30 2008 "C:\Program Files\QuickTime\qttask.exe"
286720 Dec 11 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
14348 Jan 30 2008 "C:\WINDOWS\system32\hkcmd.exe"
126976 Oct 19 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
118784 Oct 2 2003 "C:\DELL\drivers\R70267\Graphics\Win2000\hkcmd.exe"
118784 Oct 2 2003 "C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\hkcmd.exe"
14348 Jan 30 2008 "C:\WINDOWS\system32\igfxtray.exe"
155648 Oct 19 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
155648 Oct 2 2003 "C:\DELL\drivers\R70267\Graphics\Win2000\igfxtray.exe"
155648 Oct 2 2003 "C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\igfxtray.exe"
14348 Jan 30 2008 "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
368706 Sep 10 2002 "C:\Program Files\BroadJump\Client Foundation\bak\CFD.exe"
14348 Jan 30 2008 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
54296 Dec 2 2003 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
14348 Jan 30 2008 "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
58392 Dec 2 2003 "C:\Program Files\Common Files\Symantec Shared\bak\ccRegVfy.exe"
14348 Jan 30 2008 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
110592 Jan 19 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe"
110592 Feb 26 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
14348 Jan 30 2008 "C:\Program Files\Norton AntiVirus\AdvTools\ADVCHK.EXE"
79480 Aug 26 2002 "C:\Program Files\Norton AntiVirus\AdvTools\bak\ADVCHK.EXE"
14348 Jan 30 2008 "C:\WINDOWS\system32\dla\tfswctrl.exe"
114741 Aug 6 2003 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
114741 Aug 6 2003 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
14348 Jan 30 2008 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185632 Nov 6 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
14348 Jan 30 2008 "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"
110592 Aug 19 2003 "C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"
14348 Jan 30 2008 "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe"
172032 Mar 11 2003 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb08.exe"


end of report

#3 shawnlomax

shawnlomax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 21 February 2008 - 12:01 AM

anyone? lol I have windows XP

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:16 PM

Posted 21 February 2008 - 07:51 AM

Hello shawnlomax. Looks like we missed your initial post so I apologize for you having to wait.

Double-click the FindAWF icon once again.
  • If a "Security Alert" shows, allow the program to run.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 2 then 'Enter' to restore files from bak folders
  • A text file named files.txt will then open.
  • Click below the line and copy/paste the following list of files in the quote box into the text file:

"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\WINDOWS\system32\bak\hkcmd.exe"
"C:\WINDOWS\system32\bak\igfxtray.exe"
"C:\Program Files\BroadJump\Client Foundation\bak\CFD.exe"
"C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
"C:\Program Files\Common Files\Symantec Shared\bak\ccRegVfy.exe"
"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe"
"C:\Program Files\Norton AntiVirus\AdvTools\ba
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb08.exe"

  • Close the text file and click Yes to save the changes. Once files.txt is saved, FindAWF does the following:
    • It attempts to terminate the process represented by each filename on the list (if running).
    • Deletes the rogue file from the parent folder (if present).
    • Copies the original file to the parent folder.
  • When done, it automatically runs a new scan and opens a new log.
  • Please copy/paste the contents of the new awf.txt log in your reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 shawnlomax

shawnlomax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 21 February 2008 - 11:12 PM

lol better late than never!

Results:

11/06/2007 08:26 PM 185,632 realsched.exe
1 File(s) 185,632 bytes

Directory of C:\PROGRA~1\COMMON~1\SONIC\UPDATE~1\BAK

08/19/2003 01:01 AM 110,592 sgtray.exe
1 File(s) 110,592 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

03/11/2003 02:08 AM 172,032 hpztsb08.exe
1 File(s) 172,032 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

267048 Dec 11 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267048 Dec 11 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Jan 5 2008 "C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe"
116008 Dec 11 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
286720 Dec 11 2007 "C:\Program Files\QuickTime\qttask.exe"
286720 Dec 11 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
126976 Oct 19 2005 "C:\WINDOWS\system32\hkcmd.exe"
126976 Oct 19 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
118784 Oct 2 2003 "C:\DELL\drivers\R70267\Graphics\Win2000\hkcmd.exe"
118784 Oct 2 2003 "C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\hkcmd.exe"
155648 Oct 19 2005 "C:\WINDOWS\system32\igfxtray.exe"
155648 Oct 19 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
155648 Oct 2 2003 "C:\DELL\drivers\R70267\Graphics\Win2000\igfxtray.exe"
155648 Oct 2 2003 "C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\igfxtray.exe"
368706 Sep 10 2002 "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
368706 Sep 10 2002 "C:\Program Files\BroadJump\Client Foundation\bak\CFD.exe"
54296 Dec 2 2003 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
54296 Dec 2 2003 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
58392 Dec 2 2003 "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
58392 Dec 2 2003 "C:\Program Files\Common Files\Symantec Shared\bak\ccRegVfy.exe"
110592 Jan 19 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
110592 Jan 19 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe"
110592 Feb 26 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
14348 Jan 30 2008 "C:\Program Files\Norton AntiVirus\AdvTools\ADVCHK.EXE"
79480 Aug 26 2002 "C:\Program Files\Norton AntiVirus\AdvTools\bak\ADVCHK.EXE"
14348 Jan 30 2008 "C:\WINDOWS\system32\dla\tfswctrl.exe"
114741 Aug 6 2003 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
114741 Aug 6 2003 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
185632 Nov 6 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185632 Nov 6 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
110592 Aug 19 2003 "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"
110592 Aug 19 2003 "C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"
172032 Mar 11 2003 "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe"
172032 Mar 11 2003 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb08.exe"


end of report

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:16 PM

Posted 21 February 2008 - 11:17 PM

Double-click the FindAWF icon once again.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 3 then 'Enter' to remove bak folders.
  • A text file named files.txt will then open.
  • Click below the line and copy/paste the following list of folders in the quote box into the text file:

C:\Program Files\iTunes\bak
C:\Program Files\QuickTime\bak
C:\WINDOWS\system32\bak
C:\WINDOWS\system32\bak
C:\WINDOWS\system32\bak
C:\Program Files\BroadJump\Client Foundation\bak
C:\Program Files\Common Files\Symantec Shared\bak
C:\Program Files\Common Files\Symantec Shared\bak
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak
C:\Program Files\Norton AntiVirus\AdvTools\bak
C:\WINDOWS\system32\dla\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Common Files\Sonic\Update Manager\bak
C:\WINDOWS\system32\spool\drivers\w32x86\3\bak

  • Close the text file and click Yes to save the changes.
  • When done, it automatically runs a new scan and opens a new log.
  • Please copy/paste the contents of the new awf.txt log in your reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 shawnlomax

shawnlomax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 22 February 2008 - 07:13 PM

Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Fri 02/22/2008
The current time is: 18:07:00.93


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:16 PM

Posted 22 February 2008 - 10:24 PM

Double-click the FindAWF icon once again.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 4 then 'Enter' to reset domain zones.
  • You will receive a warning to reset domain zones.
  • Press 1 then 'Enter'.
  • When done, you will receive a message: "Done! Zones have been reset".
  • After resetting the domain zones, the program will return to the main menu.
  • Press E then 'Enter' to EXIT.
  • Note: If you had manually added any sites in the trusted zones, they will need to be re-inserted.
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 shawnlomax

shawnlomax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 23 February 2008 - 01:17 AM

DONE! is that it? if so, THANK YOU!!!

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:16 PM

Posted 23 February 2008 - 11:40 AM

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 shawnlomax

shawnlomax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 23 February 2008 - 12:03 PM

i signed on today and i found in the history:

b.skitodatplease
88.80.7.66
a.doginhispen

:thumbsup:

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:16 PM

Posted 23 February 2008 - 12:27 PM

Run option #1 again to scan for bak folders and post the log so we can see if you have been reinfected. This infection is persistent and has been known to return even after completing all the steps with this fix tool.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 shawnlomax

shawnlomax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 23 February 2008 - 12:58 PM

you know what, i see my last post was @ 2 am this morning so that could have been OLD but im going to do step one again just in case. ill post what i see in a min.

#14 shawnlomax

shawnlomax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 23 February 2008 - 01:06 PM

Find AWF report by noahdfear 2006
Version 1.40

The current date is: Sat 02/23/2008
The current time is: 11:58:20.64


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report

that's what I got, so I think it was old. I'll Create a New Restore Point now.

Well i restored the system, everything was fine....then it popped back up. :thumbsup:

Edited by shawnlomax, 23 February 2008 - 02:34 PM.


#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:16 PM

Posted 23 February 2008 - 03:43 PM

Your log looks good. Try "clearing your browser history" a few times to make sure everything is completely erased.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users