Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A.doginhispen And 88.80.7.66 Infection... Another Victim


  • Please log in to reply
7 replies to this topic

#1 Javaxcx

Javaxcx

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 23 February 2008 - 03:18 PM

Hello, like the others I've seen on this forum I have a similar problem as a few of them. I really hate to ask for help on a problem with so many instances, but I don't know precisely what AWF does and I don't want to go around deleting files when I'm not sure what I'm doing. My AWF.txt file gave me this information:




Version 1.40

The current date is: Sat 02/23/2008
The current time is: 15:08:22.37


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ITUNES\BAK

01/11/2008 02:10 AM 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes

Directory of C:\PROGRA~1\MICROS~4\BAK

01/11/2008 02:10 AM 813,912 itype.exe
1 File(s) 813,912 bytes

Directory of C:\PROGRA~1\MIFB84~1\BAK

01/11/2008 02:10 AM 849,280 ipoint.exe
1 File(s) 849,280 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

01/11/2008 02:10 AM 385,024 JMRaidTool.exe
1 File(s) 385,024 bytes

Directory of C:\PROGRA~1\BILLPS~1\WINPAT~1\BAK

01/11/2008 02:10 AM 292,152 winpatrol.exe
1 File(s) 292,152 bytes

Directory of C:\PROGRA~1\CREATIVE\SOUNDB~1\VOLUME~1\BAK

01/11/2008 02:06 AM 122,880 VolPanlu.exe
1 File(s) 122,880 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 Jan 30 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
267048 Jan 11 2008 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Dec 25 2007 "C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe"
116008 Dec 11 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
14348 Jan 30 2008 "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
813912 Jan 11 2008 "C:\Program Files\Microsoft IntelliType Pro\bak\itype.exe"
14348 Jan 30 2008 "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
849280 Jan 11 2008 "C:\Program Files\Microsoft IntelliPoint\bak\ipoint.exe"
14348 Jan 30 2008 "C:\WINDOWS\system32\JMRaidTool.exe"
385024 Jan 11 2008 "C:\WINDOWS\system32\bak\JMRaidTool.exe"
316728 Jan 27 2008 "C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe"
292152 Jan 11 2008 "C:\Program Files\BillP Studios\WinPatrol\bak\winpatrol.exe"
14348 Jan 30 2008 "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe"
122880 Jan 11 2008 "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\bak\VolPanlu.exe"


end of report

I realize this problem is persistent, but it is annoying enough as it is so I would like to try anything someone can show me to do to get rid of it.

Thanks!

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:32 PM

Posted 23 February 2008 - 03:49 PM

Please uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.
Doginhispen
Skitodayplease


If your homepage has been changed, go to Start > Control Panel > Internet Options > General Tab and under Home Page, click Use Default. Add default homepage you want to use and click Apply > then OK. Open a new web browser and check to ensure you have the default homepage you selected. When done, "Clear your browser history" by following the instructions provided for your web browser.

Double-click the FindAWF icon once again.
  • If a "Security Alert" shows, allow the program to run.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 2 then 'Enter' to restore files from bak folders
  • A text file named files.txt will then open.
  • Click below the line and copy/paste the following list of files in the quote box into the text file:

"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\Microsoft IntelliType Pro\bak\itype.exe"
"C:\Program Files\Microsoft IntelliPoint\bak\ipoint.exe"
"C:\WINDOWS\system32\bak\JMRaidTool.exe"
"C:\Program Files\BillP Studios\WinPatrol\bak\winpatrol.exe"
"C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\bak\VolPanlu.exe"

  • Close the text file and click Yes to save the changes. Once files.txt is saved, FindAWF does the following:
    • It attempts to terminate the process represented by each filename on the list (if running).
    • Deletes the rogue file from the parent folder (if present).
    • Copies the original file to the parent folder.
  • When done, it automatically runs a new scan and opens a new log.
  • Please copy/paste the contents of the new awf.txt log in your reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Javaxcx

Javaxcx
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 23 February 2008 - 04:01 PM

Thanks for the speedy reply, this is what the second report shows:



Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: Sat 02/23/2008
The current time is: 16:00:51.10


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ITUNES\BAK

01/11/2008 02:10 AM 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes

Directory of C:\PROGRA~1\MICROS~4\BAK

01/11/2008 02:10 AM 813,912 itype.exe
1 File(s) 813,912 bytes

Directory of C:\PROGRA~1\MIFB84~1\BAK

01/11/2008 02:10 AM 849,280 ipoint.exe
1 File(s) 849,280 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

01/11/2008 02:10 AM 385,024 JMRaidTool.exe
1 File(s) 385,024 bytes

Directory of C:\PROGRA~1\BILLPS~1\WINPAT~1\BAK

01/11/2008 02:10 AM 292,152 winpatrol.exe
1 File(s) 292,152 bytes

Directory of C:\PROGRA~1\CREATIVE\SOUNDB~1\VOLUME~1\BAK

01/11/2008 02:06 AM 122,880 VolPanlu.exe
1 File(s) 122,880 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

267048 Jan 11 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
267048 Jan 11 2008 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Dec 25 2007 "C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe"
116008 Dec 11 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
813912 Jan 11 2008 "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
813912 Jan 11 2008 "C:\Program Files\Microsoft IntelliType Pro\bak\itype.exe"
849280 Jan 11 2008 "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
849280 Jan 11 2008 "C:\Program Files\Microsoft IntelliPoint\bak\ipoint.exe"
385024 Jan 11 2008 "C:\WINDOWS\system32\JMRaidTool.exe"
385024 Jan 11 2008 "C:\WINDOWS\system32\bak\JMRaidTool.exe"
292152 Jan 11 2008 "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe"
292152 Jan 11 2008 "C:\Program Files\BillP Studios\WinPatrol\bak\winpatrol.exe"
122880 Jan 11 2008 "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe"
122880 Jan 11 2008 "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\bak\VolPanlu.exe"


end of report

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:32 PM

Posted 23 February 2008 - 04:07 PM

Double-click the FindAWF icon once again.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 3 then 'Enter' to remove bak folders.
  • A text file named files.txt will then open.
  • Click below the line and copy/paste the following list of folders in the quote box into the text file:

C:\Program Files\iTunes\bak
C:\Program Files\Microsoft IntelliType Pro\bak
C:\Program Files\Microsoft IntelliPoint\bak
C:\WINDOWS\system32\bak
C:\Program Files\BillP Studios\WinPatrol\bak
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\bak

  • Close the text file and click Yes to save the changes.
  • When done, it automatically runs a new scan and opens a new log.
  • Please copy/paste the contents of the new awf.txt log in your reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Javaxcx

Javaxcx
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 23 February 2008 - 04:09 PM

Again, thanks for the quick troubleshooting:


Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Sat 02/23/2008
The current time is: 16:09:21.21


bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:32 PM

Posted 23 February 2008 - 04:13 PM

Double-click the FindAWF icon once again.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 4 then 'Enter' to reset domain zones.
  • You will receive a warning to reset domain zones.
  • Press 1 then 'Enter'.
  • When done, you will receive a message: "Done! Zones have been reset".
  • After resetting the domain zones, the program will return to the main menu.
  • Press E then 'Enter' to EXIT.
  • Note: If you had manually added any sites in the trusted zones, they will need to be re-inserted.
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Javaxcx

Javaxcx
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 23 February 2008 - 04:18 PM

Okay perfect, I'll post in this thread again if the infection returns. Thank you very much for your continued assistence!

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:32 PM

Posted 23 February 2008 - 10:17 PM

Your welcome.

To protect yourself against malware and reduce the potential for re-infection, be sure to read:
"Simple and easy ways to keep your computer safe".
"How did I get infected?, With steps so it does not happen again!".
"Best Practices - Internet Safety for 2008".
"Hardening Windows Security - Part 1 & Part 2".
"IE Recommended Minimal Security Settings".
"Block Unwanted Parasites with a Custom Hosts File" - Instructions for the MVPS HOSTS File
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users