Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Doginhispen Infection


  • This topic is locked This topic is locked
13 replies to this topic

#1 pugmastiff

pugmastiff

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 08 March 2008 - 03:23 PM

I've read a few threads on this, here. It seems the first step is running a FindAWF log for bak files. I've done this, now I need help going forward with this pesky critter.
If someone is able to help, I'll provide the file. Or, if there is a different way to go about it- please inform.
Thanks!

BC AdBot (Login to Remove)

 


#2 pugmastiff

pugmastiff
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 08 March 2008 - 04:39 PM

BTW... I'm running Win XT home SP2.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:13 PM

Posted 08 March 2008 - 05:59 PM

Copy and paste the contents of the awf.txt file in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 pugmastiff

pugmastiff
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 08 March 2008 - 06:43 PM

Find AWF report by noahdfear 2006
Version 1.40

The current date is: Sat 03/08/2008
The current time is: 11:56:40.06


bak folders found
~~~~~~~~~~~


Directory of C:\WINNT\BAK

03/06/2002 07:08 AM 40,960 GWMDMpi.exe
05/10/2000 10:00 PM 90,112 UpdReg.EXE
2 File(s) 131,072 bytes

Directory of C:\PROGRA~1\DIGSTR~1\BAK

05/18/2005 01:49 PM 282,624 digstream.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

09/14/2007 09:00 AM 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes

Directory of C:\PROGRA~1\MIF2B0~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/29/2007 05:24 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\WIFD1F~1\BAK

11/03/2006 06:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes

Directory of C:\WINNT\SYSTEM32\BAK

08/03/2004 11:56 PM 15,360 ctfmon.exe
07/09/2001 08:50 AM 155,648 NeroCheck.exe
2 File(s) 171,008 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSHAR~1\BAK

07/03/2001 08:11 AM 57,344 hpgs2wnd.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

03/11/2007 09:34 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\MICROS~4\SYSTEM\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

08/06/2004 02:33 PM 2,502,656 ypager.exe
1 File(s) 2,502,656 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\IPHSEND\BAK

02/17/2006 08:59 AM 124,520 IPHSend.exe
1 File(s) 124,520 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

01/06/2005 02:17 AM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\CREATIVE\SBAUDIGY\PROGRAM\BAK

10/03/2001 10:00 PM 28,672 ADGJDet.exe
1 File(s) 28,672 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK

09/25/2007 12:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes


05/10/2003 01:49 PM 684,032 DirectCD.exe
1 File(s) 684,032 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\114179~1\EE\BAK

05/09/2006 04:24 PM 50,760 AOLSoftware.exe
1 File(s) 50,760 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

40960 Mar 6 2002 "C:\OEMDRVRS\GWMDMPI.EXE"
14348 Mar 5 2008 "C:\WINNT\GWMDMpi.exe"
40960 Mar 6 2002 "C:\WINNT\bak\GWMDMpi.exe"
14348 Mar 5 2008 "C:\WINNT\UpdReg.EXE"
90112 May 10 2000 "C:\WINNT\bak\UpdReg.EXE"
14348 Mar 5 2008 "C:\Program Files\DIGStream\digstream.exe"
282624 May 18 2005 "C:\Program Files\DIGStream\bak\digstream.exe"
14348 Mar 5 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
267064 Sep 14 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Sep 17 2007 "C:\WINNT\Installer\{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}\iTunesIco.exe"
116024 Aug 13 2007 "C:\WINNT\Temp\Temporary Internet Files\Content.IE5\4PYU8V76\iTunesSetupAdmin[1].exe"
116024 Sep 17 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.2.4\iTunesSetupAdmin.exe"
14348 Mar 5 2008 "C:\Program Files\QuickTime\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
14348 Mar 5 2008 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
15360 Aug 3 2004 "C:\WINNT\system32\ctfmon.exe"
15360 Aug 3 2004 "C:\WINNT\system32\bak\ctfmon.exe"
14348 Mar 5 2008 "C:\WINNT\system32\NeroCheck.exe"
155648 Jul 9 2001 "C:\WINNT\system32\bak\NeroCheck.exe"
14348 Mar 5 2008 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
57344 Jul 3 2001 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe"
14348 Mar 5 2008 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Mar 11 2007 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
14348 Mar 5 2008 "C:\Program Files\Yahoo!\Messenger\ypager.exe"
2502656 Aug 6 2004 "C:\Program Files\Yahoo!\Messenger\bak\ypager.exe"
14348 Mar 5 2008 "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
124520 Feb 17 2006 "C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe"
14348 Mar 5 2008 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jan 6 2005 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
14348 Mar 5 2008 "C:\Program Files\Creative\SBAudigy\Program\ADGJDet.exe"
28672 Oct 3 2001 "C:\Program Files\Creative\SBAudigy\Program\bak\ADGJDet.exe"
36975 Dec 6 2004 "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
36975 Aug 26 2005 "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
14348 Mar 5 2008 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
14348 Mar 5 2008 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
684032 May 10 2003 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe"
42032 May 25 2007 "C:\Program Files\AIM6\aolsoftware.exe"
14348 Mar 5 2008 "C:\Program Files\Common Files\AOL\1141791287\ee\AOLSoftware.exe"
50760 May 9 2006 "C:\Program Files\Common Files\AOL\1141791287\ee\bak\AOLSoftware.exe"


end of report

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:13 PM

Posted 09 March 2008 - 08:43 AM

Double-click the FindAWF icon once again.
  • If a "Security Alert" shows, allow the program to run.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 2 then 'Enter' to restore files from bak folders
  • A text file named files.txt will then open.
  • Click below the line and copy/paste the following list of files in the quote box into the text file:

"C:\WINNT\bak\GWMDMpi.exe"
"C:\WINNT\bak\UpdReg.EXE"
"C:\Program Files\DIGStream\bak\digstream.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\Windows Defender\bak\MSASCui.exe"
"C:\WINNT\system32\bak\ctfmon.exe"
"C:\WINNT\system32\bak\NeroCheck.exe"
"C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\Yahoo!\Messenger\bak\ypager.exe"
"C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe"
"C:\Program Files\Creative\SBAudigy\Program\bak\ADGJDet.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe"
"C:\Program Files\Common Files\AOL\1141791287\ee\bak\AOLSoftware.exe"

  • Close the text file and click Yes to save the changes. Once files.txt is saved, FindAWF does the following:
    • It attempts to terminate the process represented by each filename on the list (if running).
    • Deletes the rogue file from the parent folder (if present).
    • Copies the original file to the parent folder.
  • When done, it automatically runs a new scan and opens a new log.
  • Please copy/paste the contents of the new awf.txt log in your reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 pugmastiff

pugmastiff
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 09 March 2008 - 10:47 AM

Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: Sun 03/09/2008
The current time is: 8:38:30.43


bak folders found
~~~~~~~~~~~


Directory of C:\WINNT\BAK

03/06/2002 08:08 AM 40,960 GWMDMpi.exe
05/10/2000 11:00 PM 90,112 UpdReg.EXE
2 File(s) 131,072 bytes

Directory of C:\PROGRA~1\DIGSTR~1\BAK

05/18/2005 02:49 PM 282,624 digstream.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

09/14/2007 10:00 AM 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes

Directory of C:\PROGRA~1\MIF2B0~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/29/2007 06:24 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\WIFD1F~1\BAK

11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes

Directory of C:\WINNT\SYSTEM32\BAK

08/04/2004 12:56 AM 15,360 ctfmon.exe
07/09/2001 09:50 AM 155,648 NeroCheck.exe
2 File(s) 171,008 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSHAR~1\BAK

07/03/2001 09:11 AM 57,344 hpgs2wnd.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

03/11/2007 10:34 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\MICROS~4\SYSTEM\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

08/06/2004 03:33 PM 2,502,656 ypager.exe
1 File(s) 2,502,656 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\IPHSEND\BAK

02/17/2006 09:59 AM 124,520 IPHSend.exe
1 File(s) 124,520 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

01/06/2005 03:17 AM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\CREATIVE\SBAUDIGY\PROGRAM\BAK

10/03/2001 11:00 PM 28,672 ADGJDet.exe
1 File(s) 28,672 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK

09/25/2007 01:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes


05/10/2003 02:49 PM 684,032 DirectCD.exe
1 File(s) 684,032 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\114179~1\EE\BAK

05/09/2006 05:24 PM 50,760 AOLSoftware.exe
1 File(s) 50,760 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

40960 Mar 6 2002 "C:\OEMDRVRS\GWMDMPI.EXE"
40960 Mar 6 2002 "C:\WINNT\GWMDMpi.exe"
40960 Mar 6 2002 "C:\WINNT\bak\GWMDMpi.exe"
90112 May 10 2000 "C:\WINNT\UpdReg.EXE"
90112 May 10 2000 "C:\WINNT\bak\UpdReg.EXE"
282624 May 18 2005 "C:\Program Files\DIGStream\digstream.exe"
282624 May 18 2005 "C:\Program Files\DIGStream\bak\digstream.exe"
267064 Sep 14 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267064 Sep 14 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Sep 17 2007 "C:\WINNT\Installer\{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}\iTunesIco.exe"
116024 Aug 13 2007 "C:\WINNT\Temp\Temporary Internet Files\Content.IE5\4PYU8V76\iTunesSetupAdmin[1].exe"
116024 Sep 17 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.2.4\iTunesSetupAdmin.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
15360 Aug 4 2004 "C:\WINNT\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINNT\system32\bak\ctfmon.exe"
155648 Jul 9 2001 "C:\WINNT\system32\NeroCheck.exe"
155648 Jul 9 2001 "C:\WINNT\system32\bak\NeroCheck.exe"
57344 Jul 3 2001 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
57344 Jul 3 2001 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe"
49152 Mar 11 2007 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Mar 11 2007 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
2502656 Aug 6 2004 "C:\Program Files\Yahoo!\Messenger\ypager.exe"
2502656 Aug 6 2004 "C:\Program Files\Yahoo!\Messenger\bak\ypager.exe"
124520 Feb 17 2006 "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
124520 Feb 17 2006 "C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe"
14348 Mar 5 2008 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jan 6 2005 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
28672 Oct 3 2001 "C:\Program Files\Creative\SBAudigy\Program\ADGJDet.exe"
28672 Oct 3 2001 "C:\Program Files\Creative\SBAudigy\Program\bak\ADGJDet.exe"
36975 Dec 6 2004 "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
36975 Aug 26 2005 "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
684032 May 10 2003 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
684032 May 10 2003 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe"
42032 May 25 2007 "C:\Program Files\AIM6\aolsoftware.exe"
50760 May 9 2006 "C:\Program Files\Common Files\AOL\1141791287\ee\AOLSoftware.exe"
50760 May 9 2006 "C:\Program Files\Common Files\AOL\1141791287\ee\bak\AOLSoftware.exe"


end of report

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:13 PM

Posted 09 March 2008 - 07:15 PM

Double-click the FindAWF icon once again.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 3 then 'Enter' to remove bak folders.
  • A text file named files.txt will then open.
  • Click below the line and copy/paste the following list of folders in the quote box into the text file:

C:\WINNT\bak
C:\Program Files\DIGStream\bak
C:\Program Files\iTunes\bak
C:\Program Files\QuickTime\bak
C:\Program Files\Windows Defender\bak
C:\WINNT\system32\bak
C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak
C:\Program Files\HP\HP Software Update\bak
C:\Program Files\Yahoo!\Messenger\bak
C:\Program Files\Common Files\AOL\IPHSend\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Creative\SBAudigy\Program\bak
C:\Program Files\Java\jre1.6.0_03\bin\bak
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak
C:\Program Files\Common Files\AOL\1141791287\ee\bak

  • Close the text file and click Yes to save the changes.
  • When done, it automatically runs a new scan and opens a new log.
  • Please copy/paste the contents of the new awf.txt log in your reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 pugmastiff

pugmastiff
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 09 March 2008 - 07:34 PM

Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Sun 03/09/2008
The current time is: 17:30:40.18


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MIF2B0~1\BAK

0 File(s) 0 bytes

Directory of C:\WINNT\SYSTEM32\BAK

07/09/2001 09:50 AM 155,648 NeroCheck.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\MICROS~4\SYSTEM\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

155648 Jul 9 2001 "C:\WINNT\system32\NeroCheck.exe"
155648 Jul 9 2001 "C:\WINNT\system32\bak\NeroCheck.exe"


end of report

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:13 PM

Posted 10 March 2008 - 09:12 AM

Open Windows Explorer, navigate to and delete the following bak folder(s):
C:\WINNT\system32\bak <- this folder

Double-click the FindAWF icon once again.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 4 then 'Enter' to reset domain zones.
  • You will receive a warning to reset domain zones.
  • Press 1 then 'Enter'.
  • When done, you will receive a message: "Done! Zones have been reset".
  • After resetting the domain zones, the program will return to the main menu.
  • Press E then 'Enter' to EXIT.
  • Note: If you had manually added any sites in the trusted zones, they will need to be re-inserted.
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 pugmastiff

pugmastiff
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 10 March 2008 - 09:50 AM

OK... I've completed those instructions.

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:13 PM

Posted 10 March 2008 - 10:05 AM

Any more signs of infection?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 pugmastiff

pugmastiff
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 10 March 2008 - 08:05 PM

Unfortunately, I'm still getting them popping into my history. One address is 88.80.7.66

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:13 PM

Posted 11 March 2008 - 08:30 AM

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install the current version of HJT in the proper location.) If using Windows Vista, be sure to Run As Administrator.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,856 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:13 PM

Posted 29 March 2008 - 11:50 PM

HJT log is posted here: http://www.bleepingcomputer.com/forums/t/137086/adoginhispen-bskitoday-etc-virus/

Now that the log is posted, DO NOT make any further changes to your computer: deleting files, editing the registry, using special fix tools, installing or uninstalling software etc. as this will make it more difficult for the HJT team to help you.

Please be patient as the HJT team is EXTREMELY busy. DO NOT bump your log as the team may think that someone is already helping you. If you have not had a response by, let's say, April 6 add a response to the five days no response topic and paste in the link to your thread.

To avoid confusion, I am closing this topic. Good luck with your log pugmastiff.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users