Doginhispen.com and whataboutadog.com - Trusted Sites in IE

Status
Not open for further replies.
A

apsulliv

Posts: 8   +0
Hi everyone,
I was trying to figure out a problem with Yahoo and came across these sites in my trusted sites list:
doginhispen.com
whataboutadog.com

I have no clue how they got there, but after doing some research, I found some posts that referenced this and it looked like Howard_Hopkinso helped someone figure it out. However, it looks like Howard_Hopkinso is banned as of 12/28/08.

Can anyone help me figure this out? I would greatly appreciate it.

Thank you.

Aaron

p.s. By the way, I am just knowledgable enough to make me dangerous so I am hesitant to try and figure this out on my own. I own two companies and I run Quickbooks off of this computer, and am concerned that I will screw up my computer.
 
DELDOMAINS

Download Deldomains.
  • Save it to your desktop.
  • Right-click DelDomains.inf and select: Install (no need to restart)
  • You may not see any noticeable changes or prompts; this is normal.

Note: The DelDomains.inf file will remove ALL entries in the Trusted, Restricted, and Enhanced Security Configuration Zones. Any entries that you had will need to be entered again. You will have to reimmunize with SpywareBlaster, and/or Spybot after doing this, and reinstall IESpyads if you use any of these programs.

ATF Cleaner

  • Download and Run ATF Cleaner

    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

    Under Main choose:

    • Windows Temp
      Current User Temp
      All Users Temp
      Temporary Internet Files
      Java Cache

      *The other boxes are optional*

      Then click the Empty Selected button.

    if you use Firefox:


    • Click Firefox at the top and choose: Select All

      Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    if you use Opera:


    • Click Opera at the top and choose: Select All

      Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.



    Click Exit on the Main menu to close the program

Open Internet Explorer
click tools -> internet options.

Click the Security tab

Click on the Trusted sites icon.

Click the sites button and remove all sites from the trusted zone by selecting

them and clicking the remove button.

Once done, click ok.

Warning! Do not click the links below in the qoute box.

Then, click the privacy tab and click the sites button. In the address bar type

Links removed after reply
Click to expand...

FindAWF

Download FindAWF.exe and save it to your desktop.

  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to Press any key to continue.
  • Press 1 and then Enter, and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or to the same location as FindAWF.exe.
  • Attach the AWF.txt file in your next reply.
 
Thanks for the help Kritius . . .

I don't know why you guys take the time to do what you do, but I am very much appreciative. Here is the file.

Thanks again.

Aaron
 
Fix AWF Infection Step 2
Copy the file paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\Microsoft ActiveSync\bak\wcescomm.exe"
"C:\Program Files\Microsoft IntelliPoint\bak\ipoint.exe"
"C:\Program Files\QuickTime\bak\QTTask.exe"
"C:\Program Files\SymNetDrv\bak\SNDMon.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe"
"C:\Program Files\Brother\Brmfl05c\bak\BrStDvPt.exe"
"C:\Program Files\Brother\ControlCenter2\bak\brctrcen.exe"
"C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
"C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
"C:\Program Files\Common Files\Ahead\Lib\bak\NeroCheck.exe"
"C:\Program Files\Common Files\Ahead\Lib\bak\NMBgMonitor.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
"C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe"
Click to expand...
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • Press 2 then Enter
  • Notepad will open a file named FindAWF.txt. It will appear with instructions to click below the line and paste the list of files to be restored.
  • Right click below this line and select Edit, Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
  • The program will proceed to move the legit files and will perform another scan for bak folders.
  • It may take a few minutes to complete, so please be patient.
  • When it is complete, it will open a text file in Notepad called AWF.txt.
  • Please attach the AWF.txt file in your next reply.
 
Fix AWF Infection Step 3



Copy the paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Program Files\iTunes\bak
C:\Program Files\Microsoft ActiveSync\bak
C:\Program Files\Microsoft IntelliPoint\bak
C:\Program Files\QuickTime\bak
C:\Program Files\SymNetDrv\bak
C:\WINDOWS\system32\bak
C:\hp\drivers\hplsbwatcher\bak
C:\Program Files\Brother\Brmfl05c\bak
C:\Program Files\Brother\ControlCenter2\bak
C:\Program Files\Common Files\Symantec Shared\bak
C:\Program Files\Adobe\Reader 8.0\Reader\bak
C:\Program Files\Common Files\Ahead\Lib\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak
C:\Program Files\Java\jre1.6.0_02\bin\bak
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak
Click to expand...
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • Select Option 3 from the menu and press Enter.
  • Press any key to continue.
  • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
  • Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
  • The program will proceed to remove the folders and will perform another scan for bak folders.
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in Notepad called AWF.txt.
  • Please copy and paste the contents of the AWF.txt file in your next reply.

Before you close FindAWF, Select Option 4 from the menu and press Enter.

When it's finished the tool will return to the main menu.

Press E to close FindAWF.
 
Here is AWF 3

I hope I did this right. I think I might have screwed it up. I closed the notepad, thinking that AWF would still be open, but I didn't have anything open. So, I reopened it, entered 4 to reset, pressed 1 to continue and then E to exit. I hope I didn't do anything too disrupt what we're trying to do.
Thank you again.
 
Lets try this again,

Fix AWF Infection Step 2
Copy the file paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\Microsoft ActiveSync\bak\wcescomm.exe"
"C:\Program Files\Microsoft IntelliPoint\bak\ipoint.exe"
"C:\Program Files\QuickTime\bak\QTTask.exe"
"C:\Program Files\SymNetDrv\bak\SNDMon.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe"
"C:\Program Files\Brother\Brmfl05c\bak\BrStDvPt.exe"
"C:\Program Files\Brother\ControlCenter2\bak\brctrcen.exe"
"C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
"C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
"C:\Program Files\Common Files\Ahead\Lib\bak\NeroCheck.exe"
"C:\Program Files\Common Files\Ahead\Lib\bak\NMBgMonitor.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
"C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe"
Click to expand...
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • Press 2 then Enter
  • Notepad will open a file named FindAWF.txt. It will appear with instructions to click below the line and paste the list of files to be restored.
  • Right click below this line and select Edit, Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
  • The program will proceed to move the legit files and will perform another scan for bak folders.
  • It may take a few minutes to complete, so please be patient.
  • When it is complete, it will open a text file in Notepad called AWF.txt.
  • Please attach the AWF.txt file in your next reply.



Fix AWF Infection Step 3

Copy the paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\Program Files\iTunes\bak
C:\Program Files\Microsoft ActiveSync\bak
C:\Program Files\Microsoft IntelliPoint\bak
C:\Program Files\QuickTime\bak
C:\Program Files\SymNetDrv\bak
C:\WINDOWS\system32\bak
C:\hp\drivers\hplsbwatcher\bak
C:\Program Files\Brother\Brmfl05c\bak
C:\Program Files\Brother\ControlCenter2\bak
C:\Program Files\Common Files\Symantec Shared\bak
C:\Program Files\Adobe\Reader 8.0\Reader\bak
C:\Program Files\Common Files\Ahead\Lib\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak
C:\Program Files\Java\jre1.6.0_02\bin\bak
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak
Click to expand...
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • Select Option 3 from the menu and press Enter.
  • Press any key to continue.
  • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
  • Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
  • The program will proceed to remove the folders and will perform another scan for bak folders.
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in Notepad called AWF.txt.
  • Please copy and paste the contents of the AWF.txt file in your next reply.

Before you close FindAWF, Select Option 4 from the menu and press Enter.

When it's finished the tool will return to the main menu.

Press E to close FindAWF.

HighjackThis Instructions

  • Make sure you have the LATEST version of HJT (currently v2.0.2) it can be downloaded from HERE
  • Run the HijackThis Installer and it will automatically place HJT in its own folder, usually C:\Program Files\Trend Micro\HijackThis. Please don't change the directory as it is necessary to create backups.
  • After installing, the program launches automatically, select Scan now and save a log
  • After the scan is complete attach the log into your reply.

Do not attempt to fix any item yet.

Do not add anything to the ignore list.

Don't use the AnalyseThis button, its findings are dangerous if misinterpreted.
 
AWF automatically closes when I close the notepad

How do I press 4 at the menu before closing AWF? When I close the notepad document, AWF is nowhere to be found on my computer, so basically I would have to open AWF up again in order to get to the menu.
 
Clarification . . .

AWF is still on my desktop, but it is no longer opened and doesn't appear to be running. When I CTRL-ALT-DELETE, it doesn't show up there after I close the notepad document.
 
Just do each step at a time, the same way that you did it last time.

If it doesn't work, remove AWF then redownload and start again.
 
Here you go. . .

Let me know if this worked. The only problem that I'm having is when the AWF is run and opens up the notepad document, I go to save it and exit. It doesn't leave AWF running. I relaunch AWF to reset the domain zones. Let me know if this is causing a problem.

If I exit the notepad after saving the AWF file, is AWF supposed to stay open? I see that you request that before exiting AWF that I press 4 at the menu, but it doesn't stay open after saving the notepad document.
 
By the way, I reinstalled AWF over the top of the existing AWF on my desktop

I did this by clicking on your first post, which stated the following with the link embeded "Download FindAWF.exe and save it to your desktop"
 
Status
Not open for further replies.

Similar threads

midian182
Google's AI-powered search can recommend malicious sites, including scams and malware
Replies
6
Views
139
James Ryan
J
midian182
JPMorgan Chase CEO says cryptocurrency is only useful for criminals, should be "shut down"
2
Replies
44
Views
871
scavengerspc
scavengerspc
Shawn Knight
Amazon now delivers more packages than FedEx and UPS in the US
Replies
20
Views
442
Jerry in WA
J

Latest posts

Back