Hi crystalline, and welcome to Techspot
You have a rather nasty infection that is becoming common.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
First of all DO NOT use Internet Explorer unless the instructions specifically ask you to while we remove this.
Download Firefox and use this for now. It is a more secure browser, but I will leave it up to you if you want to keep it afterwards.
Firefox link =
http://www.mozilla.com/en-US/firefox/
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
It shows you have AVG installed. Go to Start -> Settings -> control Panel -> Administrative Tools -> Services
Stop the
AVG Anti-Spyware Guard and
a-squared Free Service (a2free)
services from running by right-click it and choose Stop. Right click it again and choose Properties. In the Properties dialog box that appears, choose Manual from the Startup Type drop-down list and choose Disabled.
Now uninstall AVG Anti-Spyware through Start -> Settings -> Control Panel -> add/remove programs
Highlight and select remove, then you can attempt to reinstall, or we can use a different program altogether just let me know.
If it doesn't work we can remove it and I will give instructions on a substitute program.
------------------------------------------------------------------------------------------------------------------------------------
Right click on this link
DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.
-------------------------------------------------------------------------------------------------------------------------------------
Open Internet Explorer
click
tools ->
internet options.
Click the
Security tab
Click on the
Trusted sites icon.
Click the
sites button and remove all sites from the trusted zone by selecting
them and clicking the
remove button.
Once done, click
ok.
Warning! Do not click the links below in the qoute box.
Then, click the
privacy tab and click the
sites button. In the address bar type
www.whataboutadog.com and click the Block button. Do this for
www.whataboutarabbit.com and
www.doginhispen.com and
www.b.skitodayplease.com as well.
Click ok, then ok again and close IE. reboot your system.
----------------------------------------------------------------------------------------------------------------------------------------
1)
Update your Java Runtime Environment
- First try going to Start -> Control Panel -> double click Java
- Select the Update TAb at the top of the Java console
- Click the Check for Updates button at the bottom
- If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
- After it installs the newest version Go back to Control Panel -> Add/remove programs
- Uninstall any older versions of Java
If for some reason you couldn't update through the above instructions.
- Click the following link
Java Runtime Environment 6 Update 5
- The 4th option down is the one you want (click Download)
- Check the box to agree to terms of service
- Check the box for your operating system and click 'Download selected'at the bottom
- After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
- Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder
--------------------------------------------------------------------------------------------------
2) I see that
Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting
Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect.
Viewpoint Manager is considered as
foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read
Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the
the Viewpoint components :
- Click Start, point to Settings, and then click Control Panel.
- In Control Panel, double-click Add or Remove Programs.
- In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
How to prevent it from being recreated every time you run the AOL software:
- Open AOL
- Go to Help on the toolbar
- Select About AOL
- Hit Ctrl D and a secret panel can be accessed which will allow you to disable all desktop and IM features associated with Viewpoint.
---------------------------------------------------------------------------------------------------------
FindAWF
Click here to download FindAWF.exe and save it to your desktop.
- Double-click on the FindAWF.exe file to run it.
- It will open a command prompt and ask you to Press any key to continue.
- Press 1 and then Enter, and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.
- It may take a few minutes to complete so be patient.
- When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or to the same location as FindAWF.exe.
- Attach AWF.txt file in your next reply.
----------------------------------------------------------------------------------------------------------------------------------
If you get AVGAS to run, attach the log in your next reply. Run a scan and save a log with Hijackthis again and also attach this log after completing the above. Also the FindAWF log
So logs needed =
1)AVG log if it works
2)New Hijackthis after completing instructions
3)FindAWF log
The instructions in this thread are for the use of crystalline only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.