TechSpot

HJT and FindAWF logs: I think I'm infected by whataboutadog and/or other bad stuff..

By 29dave
Nov 3, 2007
  1. Hi everybody, I think my computer's infected, could somebody please take a look at this. First I kept getting *.whataboutadog.com in my Trusted Sites every time I rebooted, even after manually removing it. Now I've got line O17 in my HJT log with some domain hijacker I think? I've attached the HJT and AWF logs..... I really don't want to have to reformat or anything like that.... Could somebody please tell me if I need to do anything, thank you........

    Sincerely,

    Dave
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your awf.txt is clean.

    There is no whtaboutadog present in your HJT log, which is also clean.

    However, you have not renamed the HijackThis.exe file. See HERE for instructions.


    Post a fresh HJT log and let me know what if any symptoms you are having.

    Regards Howard :wave: :wave:

    This thread is for the use of 29dave only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. 29dave

    29dave TS Rookie Topic Starter

    Hope I'm clean now...

    Hello Howard, thanks for the prompt reply! I definitely appreciate your help. I hope that my computer is clean. *.whataboutadog is gone from the Trusted Sites and I don't ever want it to come back!

    I changed the .exe name to Crusty, and attached the new log.

    Sincerely,

    Dave
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, that`s clean too.

    Just check to make sure this entry belongs to your ISP.

    O17 - HKLM\System\CCS\Services\Tcpip\..\{BD661EE7-E9E7-413D-BEB4-F335DDF80FD3}: NameServer = 209.244.0.3 209.244.0.4

    If it does, then all well and good.

    If it doesn`t, have HJT fix it.

    If your net doesn`t work afetr fixing it, do the following.

    Run HJT and click the config button, followed by the backups button. Put a tick into the 017 entry and click the restore button and click yes. Close HJT and reboot your system.

    That should`ve restore the 017 entry.

    Let me know if you`re still having any problems and exactly what they are.

    Regards Howard :)

    This thread is for the use of 29dave only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. 29dave

    29dave TS Rookie Topic Starter

    Not sure if they belong to my ISP?

    Hello and thank you again for your help... My ISP is dial-up service from ISP.com , and I'm not sure if 209.244.0.3 and 209.244.0.4 are from ISP.com or not... I did a search, and it only came up with this:

    Server Name: NS1.MYIND.COM
    IP Address: 209.244.0.3
    Registrar: GODADDY.COM, INC.
    Whois Server: whois.godaddy.com
    Referral URL: http://registrar.godaddy.com

    Server Name: NS2.MYIND.COM
    IP Address: 209.244.0.4
    Registrar: GODADDY.COM, INC.
    Whois Server: whois.godaddy.com
    Referral URL: http://registrar.godaddy.com

    Also, I did an AntiVir scan and came up with this log:

    I kept getting "unwanted program Contains detection pattern of the application APPL/NirCmd.1" Don't know if that could be an infection or not?

    Thank you,

    Dave
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I have no experience of AntiVir PersonalEdition Classic, so can``t really say what that means.

    Some of the infections it has found are in your system restore points.

    nircmd.cfexe is part of Combofix and is not an infection. Some AV programmes flag it as such, but that is definitely a false positive.

    Try fixing that 017 entry and see if your net still works.

    If it doesn`t, follow the instructions I gave you in my last post.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of 29dave only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...