HJT and FindAWF logs: I think I'm infected by whataboutadog and/or other bad stuff..

[29dave]

Hi everybody, I think my computer's infected, could somebody please take a look at this. First I kept getting *.whataboutadog.com in my Trusted Sites every time I rebooted, even after manually removing it. Now I've got line O17 in my HJT log with some domain hijacker I think? I've attached the HJT and AWF logs..... I really don't want to have to reformat or anything like that.... Could somebody please tell me if I need to do anything, thank you........

Sincerely,

Dave

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your awf.txt is clean.

There is no whtaboutadog present in your HJT log, which is also clean.

However, you have not renamed the HijackThis.exe file. See HERE for instructions.


Post a fresh HJT log and let me know what if any symptoms you are having.

Regards Howard :wave: :wave:

This thread is for the use of 29dave only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[29dave]

Hope I'm clean now...

Hello Howard, thanks for the prompt reply! I definitely appreciate your help. I hope that my computer is clean. *.whataboutadog is gone from the Trusted Sites and I don't ever want it to come back!

I changed the .exe name to Crusty, and attached the new log.

Sincerely,

Dave

 

[howard_hopkinso]

Yes, that`s clean too.

Just check to make sure this entry belongs to your ISP.

O17 - HKLM\System\CCS\Services\Tcpip\..\{BD661EE7-E9E7-413D-BEB4-F335DDF80FD3}: NameServer = 209.244.0.3 209.244.0.4

If it does, then all well and good.

If it doesn`t, have HJT fix it.

If your net doesn`t work afetr fixing it, do the following.

Run HJT and click the config button, followed by the backups button. Put a tick into the 017 entry and click the restore button and click yes. Close HJT and reboot your system.

That should`ve restore the 017 entry.

Let me know if you`re still having any problems and exactly what they are.

Regards Howard

This thread is for the use of 29dave only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[29dave]

Not sure if they belong to my ISP?

Hello and thank you again for your help... My ISP is dial-up service from ISP.com , and I'm not sure if 209.244.0.3 and 209.244.0.4 are from ISP.com or not... I did a search, and it only came up with this:

Server Name: NS1.MYIND.COM
IP Address: 209.244.0.3
Registrar: GODADDY.COM, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com

Server Name: NS2.MYIND.COM
IP Address: 209.244.0.4
Registrar: GODADDY.COM, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com

Also, I did an AntiVir scan and came up with this log:

I kept getting "unwanted program Contains detection pattern of the application APPL/NirCmd.1" Don't know if that could be an infection or not?

Thank you,

Dave

 

[howard_hopkinso]

I have no experience of AntiVir PersonalEdition Classic, so can``t really say what that means.

Some of the infections it has found are in your system restore points.

nircmd.cfexe is part of Combofix and is not an infection. Some AV programmes flag it as such, but that is definitely a false positive.

Try fixing that 017 entry and see if your net still works.

If it doesn`t, follow the instructions I gave you in my last post.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of 29dave only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.