TechSpot

Infected by whataboutadog

By mbmainer
Dec 10, 2007
  1. Hi- I have been infected by the whataboutadog virus. I also believe I had a spydefender virus, but it think that's gone. I followed your 15 steps and I have attached my 3 log files (HJT, Combofix and AVG Antispyware logs). The Panda Antirootkit found nothing. Can you please help me figure out if I still have viruses? Thank you!!! :D
     
  2. evilfantasy

    evilfantasy Banned Posts: 428

    Delete these files/folders, as follows:

    * Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

    * Save this as CFScript on the desktop.
    * Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

    [​IMG]

    * ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

    Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

    ----------

    Please download FindAWF:
    http://noahdfear.net/downloads/FindAWF.exe

    Save the file to the Desktop
    Double-click the FindAWF icon.

    If a Security Alert shows, allow the program to run.
    As instructed, press any key to continue.
    Use the following option: Press 1 then Enter to scan for bak folders
    The scan may take a while, please be patient.

    When done, a text file, Find AWF report is produced.
    Please attach the Find AWF report in your reply.

    ----------

    Next post please attach:
    Combofix log
    FindAWF log
     
  3. mbmainer

    mbmainer TS Rookie Topic Starter

    Super fast response. Thanks! I followed your instructions, but I kept getting "Access Denied", etc. (maybe because I have Spybot Search & Destroy, and AVG Anti-Spyware, and AVG Anti-Virus running?)... anyway I rebooted into Safe Mode and ran the Combofix with the CFScript you told me to create and it worked fine. Then I also ran FindAFW while in safe mode. I hope that's ok! I've attached the two logs.
     
  4. evilfantasy

    evilfantasy Banned Posts: 428

    Double-click the FindAWF icon once again

    If a Security Alert shows, allow the program to run.
    As instructed, press any key to continue.
    Use the following option: Press 2 then Enter to restore files from bak folders

    A text file opens called: files.txt
    Click below the line and paste the following list of files to be restored:

    Next, close and click Yes to save the changes.

    Once files.txt is saved, FindAWF does the following:
    -It attempts to terminate the process represented by each filename on the list, if running
    -Deletes the rogue file from the parent folder, if present
    -Copies the original file to the parent folder

    When done with the above, it automatically runs a new scan and opens a new log.
    Please attach the new FindAWF log in your reply.
     
  5. mbmainer

    mbmainer TS Rookie Topic Starter

    I followed your instructions, and here is the new log...
     
  6. evilfantasy

    evilfantasy Banned Posts: 428

    Double-click the FindAWF icon once again

    If a Security Alert shows, allow the program to run.
    As instructed, press any key to continue.
    Use the following option: Press 3 then Enter to remove bak folders

    A text file opens called: folders.txt
    Click below the line and paste the following list of folders to be removed:

    Next, close and click Yes to save the changes.

    Once folders.txt is saved, FindAWF does the following:
    -It deletes the contents of the bak folders
    -Removes the bak folders

    When done with the above, it automatically runs a new scan and opens a new log.
    Please attach the new FindAWF log in your reply.
     
  7. mbmainer

    mbmainer TS Rookie Topic Starter

    Followed the newest instructions. Here is the log...
     
  8. evilfantasy

    evilfantasy Banned Posts: 428

    Double-click the FindAWF icon once again

    If a Security Alert shows, allow the program to run.
    As instructed, press any key to continue.
    Use the following option: Press 4 then Enter to reset domain zones

    This removes all entries from the domain zones.
    When the program returns to the main menu, use the following option:
    Press E then Enter to EXIT

    ----------

    Download DelDomains.inf
    IE users Right-click on the link and select Save As.
    Firefox users Right-click on the link and choose Save link as...

    Save it to the desktop.

    From the desktop Right-click on DelDomains.inf

    Select Install making sure Internet Explorer is closed. You won't see anything happen. Give it a minute.

    Note:, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.

    ----------

    Then post a new HijackThis log please.
     
  9. mbmainer

    mbmainer TS Rookie Topic Starter

    Did #4 with FindAWF, then installed DelDomains.inf...here is my HijackThis log> Thanks EvilFantasy!
     
  10. evilfantasy

    evilfantasy Banned Posts: 428

    You are running two antivirus. You need to pick one and uninstall the other. This can cause problems.

    Other then that the log looks fine.
     
  11. mbmainer

    mbmainer TS Rookie Topic Starter

    Do you reccomend one over the other?
     
  12. evilfantasy

    evilfantasy Banned Posts: 428

    AVG is the better choice to me.
     
  13. mbmainer

    mbmainer TS Rookie Topic Starter

    So from what I can see I am running AVG Anti-Spyware, Spybot Search & Destroy, and AVG Anti-Virus. Pardon the ignorance, but are you saying to keep both of the AVG programs and uninstall S&D?
     
  14. evilfantasy

    evilfantasy Banned Posts: 428

    The HijackThis log shows AVG and Trend Micro AVs.
     
  15. mbmainer

    mbmainer TS Rookie Topic Starter

    OK. I'll uninstall Trend Micro. Thanks for all of your help!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...