TechSpot

Malware issues, logs attached

By DrStale
Mar 26, 2008
Topic Status:
Not open for further replies.
  1. I was having many virus,trojan,adware issues recently which I began to fix by clearing Norton off of my system and downloading AVG Antivirus which discovered many problems. One of the main issues that I couldnt get rid of was the js/downloader.agent though there were several others. I went through all required steps now have the combofix, hjt, and avg logs attached.

    The "doginhispen" issue noted in the hijack this log has been around for quite a while, and while the "whataboutadog" issue that was paired with it earlier is no longer listed I cannot seem to be rid of this one.

    Thank you in advance.
  2. kritius

    kritius TechSpot Guru Posts: 2,087

    Hi DrStale,

    Please follow all these instructions,

    DELDOMAINS

    Download Deldomains.
    • Save it to your desktop.
    • Right-click DelDomains.inf and select: Install (no need to restart)
    • You may not see any noticeable changes or prompts; this is normal.
    Note: The DelDomains.inf file will remove ALL entries in the Trusted, Restricted, and Enhanced Security Configuration Zones. Any entries that you had will need to be entered again. You will have to reimmunize with SpywareBlaster, and/or Spybot after doing this, and reinstall IESpyads if you use any of these programs.

    Open Internet Explorer

    Then, click the privacy tab and click the sites button. In the address bar type

    Warning! Do not click the links below in the qoute box.


    Click ok, then ok again and close IE. reboot your system.

    Check if it's still there

    FindAWF

    Download FindAWF.exe and save it to your desktop.
    • Double-click on the FindAWF.exe file to run it.
    • It will open a command prompt and ask you to Press any key to continue.
    • Press 1 and then Enter, and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.
    • It may take a few minutes to complete so be patient.
    • When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or to the same location as FindAWF.exe.
    • Attach the AWF.txt file in your next reply.


    This thread is for the use of DrStale only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. DrStale

    DrStale Newcomer, in training Topic Starter

    The tursted zone "doginhispen.com" problem did not appear on the hijack this log after running deldomains and blocking the sites in IE.

    AWF log is attached

    Thanks again.
  4. kritius

    kritius TechSpot Guru Posts: 2,087

    Fix AWF Infection Step 2
    Copy the file paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
    • Double-click on the FindAWF.exe file to run it.
    • It will open a command prompt and ask you to "Press any key to continue".
    • Press 2 then Enter
    • Notepad will open a file named FindAWF.txt. It will appear with instructions to click below the line and paste the list of files to be restored.
    • Right click below this line and select Edit, Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
    • The program will proceed to move the legit files and will perform another scan for bak folders.
    • It may take a few minutes to complete, so please be patient.
    • When it is complete, it will open a text file in Notepad called AWF.txt.
    • Please attach the AWF.txt file in your next reply.


    This thread is for the use of DrStale only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. DrStale

    DrStale Newcomer, in training Topic Starter

    New awf file attached.
  6. kritius

    kritius TechSpot Guru Posts: 2,087

    Fix AWF Infection Step 3

    Copy the paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
    • Double-click on the FindAWF.exe file to run it.
    • It will open a command prompt and ask you to "Press any key to continue".
    • Select Option 3 from the menu and press Enter.
    • Press any key to continue.
    • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
    • Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
    • The program will proceed to remove the folders and will perform another scan for bak folders.
    • It may take a few minutes to complete so be patient.
    • When it is complete, it will open a text file in Notepad called AWF.txt.
    • Please attach the AWF.txt file in your next reply.
    Before you close FindAWF, Select Option 4 from the menu and press Enter.
    When it's finished the tool will return to the main menu.
    Press E to close FindAWF.


    This thread is for the use of DrStale only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  7. DrStale

    DrStale Newcomer, in training Topic Starter

    Awf file attached
  8. kritius

    kritius TechSpot Guru Posts: 2,087

    Dont know why that didnt work,

    Lets try it one more time.

    Fix AWF Infection Step 2
    Copy the file paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
    • Double-click on the FindAWF.exe file to run it.
    • It will open a command prompt and ask you to "Press any key to continue".
    • Press 2 then Enter
    • Notepad will open a file named FindAWF.txt. It will appear with instructions to click below the line and paste the list of files to be restored.
    • Right click below this line and select Edit, Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
    • The program will proceed to move the legit files and will perform another scan for bak folders.
    • It may take a few minutes to complete, so please be patient.
    • When it is complete, it will open a text file in Notepad called AWF.txt.
    • Please attach the AWF.txt file in your next reply.


    This thread is for the use of DrStale only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  9. DrStale

    DrStale Newcomer, in training Topic Starter

    log attached.
  10. kritius

    kritius TechSpot Guru Posts: 2,087

    Fix AWF Infection Step 3

    Copy the paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
    • Double-click on the FindAWF.exe file to run it.
    • It will open a command prompt and ask you to "Press any key to continue".
    • Select Option 3 from the menu and press Enter.
    • Press any key to continue.
    • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
    • Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
    • The program will proceed to remove the folders and will perform another scan for bak folders.
    • It may take a few minutes to complete so be patient.
    • When it is complete, it will open a text file in Notepad called AWF.txt.
    • Please attach the AWF.txt file in your next reply.
    Before you close FindAWF, Select Option 4 from the menu and press Enter.
    When it's finished the tool will return to the main menu.
    Press E to close FindAWF.

    This thread is for the use of DrStale only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.