TechSpot

Need help with adoginhispen, skitodayplease virus

By mendez1658
Mar 26, 2008
Topic Status:
Not open for further replies.
  1. hey, anybody can help me with this annoying virus, i been having this problem for a while now. Heres my hijackthis log file.

    thanks in advance
     
  2. kritius

    kritius TS Guru Posts: 2,087

    FindAWF

    Download FindAWF.exe and save it to your desktop.
    • Double-click on the FindAWF.exe file to run it.
    • It will open a command prompt and ask you to Press any key to continue.
    • Press 1 and then Enter, and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.
    • It may take a few minutes to complete so be patient.
    • When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or to the same location as FindAWF.exe.
    • Attach the AWF.txt file in your next reply.
     
  3. mendez1658

    mendez1658 TS Rookie Topic Starter

    ok here it is
     
  4. kritius

    kritius TS Guru Posts: 2,087

    Ok,

    DELDOMAINS

    Download Deldomains.
    • Save it to your desktop.
    • Right-click DelDomains.inf and select: Install (no need to restart)
    • You may not see any noticeable changes or prompts; this is normal.
    Note: The DelDomains.inf file will remove ALL entries in the Trusted, Restricted, and Enhanced Security Configuration Zones. Any entries that you had will need to be entered again. You will have to reimmunize with SpywareBlaster, and/or Spybot after doing this, and reinstall IESpyads if you use any of these programs.

    Open Internet Explorer

    click tools -> internet options.

    Then, click the privacy tab and click the sites button. In the address bar type

    Warning! Do not click the links below in the qoute box.


    Click ok, then ok again and close IE. reboot your system.

    Check if it's still there

    Fix AWF Infection Step 2
    Copy the file paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
    • Double-click on the FindAWF.exe file to run it.
    • It will open a command prompt and ask you to "Press any key to continue".
    • Press 2 then Enter
    • Notepad will open a file named FindAWF.txt. It will appear with instructions to click below the line and paste the list of files to be restored.
    • Right click below this line and select Edit, Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
    • The program will proceed to move the legit files and will perform another scan for bak folders.
    • It may take a few minutes to complete, so please be patient.
    • When it is complete, it will open a text file in Notepad called AWF.txt.
    • Please attach the AWF.txt file in your next reply.


    This thread is for the use of mendez1658 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. mendez1658

    mendez1658 TS Rookie Topic Starter

    ok, heres the second awf
     
  6. kritius

    kritius TS Guru Posts: 2,087

    Fix AWF Infection Step 3

    Copy the paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
    • Double-click on the FindAWF.exe file to run it.
    • It will open a command prompt and ask you to "Press any key to continue".
    • Select Option 3 from the menu and press Enter.
    • Press any key to continue.
    • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
    • Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
    • The program will proceed to remove the folders and will perform another scan for bak folders.
    • It may take a few minutes to complete so be patient.
    • When it is complete, it will open a text file in Notepad called AWF.txt.
    • Please attach the AWF.txt file in your next reply.
    Before you close FindAWF, Select Option 4 from the menu and press Enter.
    When it's finished the tool will return to the main menu.
    Press E to close FindAWF.

    This thread is for the use of mendez1658 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. mendez1658

    mendez1658 TS Rookie Topic Starter

    ok, heres step 3 results
     
  8. kritius

    kritius TS Guru Posts: 2,087

    Delete Files and Folders
    • boot into Safe mode, see how HERE.
    • Right Click on the start button and chose explore
    • Show all hidden files and folders, see how HERE
    • Navigate to the following files and folders and delete them(if still present)

    C:\Program Files\ltmoh\bak<---------This Folder

    • Empty the recycle bin.
    • Boot back into normal mode and then run FindAWF option 1

    ***DO NOT USE MSCONFIG TO BOOT INTO SAFE MODE***
     
  9. mendez1658

    mendez1658 TS Rookie Topic Starter

    ok, here it is
     
  10. kritius

    kritius TS Guru Posts: 2,087

    run findAWF one more time and use option 4

    post a fresh HJT log
     
  11. mendez1658

    mendez1658 TS Rookie Topic Starter

    heres my new HJT log
     
     
  12. kritius

    kritius TS Guru Posts: 2,087

    Ill have to look over it in the morning so sit tight.
     
  13. mendez1658

    mendez1658 TS Rookie Topic Starter

    ok, man take your time
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.