TechSpot

Newbie with adoginhispen virus

By calbear
Mar 22, 2008
  1. Hello All,
    I googled adoginhispen, and saw that the only solution is to go to a tech forum and request for help. I read some of the others who have the same problem, and noted that the admin's require for us to create a new thread asking for help with this. Please let me know what I need to do.
    It is a Dell Latitude D820 laptop that I have this virus on.

    Thank you!
     
  2. kritius

    kritius TS Guru Posts: 2,084

    Hi calbear,

    Download the ATF cleaner programme and save it to your desktop.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.
    Reboot into normal mode.
    -------------------------------------------------------------------------------------------------------
    FindAWF

    Click here to download FindAWF and save it to your desktop.
    • Double-click on the FindAWF.exe file to run it.
    • It will open a command prompt and ask you to Press any key to continue.
    • Press 1 and then Enter, and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.
    • It may take a few minutes to complete so be patient.
    • When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or to the same location as FindAWF.exe.
    • Attach AWF.txt file in your next reply.
    -------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Open Internet Explorer

    click tools -> internet options.

    Click the Security tab
    Click on the Trusted sites icon.
    Click the sites button and remove all sites from the trusted zone by selecting
    them and clicking the remove button.
    Once done, click ok.



    Warning! Do not click the links below in the qoute box.



    Click ok, then ok again and close IE. reboot your system.

    This thread is for the use of calbear only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. calbear

    calbear TS Rookie Topic Starter Posts: 20

    Thank you!

    Thank you kritius!
    I have done every step as you instructed. Attached is the report.
     
  4. kritius

    kritius TS Guru Posts: 2,084

    Fix AWF Infection Step 2
    Copy the file paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
    • Double-click on the FindAWF.exe file to run it.
    • It will open a command prompt and ask you to "Press any key to continue".
    • Press 2 then Enter
    • Notepad will open a file named FindAWF.txt. It will appear with instructions to click below the line and paste the list of files to be restored.
    • Right click below this line and select Edit, Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
    • The program will proceed to move the legit files and will perform another scan for bak folders.
    • It may take a few minutes to complete, so please be patient.
    • When it is complete, it will open a text file in Notepad called AWF.txt.
    • Please attach the AWF.txt file in your next reply.


    This thread is for the use of calbear only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. calbear

    calbear TS Rookie Topic Starter Posts: 20

    Thanks kritius!

    Here is the second file.
     
  6. kritius

    kritius TS Guru Posts: 2,084

    Fix AWF Infection Step 3

    Copy the paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
    • Double-click on the FindAWF.exe file to run it.
    • It will open a command prompt and ask you to "Press any key to continue".
    • Select Option 3 from the menu and press Enter.
    • Press any key to continue.
    • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
    • Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
    • The program will proceed to remove the folders and will perform another scan for bak folders.
    • It may take a few minutes to complete so be patient.
    • When it is complete, it will open a text file in Notepad called AWF.txt.
    • Please attach the AWF.txt file in your next reply.
    Before you close FindAWF, Select Option 4 from the menu and press Enter.
    When it's finished the tool will return to the main menu.
    Press E to close FindAWF.


    This thread is for the use of calbear only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. calbear

    calbear TS Rookie Topic Starter Posts: 20

    Thanks for your quick response.
     
  8. kritius

    kritius TS Guru Posts: 2,084

    Ok this ones being a bit sticky, if it doesnt work this time we'll get it manually,

    Fix AWF Infection Step 2
    Copy the file paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
    • Double-click on the FindAWF.exe file to run it.
    • It will open a command prompt and ask you to "Press any key to continue".
    • Press 2 then Enter
    • Notepad will open a file named FindAWF.txt. It will appear with instructions to click below the line and paste the list of files to be restored.
    • Right click below this line and select Edit, Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
    • The program will proceed to move the legit files and will perform another scan for bak folders.
    • It may take a few minutes to complete, so please be patient.
    • When it is complete, it will open a text file in Notepad called AWF.txt.
    • Please attach the AWF.txt file in your next reply.

    Fix AWF Infection Step 3

    Copy the paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
    • Double-click on the FindAWF.exe file to run it.
    • It will open a command prompt and ask you to "Press any key to continue".
    • Select Option 3 from the menu and press Enter.
    • Press any key to continue.
    • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
    • Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
    • The program will proceed to remove the folders and will perform another scan for bak folders.
    • It may take a few minutes to complete so be patient.
    • When it is complete, it will open a text file in Notepad called AWF.txt.
    • Please attach the AWF.txt file in your next reply.
    Before you close FindAWF, Select Option 4 from the menu and press Enter.
    When it's finished the tool will return to the main menu.
    Press E to close FindAWF.


    This thread is for the use of only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. calbear

    calbear TS Rookie Topic Starter Posts: 20

    Thanks!
    Here are files 4 and 5.
     
  10. kritius

    kritius TS Guru Posts: 2,084

    Right,

    Boot into safe mode by pressing F8 as soon as the computer starts.

    Show all hidden files and folders.

    Navigate to here and delete this folder,

    C:\Program Files\Apoint\bak

    Then Reboot into normal mode and rehide your hidden files and run FindAWF option 1 again.

    Post the log back here.


    This thread is for the use of calbear only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. calbear

    calbear TS Rookie Topic Starter Posts: 20

    Thanks! I did everything as you stated.
    Here is the file.
     
  12. kritius

    kritius TS Guru Posts: 2,084

    Go him, run AWF one more time and select option 4.

    Run HijackThis and select Do a system scan and save a log file then post the log back here.

    This thread is for the use of calbear only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. calbear

    calbear TS Rookie Topic Starter Posts: 20

    I am sorry, but I'm not sure what you mean by "Go him..."
    I did run FindAWF option 4 and reset the domains.
    Where do I find HijackThis?
     
  14. kritius

    kritius TS Guru Posts: 2,084

    Sorry meant to say "Got him"

    As in got the annoying little blighter!


    Highjackthis Instructions
    • Make sure you have the LATEST version of HJT (currently v2.0.2) it can be downloaded from HERE
    • Run the HijackThis Installer and it will automatically place HJT in its own folder, usually C:\Program Files\Trend Micro\HijackThis. Please don't change the directory as it is necessary to create backups.
    • After installing, the program launches automatically, select Scan now and save a log
    • After the scan is complete attach the log in your reply.
    Do not attempt to fix any item yet.
    Do not add anything to the ignore list.
    Don't use the AnalyseThis button, its findings are dangerous if misinterpreted.

    Hijackthis will give me an idea as to what nasty things there are lurking about in your system and will help the both of us get rid of them.

    If you have any problems or questions then please post back.
     
  15. calbear

    calbear TS Rookie Topic Starter Posts: 20

    Thank you for clarifying.
    Attached is the log for hijackthis.

    Thanks!
     
  16. kritius

    kritius TS Guru Posts: 2,084

    This may take me somtime, that is the longest HJT log ive seen in sometime.

    That is a lot of running processes!

    Spybot Search & Destroy

    Spybot S&D is available from [http://www.safer-networking.org/en/mirrors/index.html]here[/url].

    Download and Install Spybot S&D (if you haven't already), accept the Default Settings
    In the Menu Bar at the top of the Spybot window you will see Mode.
    Make certain that 'Default Mode has a check mark beside it.
    Close ALL windows except Spybot S&D
    Click the button to 'Search for Updates' then download and install the updates.
    -----------------------------
    Next click the button 'Check for Problems'
    When Spybot is complete, it will be showing 'RED' entries bold 'BLACK' entries and 'GREEN' entries in the window
    Make certain there is a check mark beside all of the RED entries ONLY.
    Choose 'Fix Selected Problems' and allow Spybot to fix the RED entries.

    go to Mode and select Advanced. Then go to Tools, select System Startups. You will be provided with a list of programs that load when Windows starts. If you untick an entry it will no longer run at startup. This will allow you to experiment and see how your system performs with any of them disabled.

    This next step is purely optional however viewpoint is considered foistware and is not needed on your computer,


    Go to Start > Run and copy/paste or type: taskmgr
    • Under the Processes tab find the following tasks or processes:
      ViewpointService.exe
      ViewMgr.exe
    • Highlight and click "End Process".
    • Exit Task Manager.
    Click on Start > Run and type: services.msc
    • Press "OK".
    • Click the "Extended tab".
    • Scroll down the list and find the service called "Viewpoint Manager Service"
    • When you find the service, double-click on it.
    • In the Properties Window > General Tab that opens, click the "Stop" button.
    • From the drop-down menu next to "Startup Type", click on "Disabled".
    • Now click "Apply", then "OK" and close any open windows.
    Click on Start > Settings > Control Panel > Add/Remove Programs > highlight and remove all references to Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.

    Finally, delete the following folders if they still exist:
    C:\Program Files\ViewManager\ <-- and delete this folder
    C:\Program Files\Viewpoint\ <-- and delete this folder

    Create a Startup List
    • Open HiJackThis
    • Click on the "Config..." button on the bottom right"
    • Click on the tab "Misc Tools"
    • Check the 2 boxes next to the Box that says "Generate StartupList log"
    • attach the StartupList in your next post
     
  17. calbear

    calbear TS Rookie Topic Starter Posts: 20

    Thank you kritius!
    I followed every step as you suggested.
    I have attached the startuplist file below.

    Thank you!
     
  18. kritius

    kritius TS Guru Posts: 2,084

    Ok, have you disable some of the startup entries using SpyBot?

    Once you have done that can you post me a fresh log along with an unistall list?

    Create A LIST OF PROGRAMS USING HIJACKTHIS
    • Open HijackThis.
    • Click on Open the Misc Tools section.
    • Look under System tools.
    • Click on the Open Uninstall Manager... button.
    • Click on the Save list... button.
    • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
    • Notepad will open. Please attach this log in your next reply.
     
  19. calbear

    calbear TS Rookie Topic Starter Posts: 20

    Thanks kritius!
    I did disable quite a few of the startup items.
    Here is the Save list.
     
  20. kritius

    kritius TS Guru Posts: 2,084

    Right, im looking over to what you can get rid of now, can you post a fresh HijackThis log for me please.
     
  21. calbear

    calbear TS Rookie Topic Starter Posts: 20

    Hello kritius,
    Thanks for your help.
    Here is the scan and log for hijackthis.
     
  22. kritius

    kritius TS Guru Posts: 2,084

    Thats going to take me a while to get through because its still enormous!

    Ill post back later.
     
  23. calbear

    calbear TS Rookie Topic Starter Posts: 20

    No worries. Please get to it when you have time.

    Thanks.
     
  24. kritius

    kritius TS Guru Posts: 2,084

    Quick question, what is SalesLogix?
     
  25. calbear

    calbear TS Rookie Topic Starter Posts: 20

    Saleslogix is a work CRM (Customer Relationship Management) program. I can not take this off the computer, as came with it when my company issued this computer to me.

    Thanks.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...