TechSpot

NonComputerLiteratePerson has WhatAboutADog Problem

By george123
Oct 14, 2007
  1. So I was reading about whataboutadog and people have said to post your individual problem for individual help. I am under the impression that what you have to do for the problem is unique. So that you need a seperate thread for each problem. Would someone help me and tell me what to do please? I would really apreciate help. Now I will go and read the other threads with this problem. Thank You.

    Also I am running McAfee VirusScan right now and I am wondering why I can't just delete all the infected programs when I am done. Thank You.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your system has a serious infection.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Please download FindAWF to your Desktop.
    Double-click FindAWF.exe to start the tool.
    Select "option #1 - Scan for bak folders" by typing 1 and press Enter
    When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.

    Also, please post a HJT log as per these instructions.

    Regards Howard :wave: :wave:

    This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. george123

    george123 TS Rookie Topic Starter Posts: 19

    I think my McAfee subscription that I got from comcast for free ran out or something happened and my firewall was down and I had to resubscribe the whole thing that may be when this program got in.

    I am thinking of reformating my system but I am not sure what all that will entail because my windows program came already installed on my computer and I do not have a backup. Also I have a huge amount of pictures that and stuff that is not backed up.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Since you can`t format cause you`ve no Windows cd, you`re best option is probably to clean then.

    Look at this post HERE for info on how to uninstall McAfee and install another antivius and firewall programme.

    Then, follow the instructions I gave you in my post above.

    Regards Howard :)

    This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. george123

    george123 TS Rookie Topic Starter Posts: 19

    Since I am new to this I would like to do alot of research on what is going on. Where can I read about this? How did this trojan get on my comp? When I ran the virus scan McAfee said that it deleted all the trojans it found, it found eleven all together. Sorry for asking so many questions. If I clean my comp will I never be able to buy anything off the net again or use it for online banking again? Thank You.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    This is what your system is infected with.

    Your system is infected with a trojan called Downloader.Agent.awf. It replaces legitimate files that are common on most computers with an infected file. Then, it moves the legitimate files to a bak or backup folder.

    Running FindAWF allows us to identify the files that are infected, as well as the backups and then restore the files.

    All you need to do is follow the instructions I give you and we can get rid of it.

    Regards Howard :)

    This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. george123

    george123 TS Rookie Topic Starter Posts: 19

    Howard Hopkinso I apreciate your willingness to help me but I have a problem. This is my mothers computer and she will not allow me to let you help me. She thinks that the trojan is gone because there is no more whataboutadog on the history. She does not want me to do anything. So I am having a hard time convincing her and I need info on why what you are doing is legit. I don't know what to do this is frustrating. Because you are telling me to get rid of my mcafee and use other firewalls and antivirus she thinks you may be tricking me. Because you are telling me to download programs that mcafee says are dangerous. I need info to convince her that this needs done.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s a real shame, cause undoubtably the trojan will still be there doing it`s evil work.

    However, I do understand your mothers reluctance to put her system in the hands of a complete stranger.

    All I can say, Is I assure your mother I can get rid of this awful infection, if she would only allow me to do so.

    Other than that, I`m afraid there`s not much else I can do.

    The infection will carry on infecting files until it is stopped. The only other way is to do a complete format and reinstall from scratch.

    Regards Howard :)

    This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. george123

    george123 TS Rookie Topic Starter Posts: 19

    What I did was turn off system restore then turn it back on. Now I am running the findawf program. I have to leave mcaffee as the firewall and virusscan. I am a little confused on the how to download hijack this file, are they saying just to put it in drive C or what?
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    See this thread HERE for instructions on how to post a HJT log as an attachment. It`s the same for attaching other log files too.

    Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.


    Double-click FindAWF.exe to start the tool. Then, do the following
    Select "option #2 - Restore files from bak folders" by typing 2 and press Enter .
    A text file will open up. Please copy/paste the following text from the quote box (all except the word QUOTE) into the text file.


    Close the .txt file and click Yes to save the changes.
    When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt in your next reply as an attachment.

    Also, please post a HJT log as well as an attachment.

    Regards Howard :)

    This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. george123

    george123 TS Rookie Topic Starter Posts: 19

    sorry i am so dumb but i do not know how to post attachment
    or download hijack this the proper way


    Is there a norton removal tool also seems I have some remanents of norton on here

    I am not sure how to make an attachment?
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Please make sure that any further log files are posted as attachments and not copy and pasted.

    We`ll deal with the Norton issue, once we`ve got rid of this nasty infection.

    See this thread HERE for instructions.

    Please double-click the FindAWF icon once again
    This time we are going to remove some folders.


    Use the following option: Press 3 then Enter to remove bak folders


    A text file opens called: folders.txt
    Click below the line and paste the following list of folders to be removed:

    Next, close and click Yes to save the changes.

    When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
    Please provide the new FindAWF log

    Please make sure you post a HJT log as per the instructions above. Also make sure your next awf.txt is posted as an attachment.

    This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. george123

    george123 TS Rookie Topic Starter Posts: 19

    her it is for you thank you for your help. Please do not show any info like my name online. I downloaded avast as an antivirus and zonealarm as a firewall. I also would like to remove programs from startup but forget how to do that. I think I should leave my firewall and virusscan on at startup. I can only have on virus scan and one firewall at a time right?
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I still need to see a HJT log. I`ve asked you for one several times now.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    qttask.exe

    Close task manager.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\HP\hpcoretech\bak<Delete the entire folder.
    C:\Program Files\QuickTime\bak<Delete the entire folder.
    C:\Program Files\QuickTime\qttask.exe

    Reboot into normal mode and rehide your protected OS files.

    Reinstall Quicktime.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the Panda Antirootkit scan.

    Regards Howard :)

    This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. george123

    george123 TS Rookie Topic Starter Posts: 19

    Hijack this log in post number 11
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, thanks. Once you`re done with the instructions above, your main infection should be gone.

    For your Norton problem, see this post HERE.

    Regards Howard :)

    This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. george123

    george123 TS Rookie Topic Starter Posts: 19

    Anti rootkit found no rootkits. Thank you very much for your help.
     
  18. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, no problem.

    Just follow the instructions, then, once your done, post the requested logfiles.

    Regards Howard :)

    This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  19. george123

    george123 TS Rookie Topic Starter Posts: 19

    I will post them as I get them

    Ok I had to go to sleep then go to work now I am back to do my duty. Thank you for your patience.

    Ok.

    ZoneAlarm keeps giving me security alerts and I am not sure which programs to let through and which not so some I let through and some I did not let through. Right now it is saying "REPEAT PROGRAM ViewMgr is trying to access the trusted zone." Does this have anything to do with the programs you want me to run?

    I am sorry I failed to follow directions properly. I skiped this step "Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly." I am so sorry. I will do this then get back and repost files.
     
  20. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Follow the instructions below very carefully.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    viewpoint
    viewpoint manager
    viewpoint toolbar
    GamesBar
    WildTangent

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ViewMgr.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll

    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

    O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll

    O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll

    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

    O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://playgames.comcast.net/online2/mahjong_escape_ancient_japan/SpinTopGamesLa uncher.cab

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\GamesBar<Delete the entire folder.
    C:\Program Files\WildTangent<Delete the entire folder.
    C:\Program Files\Viewpoint<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Go HERE and download and install the latest version of Java. Once it`s finished installing, go to add remove programmes and uninstall all previous versions of Java, except for version 6 update 3.

    Download and run this Symantec/Norton removal tool.


    Then go and follow these instructions for removing McAfee.

    Then, run the Ccleaner programme as per step9 of these instructions.

    Finally, post fresh HJT and Combofix logs.

    Regards Howard :)

    This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  21. george123

    george123 TS Rookie Topic Starter Posts: 19

    Ok here they are. I did not reboot after running ccleaner. Was I supposed to?
     
  22. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download and install, one of the free Antivirus programmes below.

    AVG free or Avast antivirus programmes.

    Once installed, run the antivirus updates and do a full system scan. Delete whatever it find(if anything), including anything in the virus vault/quarantine.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ALCXMNTR.EXE

    Close task manager.

    1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached avengerscript.txt and save it to your desktop

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the file you have just downloaded, click on it and press open
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT and Combofix log.

    Regards Howard :)

    This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  23. george123

    george123 TS Rookie Topic Starter Posts: 19

    Ok Here they are for you. Thank You.
     
  24. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    We`re just about finished mate. Your log files are clean.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\QuickTime\bak<Delete the entire folder.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  25. george123

    george123 TS Rookie Topic Starter Posts: 19

    Ok, Thank you very much. Was all that for the whataboutadog trojan? Or was my computer infected before that? Do you know how long this computer has been infected for? You are a great help.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...