TechSpot

Security Toolbar 7.1..did preliminary removal steps

By Dwack24578
Oct 13, 2007
  1. Here are the results.
    Panda Anit Rootkit found nothing.
    Symptoms included tons of pop-ups, lots of security messages coming from the taskbar(linked to bestseller antivirus), and the security toolbar 7.1 icon in IE7. Thanks for any help! -Derek
     
  2. Rik

    Rik Banned Posts: 3,814

    What Jase123 has suggested will not help. You need to do the following instead.

    Please download FindAWF to your Desktop.
    Double-click FindAWF.exe to start the tool.
    Select "option #1 - Scan for bak folders" by typing 1 and press Enter
    When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.



    This thread is for the use of Dwack24578 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    I have deleted Jase123`s post as the advice was wrong. PLease do not follow his advice as it may damage your system.

    Your system is infected with the trojan called Downloader.Agent.awf. It replaces legitimate files that are common on most computers with an infected file. Then, it moves the legitimate files to a bak or backup folder.

    Running FindAWF allows us to identify the files that are infected, as well as the backups and then restore the files.

    Follow the instructions given by rik and post the awf.txt files as an attachment.

    Regards Howard :wave: :wave:

    This thread is for the use of Dwack24578 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  4. Dwack24578

    Dwack24578 TS Rookie Topic Starter

    FindAWF log..thanks again
     
  5. Rik

    Rik Banned Posts: 3,814

    Double-click FindAWF.exe to start the tool. Then, do the following
    Select "option #2 - Restore files from bak folders" by typing 2 and press Enter .
    A text file will open up. Please copy/paste the following text from the quote box (all except the word QUOTE) into the text file.
    Close the .txt file and click Yes to save the changes.
    When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt in your next reply as an attachment.



    This thread is for the use of Dwack24578 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. Dwack24578

    Dwack24578 TS Rookie Topic Starter

    option 2..as needed
     
  7. Rik

    Rik Banned Posts: 3,814

    Please double-click the FindAWF icon once again
    This time we are going to remove some folders.


    Use the following option: Press 3 then Enter to remove bak folders


    A text file opens called: folders.txt
    Click below the line and paste the following list of folders to be removed:
    Next, close and click Yes to save the changes.

    When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
    Please provide the new FindAWF log



    This thread is for the use of Dwack24578 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. Dwack24578

    Dwack24578 TS Rookie Topic Starter

    here it is...option 3 log
     
  9. Rik

    Rik Banned Posts: 3,814

    I hope you dont mind, but I would like you to repeat step 1 again just incase i have missed anything.

    Double-click FindAWF.exe to start the tool.
    Select "option #1 - Scan for bak folders" by typing 1 and press Enter
    When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.



    This thread is for the use of Dwack24578 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. Dwack24578

    Dwack24578 TS Rookie Topic Starter

    anything to get it cleaned
     
  11. Rik

    Rik Banned Posts: 3,814

    Your system appears to be clear of that infection now. However, to be able to undo any damage it may have caused i need you to do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, Combofix, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.


    This thread is for the use of Dwack24578 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. Dwack24578

    Dwack24578 TS Rookie Topic Starter

    This will probably take me a few hours. I will post results later. Thank you very much for all your help! Derek
     
  13. Rik

    Rik Banned Posts: 3,814

    No problem.:)

    Sorry its such a long winded process but it pays to be thorough.



    This thread is for the use of Dwack24578 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. Dwack24578

    Dwack24578 TS Rookie Topic Starter

    hoping for the best....

    On a side note, I also have a folder in my START menu called Internet Speed Monitor. In the folder is CHECK and UNINSTALL. It says that it is linked to C:\Program Files\ISM. However when I open Program Files there is only a folder called ISM2. In the folder are 3 files: dictionary(a GZ File 203kb), targets(a GZ file 5kb), and ISMPack6(an application 368kb). I still receive the occational pop-up, just now they are blank with a solid underscore as the title. My computer seems to be running much smoother.

    Panda AntiRoot Kit - no problems found

    :( I was checking my IE security settings and it appears that whataboutadog.com and doginhispen.com are both in the trusted zone. It might be time for a restore, cleaning all of this takes way too long!



    They are also listed as being in the trusted zone in HJT.

    advice on the reformat woud be nice too, should I reformat or have we come too far to quit now.
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your system is still infected with several nasties.

    It will take quite a while to clean it.

    If you don`t mind reformatting, then this is possibly a better option and would certainly give you a totally clean system.

    However, that is for you to decide and we will certainly help you to clean your system, if that`s what you want.

    If you do choose to reformat, then see the instructions below.

    You need to do the following.

    Diconnect from the net and don`t reconnect, until you have your firewall software installed.

    1 Restart your computer and go to setup usually by pressing the F2 or delete key.

    2 Once you get into setup look for the boot menu and make sure you set it to boot from cd first followed by your hard drive.

    3 Put the Windows xp disk into your cd drive.

    4 Now save your settings and exit setup.

    5 While your computer is booting you will see a message that says "press any key to boot from cd" press any key.

    6 When the welcome to setup screen appears press enter and then press F8 to accept the Microsoft licence agreement.

    7 You will be prompted to repair an installation press the escape key.

    8 Now select the partition that you want to reformat and press the D key to delete it you will be asked to confirm that you want to delete the partition.

    9 Now press C to create a brand new partition you will be asked what size you want the partition to be in mega bytes. If you just press enter then the partition will be the maximum size that you can have. This is perfectly ok if you don`t want to create multiple partitions.

    10 You will now be asked to format the partition select the ntfs file sytem and do a full format.

    11 Once the format is complete setup will continue.

    Your computer will restart during the remaining setup again you will be asked to press any key to boot from cd DO NOT PRESS ANYTHING and setup will continue. Once the setup is complete and you are back in Windows remove the Windows cd from your cd drive.

    Install your firewall software and reconnect to the net. Install whatever drivers you need, then run Windows updates.

    Finally, install whatever programmes/software you want.

    Please let us know what you decide to do.

    Regards Howard :)

    This thread is for the use of Dwack24578 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...