Solved:b.whataboutadog.com infection

[howard_hopkinso]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Symantec Core LC

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

symlcsvc.exe

Close task manager.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Common Files\Symantec Shared<Delete the entire folder.
C:\DOCUME~1\Brett\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\0DDEC2081F.sys

Reboot into normal mode and rehide your protected OS files.

Post fresh HJT and Combofix logs.

Regards Howard

This thread is for the use of plasma dragon00 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[plasma dragon00]

here they are, everything worked perfectly from what i saw. deleted all 3 files/folders, and stopped the Symantec Core LC service.

heres the logs

thanks,

~plasma

 

[howard_hopkinso]

That all looks good.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of plasma dragon00 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[plasma dragon00]

done. disabled and re-enabled system restore, and there are now no restore points except for the one that was created by re-enabling it.

howard_hopkinso, my parents and I would both like to thank you greatly for the time you put in to help us fix this. we're not sure how it got there in the first place, but we're glad that it's gone, and we couldnt have done it without your help.

like i said, thanks a lot. by looking around this section of the forum, it seems that A LOT of other people are coming here as first timers because they have the same or a similar problem, and i always see your name as the one who most recently posted in the specific thread. looks like you're on the ball, helping anyone and everyone who comes here seeking help. thats really nice, and i think this forum will become one of my new favorites .

we can't thank you enough for the help you've given

~plasma

 

[howard_hopkinso]

No problem mate, it was my pleasure.

Your system was infected with a trojan called Downloader.Agent.awf. It replaces legitimate files that are common on most computers with an infected file. Then, it moves the legitimate files to a bak or backup folder.

This is going around like wildfire at the moment. Hopefully it will subside in the very near future lol.

This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

Only the original thread starter can do this. Anyone else, will be ignored.

Regards Howard