TechSpot

Solved:whataboutadog.com - Help

By Joeyg
Oct 15, 2007
  1. Hello all,

    While checking the Trusted Sites list I noticed a *b.whataboutadog.com ... not sure how or why this is there, but would truly appreciate your help.

    Attached are my HijackThis logs.txt and the awf.txt. Any help in resolving this I do appreciate. New to your forum, but it looks like you all jump right into the problems and help everyone all.

    Here are the attached logs:

    View attachment hijackthisOct152007.txt

    View attachment awf15OCT2007.txt

    Thanks much,

    Joeyg.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.

    Double-click FindAWF.exe to start the tool. Then, do the following
    Select "option #2 - Restore files from bak folders" by typing 2 and press Enter .
    A text file will open up. Please copy/paste the following text from the quote box (all except the word QUOTE) into the text file.
    Close the .txt file and click Yes to save the changes.
    When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt in your next reply as an attachment.

    Regards Howard :wave: :wave:

    This thread is for the use of Joeyg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Joeyg

    Joeyg TS Rookie Topic Starter

    whataboutadog.com - Part 2

    Hello Howard,

    Thank-you for the welcome ... much appreciated. I can't over how "very fast, courteous and detailed your response is," even for a novice like me - very easy to understand and follow.

    Here are the latest results of thw awt.txt after running the Del015Domains.inf program.

    Also, I ran the HijackThis just before hearing from you again and that whataboutadog.com showed up in 015 Trusted Zones, but its not there now.
    View attachment awf.txt

    Let me know ... what to do next ... your response time is awesome!!!

    I appreciate your help and time!!!

    Joeyg.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Please double-click the FindAWF icon once again
    This time we are going to remove some folders.


    Use the following option: Press 3 then Enter to remove bak folders


    A text file opens called: folders.txt
    Click below the line and paste the following list of folders to be removed:



    Next, close and click Yes to save the changes.

    When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
    Please provide the new FindAWF log

    Regards Howard :)

    This thread is for the use of Joeyg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. Joeyg

    Joeyg TS Rookie Topic Starter

    whataboutadog.com - Part 3

    Howard,

    It's me again ... here you go as requested ...
    the new awf.txt after running option 3 ...

    View attachment awf.txt

    Thanks much ...

    Joeyg.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    There`s one bak file that`s being stubborn, so we`re going to delete it manually.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    TeaTimer.exe

    Close task manager.

    Locate and delete the following bold files and/or directories(if there).


    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Spybot - Search & Destroy\bak<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Reinstall Spybot Search & Destroy.

    Please download FindAWF to your Desktop.
    Double-click FindAWF.exe to start the tool.
    Select "option #1 - Scan for bak folders" by typing 1 and press Enter
    When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.

    Regards Howard :)

    This thread is for the use of Joeyg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Joeyg

    Joeyg TS Rookie Topic Starter

    whataboutadog - Part 4

    Hello Howard,

    It took a few mins, but I did as you requested ...

    It didn't have the TeaTimer.exe listed under the Task Mgr;
    however, I did locate the files and directory and deleted the
    TeaTimer.exe file and the Search&destroy\bak (entire) folder

    All in Safe Mode, rebooted and then reinstalled the Spybot
    Search & Destroy program. Here are the results of running
    the awf option 1.

    View attachment awf.txt


    Thanks much,

    Joeyg.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The awf.txt is now clean.

    Now, in the interests of making sure your system is clean, please do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the Panda Antirootkit scan.

    Regards Howard :)

    This thread is for the use of Joeyg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. Joeyg

    Joeyg TS Rookie Topic Starter

    Howard,

    I'm back ... but fading quick ... have to be to work in 4 hours, so I need a little shuteye ... here is the results so far:

    The Panda Antirootkit scan was fine about 5313 items checked - 0
    problems detected
    . Here are the latest HijackThis log and the ComboFixLog.

    If you don't mind I'll run the AVG Antispyware tonight and get back with you then on that last one ... let me know how these look...

    View attachment 23521

    View attachment 23522

    Howard you have been great support and I'll have the final log to you later today ... let me know how these look.

    Thank-you and have a "great day" my friend ...

    Joeyg.

    Howard,

    Good morning or afternoon in your neck of the woods ...

    Question in that last HijackThis log I posted ... is that
    first line ok .. begginning with the RO ...about:blank???

    Just checking...

    Thank-you ... you have been FANtastic!!!

    Joey g.
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You didn`t attach an AVG Antispyware log.

    The R0 entry is ok, but you can fix it if you want.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O1 - Hosts: 69.253.151.209 idenupdate.motorola.com

    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111. MmVrT/iTunesSetup.exe

    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB

    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB

    O16 - DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} (DAX Control) - https://owa.howardcc.edu/exchweb/controls/DAX.cab

    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab

    Click on the fix checked button.

    Close HJT and reboot your system.

    Other than that, your HJT log is clean.

    Your Combofix log looks fine.

    Unless you`re having problems, you should be good to go.

    If you`re not having problems, please do the following.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Joeyg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. Joeyg

    Joeyg TS Rookie Topic Starter

    FANtastic ...

    Howard,

    You have been great ... I can't thank-you enough for your
    "quick, professional and courteous response!"

    Thank-you for taking a burden off my shoulders ...

    Take care and enjoy your evening ...

    Joey g.

    This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

    Only the original thread starter can do this. Anyone else, will be ignored.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...