TechSpot

That bleepin' dog

By r2power
Oct 17, 2007
  1. Hi,

    I have been trying to help my daughter eradicate this pest for a week now. Attached is her latest hijackthis log. We ran the FindAWF routine last week and scrubbed out her trusted sites, but whataboutadog keeps popping up. Please let me know what I need to tell her to resolve this problem. Thanks,
     

    Attached Files:

  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.

    Please download FindAWF to your Desktop.
    Double-click FindAWF.exe to start the tool.
    Select "option #1 - Scan for bak folders" by typing 1 and press Enter
    When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.

    Regards Howard :wave: :wave:

    This thread is for the use of r2power only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. r2power

    r2power TS Rookie Topic Starter Posts: 19

    Response

    Thanks for your promptness. Attached is her file. It appears that our AWF cleanup last week is still holding.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, that`s clean mate.

    However, your system is not clean and some serious problems are showing up in your HJT log.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the Panda Antirootkit scan.

    Regards Howard :)

    This thread is for the use of r2power only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. r2power

    r2power TS Rookie Topic Starter Posts: 19

    Howard,

    Just letting you know that we are still here - it is just time consuming to try to explain all of this over 200 miles between classes for my daughter. I expect we will post the reports by Sunday night.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s ok mate, I`ll still be here. ;)

    Regards Howard :)

    This thread is for the use of r2power only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. r2power

    r2power TS Rookie Topic Starter Posts: 19

    Finally

    Thanks for your patience. here is the Hijack This log and the Combofix log. No matter how I ran it, AVG would not save a report. I attached a log from the AVG sub directory. Nothing showed up in the Panda Rootkit scan. Are we clean yet? Thanks.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I don`t know what that log file is, but it sure isn`t an AVG Antispyware log. See this pictorial guide to AVG Antispyware.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    viewpoint
    viewpoint toolbar
    viewpoint manager

    Close control panel.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Viewpoint Manager Service

    Close the services window.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or folders(if there).

    C:\Program Files\Viewpoint

    Reboot into normal mode and rehide your protected OS files.

    Post fresh HJT and AVG Antispyware logs.

    Regards Howard :)

    This thread is for the use of r2power only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. r2power

    r2power TS Rookie Topic Starter Posts: 19

    Next steps

    Howard,

    Here is the HJT log for your review. My daughter ran your instructions and this is where we are. We both looked at the pictoral guide for AVG, and neither of us can figure out how to get the software to save a report. The buttons to save anything are always blanked out and non-functional. She attached a log that turned up, but I doubt that this is the right thing. By the way, there was a fourth "viewpoint" line that I believe she deleted. I think it was viewpoint media player.

    Thanks again for your insight.
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I don`t know what that log file is, but again, it isn`t an AVG Antispyware log.

    Your HJT log is clean.

    I really need to see an AVG Antispyware log. Go HERE and Follow the instructions in steps 6 and 14.

    Attach the AVG Antispyware log.

    Regards Howard :)

    This thread is for the use of r2power only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. r2power

    r2power TS Rookie Topic Starter Posts: 19

    Howard,

    There was no link in your post. Can we try again? Thanks.
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Sorry about that, I forgot to add the link, fixed now.

    Regards Howard :)

    This thread is for the use of r2power only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. r2power

    r2power TS Rookie Topic Starter Posts: 19

    Before I give her direction, should she uninstall the AVG already on her computer or try to install it over the existing software?

    BTW, I ran AVG again on my computer. The system found some tracking cookies and did not allow me to quarrantine them even though that was the action setting I chose. So, I deleted them and went to the report page. Again, the button to save a report was not enabled. So, I still cannot figure out what we are doing wrong.
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, uninstall the existing copy of AVG Antispyware, then install a fresh downloaded copy.

    I don`t know what the problem is with your AVG Antispyware programme, but it needs fixing, see the detailed instructions below.

    Taken from HERE.

    Regards Howard :)

    This thread is for the use of r2power only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. r2power

    r2power TS Rookie Topic Starter Posts: 19

    Howard,

    We were able to get a report when we did a partial scan. It seems to only be the full system scan that will not generate a report. We'll keep trying, but we thought we should give you what we have.

    Thanks.
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Absolutely no problems with your AVG Antispyware log there mate.

    Please post a fresh Combofix log.

    Regards Howard :)

    This thread is for the use of r2power only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. r2power

    r2power TS Rookie Topic Starter Posts: 19

    combofix log attached

    Howard,

    Here it is. Thanks.
     
  18. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Code:




    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

    Regards Howard :)

    This thread is for the use of r2power only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  19. r2power

    r2power TS Rookie Topic Starter Posts: 19

    Next steps

    Howard,

    Here are the two files. I assume that the word "Folder" in your quote was right and not the word "File", which was in your narrative. If not, we will need to run it again.

    Thanks.
     
  20. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    All clean.

    Yes the word Folder:: was intentional.

    Delete the following folder.

    C:\qoobox.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of r2power only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...