TechSpot

Whataboutadog.com infection

By esqdog
Nov 24, 2007
  1. Greetings.

    My PC began acting up a few weeks back even though I have used Norton Utilities virus protection for years. When I ran a Kaspersky scan on the system, it found a trojan downloader virus. Many of the restore points were infected. I used Kaspersky to clean up the problem. Or so I thought. I began getting routine notices from Kaspersky that new restore points were infected, and they were deleted.

    Further investigating led me to the trusted sites listing in IE. whataboutadog.com shows up. After looking at a few posts relating to this, I knew it was a bigger issue than I was able to handle alone.

    Can you help me cleanse my system of this persistent problem. I am attaching an AWF file and an HJT to this post. They were run a little while ago.

    Thanks in advance for your help.

    Jim
     
  2. Rik

    Rik Banned Posts: 3,814

    Hi esqdog and welcome to TechSpot.:wave:

    Have a good read of the instructions in this thread Whataboutadog/rabbit etc. Removal instructions.

    Let me know how you get on with that and if you should need any help.
    Also post your final log.


    This thread is for the use of esqdog only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. esqdog

    esqdog TS Rookie Topic Starter

    Followed the removal instructions

    Thanks for your help.

    I followed the removal instructions referenced. Attached is the AWF report from step 3. Only one bak file remaining, not sure if it is an issue or not, since there are no longer any duplicate files.

    Jim
     
  4. Rik

    Rik Banned Posts: 3,814

    It says 0 files 0 bytes which means its empty and of no threat.

    To ensure your pc is completely clean you should really follow the instructions below to be on the safe side.

    You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

    Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, Combofix, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.
    We also need to know the result of Panda Antirootkit.


    This thread is for the use of esqdog only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. esqdog

    esqdog TS Rookie Topic Starter

    whataboutadog.com appears to be gone

    Thanks again Rik

    I followed all the steps in the link you sent previously. Some things were found and deleted or quarantined. Combofix would not run correctly on my system, so I ran DSS. Attached are the reports from DSS, HJT and AVG Antispyware. The Panda AntiRootkit scan did not find any problems.

    Jim
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    WeatherBug

    Close control panel.

    Locate and delete the following bold files and/or folders(if there).

    C:\Program Files\Common Files\Real\WeatherBug
    C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\popcaploader.dll

    Other than that, your log files are clean.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :wave: :wave:

    This thread is for the use of esqdog only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. esqdog

    esqdog TS Rookie Topic Starter

    Done

    Thanks Howard,

    I found the weatherbug folder, it was empty. I deleted it.
    No popcaploader.dll was found in the Deckard location.
    Turned off and restarted system restore.

    I appreciate the help from you and Rik.

    This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

    Only the original thread starter can do this. Anyone else, will be ignored.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...