Whataboutadog has got me too

By ysrman
Dec 22, 2007
  1. I have read a few posts and tried to do what they said but fear i need individual attention. I attached the log as instructed. Thanks in advance for your help
  2. momok

    momok TS Rookie Posts: 2,265

    Hi ysrman and welcome to techspot. =)

    I suggest you do the following before doing anything else

    Important: Please read this thread HERE before deciding if you should CLEAN or FORMAT your system

    Should you decide to that cleaning your system is the best option, please go to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given.
    Do follow all the instructions exactly.

    Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread.
    Do not copy and paste your logs if not they will be removed.

    Our experts here will tend to your queries thereafter.

    Also, please provide the results of the Antirootkit scan

    momok =)

    This thread is for the use of ysrman only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.
  3. ysrman

    ysrman TS Rookie Topic Starter

    I posted the results here. I could not find the rootkit log file but it said it was clean. I appreciate your help here.
    i posted it after rerunning awf

    (Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)
  4. momok

    momok TS Rookie Posts: 2,265


    You may wish to copy and paste these instructions on notepad for easier reference later.

    1. Boot into safe mode under your normal user name. See how HERE
    2. Next turn on "Show all files and folders, including hidden and system". See how HERE

    3. Go to start > run and type msconfig. Press the enter key.
      Search for the following entries. Uncheck them to stop them from starting up. Click Ok but do not restart your system yet.

      QuickTime Task
      Microsoft Update

    4. After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime
      O4 - HKLM\..\RunServices: [Microsoft Update] winsys32.exe
      O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] winsys32.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update] winsys32.exe (User 'Default user')
      O15 - Trusted Zone: *
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

      Close HJT.

    5. Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

    6. Save this as CFScript on the desktop.
    7. Referring to the image below, drag CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe.
    8. ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.
      Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

    9. Reboot into normal mode and rehide your protected OS files.

    Run FindAWF again.

    1. Press 2 then Enter. A text file named files.txt will open:

    2. Copy and paste the following text from the quote box below into the text file.
      Next, close and click Yes to save the changes.

    3. Once files.txt is saved, FindAWF does the following:
      -It attempts to terminate the process represented by each filename on the list, if running
      -Deletes the rogue file from the parent folder, if present
      -Copies the original file to the parent folder

      When done with the above, it automatically runs a new scan and opens a new log.
      Please attach this new FindAWF log in your reply.

    Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread. Do not copy and paste the logs.

    momok =)

    This thread is for the use of ysrman only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. ysrman

    ysrman TS Rookie Topic Starter

    I have done everything you asked

    Attached are the logs requested. I think it is fixed but could you please confirm this by looking at the logs?

    Thanks so much for your help

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...