TechSpot

whataboutadog?? noob help

By h-drix
Oct 14, 2007
  1. ok so my brother clicked on a link that downloaded some nasty trojan. im almost positive i got rid of the trojan, but this keeps poping up:

    http ://i77.photobucket.com/albums/j73/h-drix/untitled. jpg

    so far i have ran spybot, norton, nod32, and ad-aware. nod32 showed me the directory to the trojan.killAV and i deleted it manually. yet that pop up continues to come up.

    after asking another forum they told me to run hijackthis and get the log. i C&P'ed that in to the log file analysis and one of the "nasty"'s that it showed was whataboutadog. im afraid to go though and delete anything using hijackthis because i dont want to get rid of something important.

    i need any help, and in a fashion that some one who doesnt know much about this kinda of stuff can use.

    thanks alot.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your system was infected with a trojan called Downloader.Agent.awf. It replaces legitimate files that are common on most computers with an infected file. Then, it moves the legitimate files to a bak or backup folder.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.


    Please download FindAWF to your Desktop.
    Double-click FindAWF.exe to start the tool.
    Select "option #1 - Scan for bak folders" by typing 1 and press Enter
    When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.

    Regards Howard :wave: :wave:

    This thread is for the use of h-drix only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. h-drix

    h-drix TS Rookie Topic Starter

    i followed you instructions and got this awf.txt

    before the awf.txt was completed another message came up saying that my system is not able to run ms-dos.

    http ://i77.photobucket.com/albums/j73/h-drix/untitled2.jpg

    also after doing what you instructed the original meassage still comes up. (see photobucket image in my first post)

    thanks so much for your help.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You awf.txt file looks clean.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the Panda Antirootkit scan.

    Regards Howard :)

    This thread is for the use of h-drix only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...