Whataboutadog problems Help meh

Status
Not open for further replies.
Fix AWF Infection
Copy the file paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\Messenger\bak\msmsgs.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\WINDOWS\system32\bak\hkcmd.exe"
"C:\WINDOWS\system32\bak\igfxpers.exe"
"C:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe"
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
"C:\Program Files\HP\HP Software Update\bak\HPwuSchd2.exe"
"C:\Program Files\Plaxo\2.12.1.1\bak\PlaxoHelper.exe"
"C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\bak\vptray.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe"
"C:\Program Files\Ahead\Ahead\data\Xtras\bak\mssysmgr.exe"
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • Press 2 then Enter
  • Notepad will open a file named FindAWF.txt. It will appear with instructions to click below the line and paste the list of files to be restored.
  • Right click below this line and select Edit, Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
  • The program will proceed to move the legit files and will perform another scan for bak folders.
  • It may take a few minutes to complete, so please be patient.
  • When it is complete, it will open a text file in Notepad called AWF.txt.
  • Please attach AWF.txt file in your next reply along with a fresh HJT log




Fix AWF Folders
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\PROGRA~1\ITUNES\BAK
C:\PROGRA~1\MESSEN~1\BAK
C:\PROGRA~1\QUICKT~1\BAK
C:\WINDOWS\SYSTEM32\BAK
C:\HP\DRIVERS\HPLSBW~1\BAK
C:\PROGRA~1\COMMON~1\WINANT~1\BAK
C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK
C:\PROGRA~1\HP\HPSOFT~1\BAK
C:\PROGRA~1\PLAXO\2121~1.1\BAK
C:\PROGRA~1\SYMANT~1\SYMANT~1\BAK
C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
C:\PROGRA~1\HP\DIGITA~1\{33D6C~1\BAK
C:\PROGRA~1\AHEAD\AHEAD\DATA\XTRAS\BAK
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • You will be presented with a Menu.
  • Press 3, then press Enter.
  • Press any key to continue.
  • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
  • Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
  • The program will proceed to remove the bad folders and will perform another scan for .bak folder
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt.
  • Please attach the AWF.txt file in your next reply.

Run Fix AWF one more time and press 4, then press Enter.



Let's make sure you don't have anything else:
Combofix
  • Download Combofix to your desktop.
  • Double click combofix.exe & follow the prompts.
  • A window will open with a warning.
  • Type "1" (and Enter) to start the fix.
  • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt

Highjackthis Instructions
  • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
  • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
  • After installing, the program launches automatically, select Scan now and save a log
  • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.
    ***Under no circumstances should you add any items to the HJT ignore list. Under no circumstances should you change the directory that highjackthis downloads to. Under no circumstances should you Fix anything without specific instruction to do so. Under no circumstances should you click any buttons other that specified in the directions including AnalyzeThis!***


Your next reply should have a new findawf.txt log, Hijackthis log, and Combofix log
 
Status
Not open for further replies.
Back