A.doginhispen.com and his brothers

Status
Not open for further replies.
Hello Momok,
here is the AWF file.
Probably you've understood I share this laptop with another person ( my brother ). He utilize for his purposes an external HD and I suspect that's the problem. May be possibile?

Regards :) KsB
 
Hi,

Could you run a ComboFix scan too? There seems to be something missing in that AWF log. I'll have to check with a ComboFix log.
Also, do you have any antivirus and anti spyware installed?

Regards,
momok
 
Hi,

With regards to the infection, did you mean to say that the symptoms have re-appeared? (Meaning that you were redirected once again) May I also have a HijackThis log too? Combofix does not reveal any signs of infection. Could you describe the full details of your problems? Thanks. Meanwhile, please do the following.

Run FindAWF

  1. Press 3 then Enter. A text file named folders.txt will open.

  2. Copy and paste the following text from the quote box below into the text file.
    C:\PROGRA~1\MSNMES~1\BAK
    C:\PROGRA~1\MICROS~3\SYSTEM\BAK
    C:\PROGRA~1\FILECO~1\AHEAD\LIB\BAK
    Click to expand...
    Next, close and click Yes to save the changes.

  3. Once folders.txt is saved, FindAWF does the following:
    -It deletes the contents of the bak folders
    -Removes the bak folders

    When done with the above, it automatically runs a new scan and opens a new log.
    Please attach this new FindAWF log as well as a new Hijackthis log in your reply.
Regards,
momok
 
Hello,
here are the files.

It happens that when I open a web page, often this suddenly was closed and when I try to re-open an empty web page ( almost empty, the only thing present in it is a number: 14400 ) named a.doginhispen.com appear togheter the web page I've selected. After 2-3 minutes, the browser is down again and when I re-open it another empty page appears: b.skito<something that I don't remember now>. After another 2-3 minutes browser is down again and when I re-open another empty page with the address http://88.80 ecc. appears.

Regards, KsB
 
Hi,

All your logs look clean. Run FindAWF

Press 4 then Enter.

This removes all entries from the domain zones.
When the program returns to the main menu, use the following option:
Press E then Enter to EXIT

Next, I'd like you to download a copy of a hosts file from HERE. Be sure to safe the hosts file under the correct folder in your computer.

Thereafter, please try your browser again and let me know if you still face the same problem.


Regards,
momok
 
Hello,
I've downloaded on my desktop the .zip file and I've extracted files into a folder, but when i launch mvps.bat file nothing succeeds ( nothing pop up appears ).

Is it possible to copy the HOSTS file manually and eventually in which folder?

Regards, KsB
 
Hi,

Yes it is possible to do so manually. Save it in C:\Windows\system32\drivers\etc

How's the browser going?

Regards,
momok
 
Hello Momok,
I've replaced the HOSTS file in C:\Windows\system32\drivers\etc, but the browser down again and a.doginhispen.com page appears.

Regards, KsB
 
This is very strange indeed, because all your logs are looking clean. Also, the hosts file should have prevented your browser from being re-directed to that site.

Please open the hosts file using notepad and use the find function to search for "a.doginhispen.com". Let me know all the entries with that line in them.

I'd like you to run AVG Antispyware in safe mode and post the scan log here.

Also, could you try running this online scanner HERE?

Regards,
momok
 
Hello,
I've opened the HOSTS file with notepad and tried to search "a.dogihispen.com", but with negative result ( I don't find it )...

When it's possible, I post here the scan log of AVG Antispyware and the result of online scanner ( I've just tried to do this, but the browser down a couple of time... :eek: )

Regards, KsB

(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)

Hello Momok,
excuse me, I have digited wrong name...here is the result:

127.0.0.1 a.doginhispen.com #[Downloader-BEW]

Regards, KsB
 
Hello Momok,
I've tried to run AVG Spyware in safe mode, but it tooks a lot of time and so I've preferred to stop the scan. About online antivirus, it founds some ADware and spyware, but when I've tried to clean this, my laptop turns off ( I suspect it was overheat ), so I can't do nothing.

Again, this is the result about HOSTS file:
127.0.0.1 a.doginhispen.com #[Downloader-BEW]

Regards, KsB
 
Hi,

Did AVG Antispyware manage to pick up anything in its scan? Could you try the online scanner again? As I've mentioned, your logs previously showed your system was clean, and your browser should not even be redirecting you in the first place since that entry is in your hosts file.

I really need to see an AVG antispyware log and know how are the results of your online scanner. Your infection seems rather tricky, and I can't really tell where the bad files are on your system to be honest.

I shall check your log files once more to see if any changes occured in the past few days. Please post fresh HJT and ComboFix logs in your next reply. If possible, run a scan with your antivirus in safe mode too and attach the log here.

Also, I would like you to download and run the Blacklight program from HERE. Follow all the program instructions carefully.

PS. Do not worry about that entry; it basically means all files from a.doginhispen.com server will be blocked when you are using your browser.


Regards,
momok =)

This thread is for the use of kingsbishop only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.
 
Hello Momok,
here are the files. Just it's possible, I send you the antivirus log file.
About Blacklight program, I've tried to download it, but the link for download is a blank page.

Regards, KsB

P.S: Sorry, I've forgotten the log files!
I send them in the next post
 
Hi,

I've checked your logs once more, and they both appear clean. May I suggest you try running AVG Anti rootkit from HERE.

I would also like you to download and run this program here. When the program runs, click options and make sure the "Hide Microsoft Entries" is ticked. Click the file menu and select refresh. Click the save icon and save the Autoruns log to wherever you want.

Attach the Autoruns log in your next reply.


Regards,
momok
 
Hello Momok,
here is the Autoruns log file
I’ve run AVG Anti Rootkit, which found a lot of path (16225). I want to remove them, but there’s no a “remove all” button: must I do this manually??

More, I’ve some problem with Outlook Express. Some folders can not be opened and when I try to delete them it’s no possible to do…virus?

Regards, KsB
 
Hi,

Wow that is way lot of paths to be considered anywhere near normal. However, I need to know the path names before deciding which is legit and which is not. Could you provide me with a list of the entries?

Your autoruns log is clean too. I'm not sure what could be the email problem. It may or may not be due to some malware; it may simply just be a corrupted file.

Regards,
momok
 
Hello Momok,
I've saved the Antorootkit log file, but it's too big ( about 2,10 MB ) to be attached at this post. What can we do?

Regards, KsB
 
Hi,

I've gone through your log file in the email you sent. It appears all the entries are clean; the reason why there are so many is due to the Kaspersky online scanning. Please visit http://www.spywareinfo.com/~merijn/programs.php#adsspy and use this tool to remove those files.

With regards to your browser redirection, I'm sorry to say that I have no other methods to find out the cause. The fact that your browser still gets redirected even with the hosts file entry blocking the domain is very much puzzling to me.

Perhaps you would like to try visiting http://www.malwareremoval.com There are several highly trained experts there, so hopefully the helpers there might have a means to help you. If you do manage to get your problem resolved, do post back here to let us know how it was resolved, with a link to your post there, thanks.

I'm sorry I can't be any further help.


Regards,
momok
 
Status
Not open for further replies.

Similar threads

notamer
Cpu and vram light on motherboard system won't power keyboard or mouse nothing displayed on monitor
Replies
0
Views
341
notamer
notamer
B
Help with PUBG Mobile Pc
Replies
0
Views
439
basitdogar
B
D
Italy seizes $836 million from Airbnb for alleged tax evasion
Replies
3
Views
307
sdms96825
S

Latest posts

Back