About a dog infection

By cg59
Mar 30, 2008
  1. Looks like this is the place to get the help I need. Thank you in advance for all your help. I have read several other success stories on other posts, so decided to go ahead and do the preliminary steps outlined. That being done I now have the log files files requested.
    Again thanks to all that offer their assistance.
  2. cg59

    cg59 TS Rookie Topic Starter

    oh ya, i forgot to say Antiroot was negative.
  3. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Run Smitfraudfix -print these out or save them in notepad to your desktop
    • Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
    • Double-click SmitfraudFix.exe
    • Select 2 and hit Enter to delete infected files.
    • You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
    • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
    • A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

    Navigate to C:\Windows\Temp
    Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

    Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
    Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

    Clean out your Temporary Internet files. Proceed like this:

    For Internet Explorer 7

    * Click Start, click Control Panel, and then double-click Internet Options.
    * On the General tab, click Delete... under Browsing History.
    * Next to Temporary Internet Files, click Delete files, and then click OK.
    * Next to Cookies, click Delete cookies, and then click OK.
    * Next to History, click Delete history, and then click OK.
    * Click the Close button.
    * Click OK.

    For Mozilla 1.x and Up

    * Click Edit from the Mozilla menubar.
    * Click Preferences... from the Edit menu.
    * Expand the Advanced menu by clicking the plus sign.
    * Click Cache.
    * Click the Clear Cache button.

    For Opera

    * Click File from the Opera menubar.
    * Click Preferences... from the File menu.
    * Click the History and Cache menu.
    * Click the two Clear buttons next to Typed in addresses and Visited addresses (history) and click the Empty now button to clear the Disk cache.
    * Click Ok to close the Preferences menu.

    Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

    Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

    Afterwards attach rapport.txt and a fresh Hijackthis log

    Download and Run ATF Cleaner
    Download ATF Cleaner by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it.

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    Firefox or Opera:
    Click Firefox or Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.

    Reboot computer to Normal Mode


    Click here to download FindAWF.exe and save it to your desktop.
    • Double-click on the FindAWF.exe file to run it.
    • It will open a command prompt and ask you to Press any key to continue.
    • Press 1 and then Enter, and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.
    • It may take a few minutes to complete so be patient.
    • When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or to the same location as FindAWF.exe.
    • Attach AWF.txt file in your next reply.

    In your reply do not attach the logs as .doc files, please rename them as .txt or .log, I don't open .doc files so could not see if anything specific needs to be done.

    Your reply should include:
    1)C:\rapport.txt (from smitfraud fix option 2 in safe mode)
    3)Hijackthis log scanned after the fix
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...