Dog in his pen removal help

Status
Not open for further replies.
C

Coolball

I've noticed some additions to my trusted sites zone, 3 total to include cisering, what about dog, and dog in his pen. I've moved the sites to the denied zones plus added a few more found in associaton with this malware after reading in the forums. Noticed an unknown device mac address on the home network a few days ago via windows notification and Kaspersky and blocked it. Could it be someone was jacked in remotely to my private network trying to capture information?

Next step, remove any infected files with a little help from the forum. What's the next step?

Thanks!
 
FindAWF

Click here to download FindAWF.exe and save it to your desktop.
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to Press any key to continue.
  • Press 1 and then Enter, and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or to the same location as FindAWF.exe.
  • Attach AWF.txt file in your next reply.

-----------------------------------------------------------------------------

Download the ATF cleaner program from HERE and save it to your desktop.

*Run it after the next step while still in safe mode
---------------------------------------------------------------------------------

*Copy and paste the next 2 section into notepad and save it to your desktop to have while in safe mode*

Run Smitfraudfix
  • Download Smitfraudfix by S!ri from HERE
  • Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
  • Double-click SmitfraudFix.exe
  • Select 2 and hit Enter to delete infected files.
  • You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
  • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
  • A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
---------------------------------------------------------------------------------------
While still in Safe Mode
Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox or Opera:
Click Firefox or Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

You can now boot into Normal Mode

------------------------------------------------------------------------

Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.

-------------------------------------------------------------------------

Open Internet Explorer
click tools -> internet options.

Click the Security tab
Click on the Trusted sites icon.
Click the sites button and remove all sites from the trusted zone by selecting
them and clicking the remove button.
Once done, click ok.

Warning! Do not click the links below in the qoute box.
Then, click the privacy tab and click the sites button. In the address bar type

www.whataboutadog.com and click the Block button. Do this for

www.whataboutarabbit.com and www.doginhispen.com and www.b.skitodayplease.com as well as any other site that was included.
Click to expand...

Click ok, then ok again and close IE. reboot your system.


Attach back here FindAwf.log / Rapport.txt
 
so far so good

Couple oddities with Kaspersky saying Smitfraud app having riskware, and in the AWF-Cleaner the prefetch check box was (disabled)

Should this be?

Second thing, the original AWF.txt didn't save to my desktop? did a search and couldn't find it either. It read no bak files and had two what looked like IP addresses under the next line

127.0.0.1 maybe? and 0.0.?


Re-ran AWF and attached the second log
 
Looks like you may have got off easy. Couple of things I wanted to bring up though.

While there are still unresolved allegations that SpyHunter transmits the Windows Product ID from users' PCs (1), we can no longer classify this application as "rogue/suspect." Nonetheless, SpyHunter -- at least in its current state -- cannot be recommended because of its mediocre performance as an anti-spyware scanner. Testing indicates that it does not recognize some well-known spyware installations and has difficulty removing critical spyware/adware files even from those it does recognize (1). Given the many excellent competing anti-spyware applications that are available (some for free), users would do better looking elsewhere for trustworthy anti-spyware protection.
Source = http://spywarewarrior.com/viewtopic.php?t=5015

I recommend either malwarebytes anti-malware or SUPERAntiSpyware

Malwarebytes' Anti-Malware

SUPERAntiSpyware
---------------------------------------------------------------------------------------

I also recommend you don't use internet explorer unless you have to:
Here are 2 more secure browsers to choose from
1)Firefox -> http://www.mozilla.com/en-US/firefox/
2)Opera -> http://www.opera.com/

------------------------------------------------------------------------------------------
Cleanup using OTMoveit2 by OldTimer
Now we can clear out the rest of the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally.

Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop.

1. Double click OTMoveIt2.exe to launch it.
If using Vista Right-Click OTMoveIt and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

* When finished exit out of OTMoveIt2

--------------------------------------------------------

We should run an online scan for a 2nd opinion
Run Kaspersky Online AV Scanner

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer"
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Attach the report into your next reply
 
Kaspersky was also obviously clean.

Set correct settings for files
  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
  • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
  • If unchecked please check Hide protected operating system files (Recommended)
  • If necessary check "Display content of system folders"
  • If necessary Uncheck Hide file extensions for known file types.
  • Click OK

clear system restore points

  • This is a good time to clear your existing system restore points and establish a new clean restore point:
    • Go to Start > All Programs > Accessories > System Tools > System Restore
    • Select Create a restore point, and Ok it.
    • Next, go to Start > Run and type in cleanmgr
    • Select the More options tab
    • Choose the option to clean up system restore and OK it.
    This will remove all restore points except the new one you just created.


I also recommend

Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Guide to Using Winpatrol to protect your computer from malicious software[/list]
 
Thnx Guru

Finished all of the steps listed. i appreaciate you taking the time to help me with this. The entire process has made me much more aware of the importance of having security measures set up!

Unless there's anything else you recommend further in the process, I'll leave this one as finished with cheers!

Thnx
 
Status
Not open for further replies.

Similar threads

midian182
Spot the robot dog can now talk, thanks to ChatGPT integration
Replies
7
Views
489
tellmewhy
T
Shawn Knight
T-Mobile will lay off 5,000 employees in the coming weeks
Replies
12
Views
667
ZedRM
ZedRM
J
Game developer created a scene of his dog with 10 billion polygons in Unreal Engine 5
Replies
17
Views
2K
Arbie
Arbie

Latest posts

Back