The following entries keep showing up in my browser history: 88.80.7.66; a.doginhispen.com; and b.skitodayplease.com. I know these are problems, but I have no idea how to get rid of them. I have run a hijack this log and have attached it for review. If someone could walk me through getting this cleaned up I would greatly appreciate it.
Doginhispen, skitodayplease problems
- Thread starter intex2
- Start date
- Status
kritius
Posts: 2,077 +0
FindAWF
Click here to download FindAWF and save it to your desktop.
Open Internet Explorer
click tools -> internet options.
Click the Security tab
Click on the Trusted sites icon.
Click the sites button and remove all sites from the trusted zone by selecting
them and clicking the remove button.
Once done, click ok.
Then, click the privacy tab and click the sites button.
In the address bar type the addresses of the offending websites
Click ok, then ok again and close IE. reboot your system.
Click here to download FindAWF and save it to your desktop.
- Double-click on the FindAWF.exe file to run it.
- It will open a command prompt and ask you to Press any key to continue.
- Press 1 and then Enter, and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.
- It may take a few minutes to complete so be patient.
- When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or to the same location as FindAWF.exe.
- Attach AWF.txt file in your next reply.
Open Internet Explorer
click tools -> internet options.
Click the Security tab
Click on the Trusted sites icon.
Click the sites button and remove all sites from the trusted zone by selecting
them and clicking the remove button.
Once done, click ok.
Then, click the privacy tab and click the sites button.
In the address bar type the addresses of the offending websites
Click ok, then ok again and close IE. reboot your system.
kritius
Posts: 2,077 +0
Double-click FindAWF.exe to start the tool. Then, do the following
Select "option #2 - Restore files from bak folders" by typing 2 and press Enter .
A text file will open up. Please copy/paste the following text from the quote box (all except the word QUOTE) into the text file.
Just make sure to paste it below the line.
It may take a few minutes to complete, so please be patient.
Close the .txt file and click Yes to save the changes.
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt in your next reply as an attachment.
This thread is for the use of intex2 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Select "option #2 - Restore files from bak folders" by typing 2 and press Enter .
A text file will open up. Please copy/paste the following text from the quote box (all except the word QUOTE) into the text file.
Just make sure to paste it below the line.
It may take a few minutes to complete, so please be patient.
Close the .txt file and click Yes to save the changes.
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt in your next reply as an attachment.
This thread is for the use of intex2 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
kritius
Posts: 2,077 +0
Ok then,
Please double-click the FindAWF icon once again.
Use the following option: Press 3 then Enter to remove bak folders
A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed: Again scroll down the file to where it says START HERE.
Next, close and click Yes to save the changes.
When done with the above, FindAWF automatically runs a new scan and opens a new log. Post that log back here.
This thread is for the use of intex2 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Please double-click the FindAWF icon once again.
Use the following option: Press 3 then Enter to remove bak folders
A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed: Again scroll down the file to where it says START HERE.
Next, close and click Yes to save the changes.
When done with the above, FindAWF automatically runs a new scan and opens a new log. Post that log back here.
This thread is for the use of intex2 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
kritius
Posts: 2,077 +0
This ones being sticky so we'll try it again,
Double-click FindAWF.exe to start the tool. Then, do the following
Select "option #2 - Restore files from bak folders" by typing 2 and press Enter .
A text file will open up. Please copy/paste the following text below the line from the quote box (all except the word QUOTE) into the text file.
Close the .txt file and click Yes to save the changes.
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt in your next reply as an attachment.
This thread is for the use of intex2 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Double-click FindAWF.exe to start the tool. Then, do the following
Select "option #2 - Restore files from bak folders" by typing 2 and press Enter .
A text file will open up. Please copy/paste the following text below the line from the quote box (all except the word QUOTE) into the text file.
Close the .txt file and click Yes to save the changes.
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt in your next reply as an attachment.
This thread is for the use of intex2 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
kritius
Posts: 2,077 +0
Please double-click the FindAWF icon once again.
Use the following option: Press 3 then Enter to remove bak folders
A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed: Again scroll down the file to where it says START HERE.
Next, close and click Yes to save the changes.
When done with the above, FindAWF automatically runs a new scan and opens a new log. Post that log back here.
Hopefully were nearly there.
This thread is for the use of intex2 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Use the following option: Press 3 then Enter to remove bak folders
A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed: Again scroll down the file to where it says START HERE.
Next, close and click Yes to save the changes.
When done with the above, FindAWF automatically runs a new scan and opens a new log. Post that log back here.
Hopefully were nearly there.
This thread is for the use of intex2 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
kritius
Posts: 2,077 +0
Go to add/remove programs and remove,
PartyPoker
Boot into safe mode and show hidden files and folders,
do a search and delete all instances of party poker that you find.
Boot back into normal mode and rehide your hidden files and folders.
Update your Java Runtime Environment
If for some reason you couldn't update through the above instructions.
Do another scan with HJT and post the log. How is the computer running now?
Has there been any occurences of adoginhispen?
PartyPoker
Boot into safe mode and show hidden files and folders,
do a search and delete all instances of party poker that you find.
Boot back into normal mode and rehide your hidden files and folders.
Update your Java Runtime Environment
- First try going to Start -> Control Panel -> double click Java
- Select the Update TAb at the top
- Click the Check for Updates button at the bottom
- If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
- After it installs the newest version Go back to Control Panel -> Add/remove programs
- Uninstall any older versions of Java
If for some reason you couldn't update through the above instructions.
- Click the following link
Java Runtime Environment 6 Update 5 - The 4th option down is the one you want (click Download)
- Check the box to agree to terms of service
- Check the box for your operating system and click 'Download selected'at the bottom
- After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
- Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder
Do another scan with HJT and post the log. How is the computer running now?
Has there been any occurences of adoginhispen?
kritius
Posts: 2,077 +0
ok then,
Have HJT fix these entries by having doing a system scan only and placing a check beside them and selecting fix checked,
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
Do you know this file ok?
http://onlinedesigner.hgtv.com
Run Ccleaner and make sure that all the options are picked in the advanced tab except for the prefetch data, close all browsers and windows and run it through a couple of times until there are no more errors and then do the same for the registry.
Do another HJT scan and post a log back.
Hopefully were nearly there.
Have HJT fix these entries by having doing a system scan only and placing a check beside them and selecting fix checked,
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
Do you know this file ok?
http://onlinedesigner.hgtv.com
Run Ccleaner and make sure that all the options are picked in the advanced tab except for the prefetch data, close all browsers and windows and run it through a couple of times until there are no more errors and then do the same for the registry.
Do another HJT scan and post a log back.
Hopefully were nearly there.
kritius
Posts: 2,077 +0
Dam, sorry it took so long to get back, had to sleep.
What browser are you using?
Download the ATF cleaner programme and save it to your desktop.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
Double-click ATF-Cleaner.exe to run the program.
If you use Opera browser
-------------------------------------------------------------------------------------------------------
Double-click FindAWF.exe to start the tool.
Select "option #1 - Scan for bak folders" by typing 1 and press Enter
When the tool has completed, a report will open up in notepad.
Post the log file created in your next post.
This thread is for the use of intex2 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
What browser are you using?
Download the ATF cleaner programme and save it to your desktop.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
Double-click ATF-Cleaner.exe to run the program.
- Under Main choose: Select All
- Click the Empty Selected button.
- Click Firefox at the top and choose: Select All
- Click the Empty Selected button.
If you use Opera browser
- Click Opera at the top and choose: Select All
- Click the Empty Selected button.
- NOTE: If you would like to keep your saved passwords, please click No at the prompt.
- Click Exit on the Main menu to close the program.
-------------------------------------------------------------------------------------------------------
Double-click FindAWF.exe to start the tool.
Select "option #1 - Scan for bak folders" by typing 1 and press Enter
When the tool has completed, a report will open up in notepad.
Post the log file created in your next post.
This thread is for the use of intex2 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
kritius
Posts: 2,077 +0
Did you run ATF cleaner?
You may want to consider changing your browser to FireFox, its more secure than IE, this is pretty much a necessary step im afraid.
Download SmitFraudFix.
Search:
Clean:
Post back with the logs and a fresh HJT.
This thread is for the use of intex2 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
You may want to consider changing your browser to FireFox, its more secure than IE, this is pretty much a necessary step im afraid.
Download SmitFraudFix.
Search:
- Double-click smitfraudfix.exe
- Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt
Clean:
- Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
- Double-click smitfraudfix.exe
- Select 2 and hit Enter to delete infect files.
- You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit
- Enter in order to remove the Desktop background and clean registry keys associated with the infection.
- The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
- A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
- To restore Trusted and Restricted site zone, select 3 and hit Enter.
- You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
Post back with the logs and a fresh HJT.
This thread is for the use of intex2 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Blind Dragon
Posts: 3,774 +4
Don't mean to interrupt you kritius but you may want to manually clear cookies through IE. Then try to remove all sites from the trusted zone again.
So 1) Clear cookies through tools -> options
2)Open Internet Explorer
click tools -> internet options.
Click the Security tab
Click on the Trusted sites icon.
Click the sites button and remove all sites from the trusted zone by selecting
them and clicking the remove button.
Once done, click ok.
Links removed after reply.
Click ok, then ok again and close IE. reboot your system.
Check if it's still there
So 1) Clear cookies through tools -> options
2)Open Internet Explorer
click tools -> internet options.
Click the Security tab
Click on the Trusted sites icon.
Click the sites button and remove all sites from the trusted zone by selecting
them and clicking the remove button.
Once done, click ok.
Links removed after reply.
Click ok, then ok again and close IE. reboot your system.
Check if it's still there
OK - I followed the instructions - during cleaning, it did not prompt me to replace the infected file. During the process, the disk cleanup box (from ms utilities I guess) popped up and then disappeared. I don't know if that's relevant, but I want to give you the whole picture. Also, per my browser history, dog has been revisited and 88.80.7.66 has also appeared. I'm entirely open to using the firefox browser. Logs from smitfraud and HJT are attached.
Blind Dragon
Posts: 3,774 +4
They should be on your privacy tab under blocked sites. Do you mean they are still in your browser history
- Status
Similar threads
Latest posts
-
Nintendo DMCA lawyers shut down everything Mario on Garry's Mod- BadThad replied
-
US TikTok ban could begin next year as Biden signs law, but legal battle looms- GodisanAtheist replied
