Malware issues, logs attached

Status
Not open for further replies.
D

DrStale

I was having many virus,trojan,adware issues recently which I began to fix by clearing Norton off of my system and downloading AVG Antivirus which discovered many problems. One of the main issues that I couldnt get rid of was the js/downloader.agent though there were several others. I went through all required steps now have the combofix, hjt, and avg logs attached.

The "doginhispen" issue noted in the hijack this log has been around for quite a while, and while the "whataboutadog" issue that was paired with it earlier is no longer listed I cannot seem to be rid of this one.

Thank you in advance.
 
Hi DrStale,

Please follow all these instructions,

DELDOMAINS

Download Deldomains.
  • Save it to your desktop.
  • Right-click DelDomains.inf and select: Install (no need to restart)
  • You may not see any noticeable changes or prompts; this is normal.
Note: The DelDomains.inf file will remove ALL entries in the Trusted, Restricted, and Enhanced Security Configuration Zones. Any entries that you had will need to be entered again. You will have to reimmunize with SpywareBlaster, and/or Spybot after doing this, and reinstall IESpyads if you use any of these programs.

Open Internet Explorer

Then, click the privacy tab and click the sites button. In the address bar type

Warning! Do not click the links below in the qoute box.

sites removed after reply
Click to expand...


Click ok, then ok again and close IE. reboot your system.

Check if it's still there

FindAWF

Download FindAWF.exe and save it to your desktop.
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to Press any key to continue.
  • Press 1 and then Enter, and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or to the same location as FindAWF.exe.
  • Attach the AWF.txt file in your next reply.


This thread is for the use of DrStale only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
The tursted zone "doginhispen.com" problem did not appear on the hijack this log after running deldomains and blocking the sites in IE.

AWF log is attached

Thanks again.
 
Fix AWF Infection Step 2
Copy the file paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
"C:\Program Files\AIM6\bak\aim6.exe"
"C:\Program Files\DAEMON Tools\bak\daemon.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\Winamp\bak\winampa.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\WINDOWS\system32\bak\ezSP_Px.exe"
"C:\WINDOWS\system32\bak\igfxtray.exe"
"C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
"C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
"C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\SlySoft\CloneCD\bak\CloneCDTray.exe"
"C:\WINDOWS\SONYSYS\VAIO Recovery\bak\PartSeal.exe"
"C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
"C:\Program Files\CyberLink\PowerDVD\Language\bak\Language.exe"
"C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe"
"C:\Program Files\support.com\client\bin\bak\tgcmd.exe"
Click to expand...
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • Press 2 then Enter
  • Notepad will open a file named FindAWF.txt. It will appear with instructions to click below the line and paste the list of files to be restored.
  • Right click below this line and select Edit, Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
  • The program will proceed to move the legit files and will perform another scan for bak folders.
  • It may take a few minutes to complete, so please be patient.
  • When it is complete, it will open a text file in Notepad called AWF.txt.
  • Please attach the AWF.txt file in your next reply.


This thread is for the use of DrStale only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Fix AWF Infection Step 3

Copy the paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\Program Files\AIM6\bak
C:\Program Files\DAEMON Tools\bak
C:\Program Files\iTunes\bak
C:\Program Files\QuickTime\bak
C:\Program Files\Winamp\bak
C:\WINDOWS\system32\bak
C:\Program Files\ATI Technologies\ATI Control Panel\bak
C:\Program Files\Common Files\Symantec Shared\bak
C:\Program Files\CyberLink\PowerDVD\bak
C:\Program Files\HP\HP Software Update\bak
C:\Program Files\SlySoft\CloneCD\bak
C:\WINDOWS\SONYSYS\VAIO Recovery\bak
C:\Program Files\Adobe\Acrobat 7.0\Reader\bak
C:\Program Files\CyberLink\PowerDVD\Language\bak
C:\Program Files\Java\jre1.6.0_01\bin\bak
C:\Program Files\support.com\client\bin\bak
Click to expand...
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • Select Option 3 from the menu and press Enter.
  • Press any key to continue.
  • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
  • Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
  • The program will proceed to remove the folders and will perform another scan for bak folders.
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in Notepad called AWF.txt.
  • Please attach the AWF.txt file in your next reply.
Before you close FindAWF, Select Option 4 from the menu and press Enter.
When it's finished the tool will return to the main menu.
Press E to close FindAWF.


This thread is for the use of DrStale only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Dont know why that didnt work,

Lets try it one more time.

Fix AWF Infection Step 2
Copy the file paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
"C:\Program Files\AIM6\bak\aim6.exe"
"C:\Program Files\DAEMON Tools\bak\daemon.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\Winamp\bak\winampa.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\WINDOWS\system32\bak\ezSP_Px.exe"
"C:\WINDOWS\system32\bak\hkcmd.exe"
"C:\WINDOWS\system32\bak\igfxtray.exe"
"C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
"C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
"C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\SlySoft\CloneCD\bak\CloneCDTray.exe"
"C:\WINDOWS\SONYSYS\VAIO Recovery\bak\PartSeal.exe"
"C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
"C:\Program Files\CyberLink\PowerDVD\Language\bak\Language.exe"
"C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe"
"C:\Program Files\support.com\client\bin\bak\tgcmd.exe"
Click to expand...
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • Press 2 then Enter
  • Notepad will open a file named FindAWF.txt. It will appear with instructions to click below the line and paste the list of files to be restored.
  • Right click below this line and select Edit, Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
  • The program will proceed to move the legit files and will perform another scan for bak folders.
  • It may take a few minutes to complete, so please be patient.
  • When it is complete, it will open a text file in Notepad called AWF.txt.
  • Please attach the AWF.txt file in your next reply.


This thread is for the use of DrStale only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Fix AWF Infection Step 3

Copy the paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\Program Files\AIM6\bak
C:\Program Files\DAEMON Tools\bak
C:\Program Files\iTunes\bak
C:\Program Files\QuickTime\bak
C:\Program Files\Winamp\bak
C:\WINDOWS\system32\bak
C:\Program Files\ATI Technologies\ATI Control Panel\bak
C:\Program Files\Common Files\Symantec Shared\bak
C:\Program Files\CyberLink\PowerDVD\bak
C:\Program Files\HP\HP Software Update\bak
C:\Program Files\SlySoft\CloneCD\bak
C:\WINDOWS\SONYSYS\VAIO Recovery\bak
C:\Program Files\Adobe\Acrobat 7.0\Reader\bak
C:\Program Files\CyberLink\PowerDVD\Language\bak
C:\Program Files\Java\jre1.6.0_01\bin\bak
C:\Program Files\support.com\client\bin\bak
Click to expand...
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • Select Option 3 from the menu and press Enter.
  • Press any key to continue.
  • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
  • Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
  • The program will proceed to remove the folders and will perform another scan for bak folders.
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in Notepad called AWF.txt.
  • Please attach the AWF.txt file in your next reply.
Before you close FindAWF, Select Option 4 from the menu and press Enter.
When it's finished the tool will return to the main menu.
Press E to close FindAWF.

This thread is for the use of DrStale only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

M
Front Page Cache Issues?
Replies
13
Views
489
BbN48
B
dcovalencia
Solved Downloaded a .exe file from a copy of a website
Replies
23
Views
3K
Broni
Broni
D
Microsoft confirms Windows 10 and 11 activation issues, says it is investigating
Replies
18
Views
674
captaincranky
captaincranky

Latest posts

Back