NonComputerLiteratePerson has WhatAboutADog Problem

[george123]

So I was reading about whataboutadog and people have said to post your individual problem for individual help. I am under the impression that what you have to do for the problem is unique. So that you need a seperate thread for each problem. Would someone help me and tell me what to do please? I would really apreciate help. Now I will go and read the other threads with this problem. Thank You.

Also I am running McAfee VirusScan right now and I am wondering why I can't just delete all the infected programs when I am done. Thank You.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your system has a serious infection.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Please download FindAWF to your Desktop.
Double-click FindAWF.exe to start the tool.
Select "option #1 - Scan for bak folders" by typing 1 and press Enter
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.

Also, please post a HJT log as per these instructions.

Regards Howard :wave: :wave:

This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[george123]

I think my McAfee subscription that I got from comcast for free ran out or something happened and my firewall was down and I had to resubscribe the whole thing that may be when this program got in.

I am thinking of reformating my system but I am not sure what all that will entail because my windows program came already installed on my computer and I do not have a backup. Also I have a huge amount of pictures that and stuff that is not backed up.

 

[howard_hopkinso]

Since you can`t format cause you`ve no Windows cd, you`re best option is probably to clean then.

Look at this post HERE for info on how to uninstall McAfee and install another antivius and firewall programme.

Then, follow the instructions I gave you in my post above.

Regards Howard

This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[george123]

Since I am new to this I would like to do alot of research on what is going on. Where can I read about this? How did this trojan get on my comp? When I ran the virus scan McAfee said that it deleted all the trojans it found, it found eleven all together. Sorry for asking so many questions. If I clean my comp will I never be able to buy anything off the net again or use it for online banking again? Thank You.

 

[howard_hopkinso]

This is what your system is infected with.

Your system is infected with a trojan called Downloader.Agent.awf. It replaces legitimate files that are common on most computers with an infected file. Then, it moves the legitimate files to a bak or backup folder.

Running FindAWF allows us to identify the files that are infected, as well as the backups and then restore the files.

All you need to do is follow the instructions I give you and we can get rid of it.

Regards Howard

This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[george123]

Howard Hopkinso I apreciate your willingness to help me but I have a problem. This is my mothers computer and she will not allow me to let you help me. She thinks that the trojan is gone because there is no more whataboutadog on the history. She does not want me to do anything. So I am having a hard time convincing her and I need info on why what you are doing is legit. I don't know what to do this is frustrating. Because you are telling me to get rid of my mcafee and use other firewalls and antivirus she thinks you may be tricking me. Because you are telling me to download programs that mcafee says are dangerous. I need info to convince her that this needs done.

 

[howard_hopkinso]

That`s a real shame, cause undoubtably the trojan will still be there doing it`s evil work.

However, I do understand your mothers reluctance to put her system in the hands of a complete stranger.

All I can say, Is I assure your mother I can get rid of this awful infection, if she would only allow me to do so.

Other than that, I`m afraid there`s not much else I can do.

The infection will carry on infecting files until it is stopped. The only other way is to do a complete format and reinstall from scratch.

Regards Howard

This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[george123]

What I did was turn off system restore then turn it back on. Now I am running the findawf program. I have to leave mcaffee as the firewall and virusscan. I am a little confused on the how to download hijack this file, are they saying just to put it in drive C or what?

 

[howard_hopkinso]

See this thread HERE for instructions on how to post a HJT log as an attachment. It`s the same for attaching other log files too.

Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.


Double-click FindAWF.exe to start the tool. Then, do the following
Select "option #2 - Restore files from bak folders" by typing 2 and press Enter .
A text file will open up. Please copy/paste the following text from the quote box (all except the word QUOTE) into the text file.

"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
"C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe"
"C:\Program Files\HP\hpcoretech\bak\data\EvntData-1948583139.xml"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
"C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe"
"C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe"
"C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe"
"C:\Program Files\McAfee.com\VSO\bak\oasclnt.exe"
"C:\Program Files\support.com\bin\bak\tgcmd.exe"
"C:\Program Files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe"
"C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Java\jre1.5.0_09\bin\bak\jusched.exe"
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb10.exe"

Close the .txt file and click Yes to save the changes.
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt in your next reply as an attachment.

Also, please post a HJT log as well as an attachment.

Regards Howard

This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[george123]

sorry i am so dumb but i do not know how to post attachment
or download hijack this the proper way


Is there a norton removal tool also seems I have some remanents of norton on here

I am not sure how to make an attachment?

 

[howard_hopkinso]

Please make sure that any further log files are posted as attachments and not copy and pasted.

We`ll deal with the Norton issue, once we`ve got rid of this nasty infection.

See this thread HERE for instructions.

Please double-click the FindAWF icon once again
This time we are going to remove some folders.


Use the following option: Press 3 then Enter to remove bak folders


A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\Program Files\QuickTime\bak
C:\WINDOWS\system32\bak
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak
C:\Program Files\HP\hpcoretech\bak
C:\Program Files\HP\HP Software Update\bak
C:\Program Files\McAfee.com\Agent\bak
C:\Program Files\McAfee.com\VSO\bak
C:\Program Files\support.com\bin\bak
C:\Program Files\Viewpoint\Viewpoint Manager\bak
C:\Program Files\Adobe\Reader 8.0\Reader\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Java\jre1.5.0_09\bin\bak
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak
C:\WINDOWS\system32\spool\drivers\w32x86\3\bak

Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log

Please make sure you post a HJT log as per the instructions above. Also make sure your next awf.txt is posted as an attachment.

This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[george123]

her it is for you thank you for your help. Please do not show any info like my name online. I downloaded avast as an antivirus and zonealarm as a firewall. I also would like to remove programs from startup but forget how to do that. I think I should leave my firewall and virusscan on at startup. I can only have on virus scan and one firewall at a time right?

 

[howard_hopkinso]

I still need to see a HJT log. I`ve asked you for one several times now.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

qttask.exe

Close task manager.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\HP\hpcoretech\bak<Delete the entire folder.
C:\Program Files\QuickTime\bak<Delete the entire folder.
C:\Program Files\QuickTime\qttask.exe

Reboot into normal mode and rehide your protected OS files.

Reinstall Quicktime.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard

This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[george123]

Hijack this log in post number 11

 

[howard_hopkinso]

Ok, thanks. Once you`re done with the instructions above, your main infection should be gone.

For your Norton problem, see this post HERE.

Regards Howard

This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[george123]

Anti rootkit found no rootkits. Thank you very much for your help.

 

[howard_hopkinso]

Ok, no problem.

Just follow the instructions, then, once your done, post the requested logfiles.

Regards Howard

This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[george123]

I will post them as I get them

Ok I had to go to sleep then go to work now I am back to do my duty. Thank you for your patience.

Ok.

ZoneAlarm keeps giving me security alerts and I am not sure which programs to let through and which not so some I let through and some I did not let through. Right now it is saying "REPEAT PROGRAM ViewMgr is trying to access the trusted zone." Does this have anything to do with the programs you want me to run?

I am sorry I failed to follow directions properly. I skiped this step "Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly." I am so sorry. I will do this then get back and repost files.

 

[howard_hopkinso]

Follow the instructions below very carefully.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

viewpoint
viewpoint manager
viewpoint toolbar
GamesBar
WildTangent

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ViewMgr.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll

O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://playgames.comcast.net/online2/mahjong_escape_ancient_japan/SpinTopGamesLa uncher.cab

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\GamesBar<Delete the entire folder.
C:\Program Files\WildTangent<Delete the entire folder.
C:\Program Files\Viewpoint<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Go HERE and download and install the latest version of Java. Once it`s finished installing, go to add remove programmes and uninstall all previous versions of Java, except for version 6 update 3.

Download and run this Symantec/Norton removal tool.


Then go and follow these instructions for removing McAfee.

Then, run the Ccleaner programme as per step9 of these instructions.

Finally, post fresh HJT and Combofix logs.

Regards Howard

This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[george123]

Ok here they are. I did not reboot after running ccleaner. Was I supposed to?

 

[howard_hopkinso]

Download and install, one of the free Antivirus programmes below.

AVG free or Avast antivirus programmes.

Once installed, run the antivirus updates and do a full system scan. Delete whatever it find(if anything), including anything in the virus vault/quarantine.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ALCXMNTR.EXE

Close task manager.

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT and Combofix log.

Regards Howard

This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[george123]

Ok Here they are for you. Thank You.

 

[howard_hopkinso]

We`re just about finished mate. Your log files are clean.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\QuickTime\bak<Delete the entire folder.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of george123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[george123]

Ok, Thank you very much. Was all that for the whataboutadog trojan? Or was my computer infected before that? Do you know how long this computer has been infected for? You are a great help.