Solved:need help removing whataboutadog.

Status
Not open for further replies.

eldacheese

Posts: 53   +0
ok the stupid thing has been in internet history, i found it the other day and started trying to figure out what it was.
I ran virus scan with 2 different programs and got things removed. I ran the findawf.. but i can not get the hijack this to download and then open and run. it will not. maybe i'm stupid or somethign but i can not get it to open keeps telling me not enough memory and wont open.
i'd rather clean my system than restore because there are things i would most definately loose that can not be replaced.

i have attatched the findawf findings.. let me know what to do next please. and how to get the HJT to work. thanks.
 
Hello and welcome to Techspot.

Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.

Double-click FindAWF.exe to start the tool. Then, do the following
Select "option #2 - Restore files from bak folders" by typing 2 and press Enter .
A text file will open up. Please copy/paste the following text from the quote box (all except the word QUOTE) into the text file.
"C:\Program Files\AIM\bak\aim.exe"
"C:\Program Files\MSN Messenger\bak\MsnMsgr.Exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\WINDOWS\system32\bak\hkcmd.exe"
"C:\WINDOWS\system32\bak\igfxpers.exe"
"C:\WINDOWS\system32\bak\igfxtray.exe"
"C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
"C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
"C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe"
"C:\Program Files\Roxio\Drag-to-Disc\bak\DrgToDsc.exe"
"C:\Program Files\Virtual Assistant\SmartBridge\bak\SprintDSLAlert.exe"
"C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Documents and Settings\ToJaunDavKyleigh\Local Settings\Temp\ins1.tmp\bak\LiteInst.exe"



Close the .txt file and click Yes to save the changes.
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt in your next reply as an attachment.

Also, please post a HJT log as per the instructions HERE.

Regards Howard :wave: :wave:

This thread is for the use of eldacheese only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
ok did the first thing you said nad here is the new findawf and i finally got the HJT to work and here is that file too. thanks so much!

ok i dont know if they attached or not i'm going to try again. ok the findawf wont and now its not shoing hte saved i dont think.. i'll attach it to see i had to rename the file. does that sound right. ok i tried and it still wont let me. do i need to run the findawf thing again?
 
I need the awf.txt as well.

You need to follow the instructions exactly, otherwise it just makes it hard work to help you.

Regards Howard :)

This thread is for the use of eldacheese only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
i did exactly what you said and hit the save changes but it wont let me attatch it says i have already attatched the file for this thread.
 
I have now removed your awf.txt file.

Run through the instructions in my post #2 again.

Attach the resulting awf.txt file.

Regards Howard :)

This thread is for the use of eldacheese only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Please double-click the FindAWF icon once again
This time we are going to remove some folders.


Use the following option: Press 3 then Enter to remove bak folders


A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\Program Files\AIM\bak
C:\Program Files\MSN Messenger\bak
C:\Program Files\QuickTime\bak
C:\WINDOWS\system32\bak
C:\WINDOWS\system32\bak
C:\WINDOWS\system32\bak
C:\WINDOWS\system32\bak
C:\Program Files\Google\GoogleToolbarNotifier\bak
C:\Program Files\McAfee.com\Agent\bak
C:\Program Files\McAfee.com\Agent\bak
C:\Program Files\Roxio\Drag-to-Disc\bak
C:\Program Files\Virtual Assistant\SmartBridge\bak
C:\Program Files\Yahoo!\Messenger\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Documents and Settings\ToJaunDavKyleigh\Local Settings\Temp\ins1.tmp\bak


Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.

Reboot your computer.

Please provide the new FindAWF log.

Regards Howard :)

This thread is for the use of eldacheese only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Well done, that`s now clean.

Now, please do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard :)

This thread is for the use of eldacheese only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
ok FINALLY did it all that took forever. but hopefully it solved it all.
the panda antiroot thingy didnt find anything it said. so i was happy with that.

here are the files you asked for. i hope this is all taken care of now!
 
It appears you`re running two AV programmes, Mcafee and AVG. This is not recommended, will slow your system down and can cause serious conflicts.

Uninstall one AV programme ASAP. Personally I recommend you uninstall McAfee.

Download the McAfee removal tool below.

McAfee removal tool.

For instructions read the bottom two paragraphs HERE.

Then, do the following.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

MyWaySA
SrchAsDe

Close control panel.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')

O9 - Extra button: FirstClass® - {02011FE3-C22B-451d-9A25-BF4DBB38B8E7} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll

O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab

O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - http://interact.ccsd.net/ClientDownloads/fcplugin.cab

O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\Downloaded Program Files\fcplugin.dll
C:\Program Files\MyWaySA<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Post fresh HJT and Combofix logs.

Regards Howard :)

This thread is for the use of eldacheese only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Your HJT log is clean.

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh Combofix log.

Regards Howard :)

This thread is for the use of eldacheese only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
the combo fix log is blank is that right??
it wont let me upload either says it failed. i'm going to run it again and then post it.

ok heres hte combofix one.. and it isnt blank this time either.
 
In your Avenger text, it says 3 failed, and could not be deleted.

Your Combofix won't upload because you already have one in here as an attachment. Howard will need delete it so you can upload a fresh one.

Regards Jase :)
 
Everything is fine there, so it looks like you`re good to go.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of eldacheese only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
3 failed??

i got the combofix to load. just renamed it with the #1 after it.

thanks!!!
and another question do i need to keep all those programs and things i downloaded.. like the combofix, HJT and all those or can tehy be removed?
 
Take no notice of Jase123. He`s still learning and doesn`t necessarily know what he`s doing just yet.

You`re system is clean and you`re good to go.

Regards Howard :)

Edit: You can get rid of Combofix/FindAWF/HJT etc.

This thread is for the use of eldacheese only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
THANKS soo much..
turning off adn then back on system restore i wont loose anything will i.. besides the old restore points?
 
turning off adn then back on system restore i wont loose anything will i.. besides the old restore points?
Reply With Quote

All you will lose is your old restore points and any nasties in them. You will not lose any personal info.

Regards Jase :)
 
eldacheese said:
THANKS soo much..
turning off adn then back on system restore i wont loose anything will i.. besides the old restore points?

No, you won`t lose anything.

It`s necessary to do this, as there could be malware in your existing retore points.

Turning them off then on, will clear all your old restore points and create a new clean restore point.

Regards Howard :)

This thread is for the use of eldacheese only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
did it and than you sooo sooo soooo much for all the help you've been! i would have had no clue how to do this on my own!
 
No worries, it was my pleasure.

If you have any further virus/spyware problems, please post in this thread.

This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

Only the original thread starter can do this. Anyone else, will be ignored.


Regards Howard :)
 
Status
Not open for further replies.
Back