That bleepin' dog

Status
Not open for further replies.
R

r2power

Posts: 19   +0
Hi,

I have been trying to help my daughter eradicate this pest for a week now. Attached is her latest hijackthis log. We ran the FindAWF routine last week and scrubbed out her trusted sites, but whataboutadog keeps popping up. Please let me know what I need to tell her to resolve this problem. Thanks,
 

Attachments

  • hijackthis2.txt
    13.6 KB · Views: 9
Hello and welcome to Techspot.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.

Please download FindAWF to your Desktop.
Double-click FindAWF.exe to start the tool.
Select "option #1 - Scan for bak folders" by typing 1 and press Enter
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.

Regards Howard :wave: :wave:

This thread is for the use of r2power only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Response

Thanks for your promptness. Attached is her file. It appears that our AWF cleanup last week is still holding.
 
Yes, that`s clean mate.

However, your system is not clean and some serious problems are showing up in your HJT log.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard :)

This thread is for the use of r2power only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Howard,

Just letting you know that we are still here - it is just time consuming to try to explain all of this over 200 miles between classes for my daughter. I expect we will post the reports by Sunday night.
 
Finally

Thanks for your patience. here is the Hijack This log and the Combofix log. No matter how I ran it, AVG would not save a report. I attached a log from the AVG sub directory. Nothing showed up in the Panda Rootkit scan. Are we clean yet? Thanks.
 
I don`t know what that log file is, but it sure isn`t an AVG Antispyware log. See this pictorial guide to AVG Antispyware.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

viewpoint
viewpoint toolbar
viewpoint manager

Close control panel.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Viewpoint Manager Service

Close the services window.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or folders(if there).

C:\Program Files\Viewpoint

Reboot into normal mode and rehide your protected OS files.

Post fresh HJT and AVG Antispyware logs.

Regards Howard :)

This thread is for the use of r2power only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Next steps

Howard,

Here is the HJT log for your review. My daughter ran your instructions and this is where we are. We both looked at the pictoral guide for AVG, and neither of us can figure out how to get the software to save a report. The buttons to save anything are always blanked out and non-functional. She attached a log that turned up, but I doubt that this is the right thing. By the way, there was a fourth "viewpoint" line that I believe she deleted. I think it was viewpoint media player.

Thanks again for your insight.
 
I don`t know what that log file is, but again, it isn`t an AVG Antispyware log.

Your HJT log is clean.

I really need to see an AVG Antispyware log. Go HERE and Follow the instructions in steps 6 and 14.

Attach the AVG Antispyware log.

Regards Howard :)

This thread is for the use of r2power only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Before I give her direction, should she uninstall the AVG already on her computer or try to install it over the existing software?

BTW, I ran AVG again on my computer. The system found some tracking cookies and did not allow me to quarrantine them even though that was the action setting I chose. So, I deleted them and went to the report page. Again, the button to save a report was not enabled. So, I still cannot figure out what we are doing wrong.
 
Yes, uninstall the existing copy of AVG Antispyware, then install a fresh downloaded copy.

I don`t know what the problem is with your AVG Antispyware programme, but it needs fixing, see the detailed instructions below.

Taken from HERE.

quietman7 said:
AVG ANTI-SPYWARE ANTI-SPYWARE - only for systems running WIN 2000/XP (32-Bit)
Updated 07/30/07

Before starting be sure to print out the below instructions and read the AVG Anti-Spyware Free User Manual prior to installation and scanning.

INSTRUCTIONS FOR USING AVG ANTI-SPYWARE in "SAFE MODE"
(Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them unaccessible for doing a scan. If this happens press Alt + Spacebar. A menu will come open, make sure you select maximize then run the scan. If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)

Download and install AVG Anti-Spyware v7.5
  • After download, double click on the file to launch the install process.
  • Choose a language, click "OK" and then click "Next".
  • Read the "License Agreement" and click "I Agree".
  • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
  • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually download and update with the AVG Anti-Spyware Full database installer.
  • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with AVG Anti-Spyware as follows:
  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Do not automatically generate reports".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
  • You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
  • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  • Exit AVG Anti-Spyware when done and reboot normally.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.
Click to expand...

HOW TO DISABLE REAL-TIME PROTECTION

If your getting help from an expert and asked to disable real-time protection or want to use AVG Anti-Spyware as a stand-alone scanner before the trial period ends, do this:
  • Launch AVG Anti-Spyware.
  • From the "Status" menu, select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
  • Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
Note: If the trial period has already expired, the Resident Shield and Automatic Updates will automatically be inactivated and the program will no longer run at startup.
Click to expand...

HOW TO INSTALL & USE AVG ANTI-SPYWARE WITHOUT AN INTERNET CONNECTION

If you cannot use or do not have access to the Internet, you are going to need access to another computer (family member, friend, etc) with an Internet connection.

Method #1 (easiest)
Download AVG Anti-Spyware v7.5 and the AVG Anti-Spyware Full database installer which includes the complete database of AVG Anti-Spyware signature. Save both files to a CD or USB storage device so you can transfer them to the infected computer for installation.

Print out the AVG Anti-Spyware Install and Scan Instructions posted on this page so they will be readily available during setup and configuration. After transfer to the infected computer, install AVG Anti-Spyware following these instructions. Important! After install, make sure you double-click on the avgas-signatures-full-current.exe database installer to update the signature files. Exit when finished with the update and then scan with AVG Anti-Spyware following the instructions provided for either "SAFE MODE" or "NORMAL MODE".

Method #2
Download AVG Anti-Spyware v7.5 and save to the desktop.
1. Double-click on the avgas-setup.exe file to launch the install process and follow the same steps for installing and updating AVG Anti-Spyware as provided in "NORMAL MODE".
2. Now copy the avgas-setup.exe and the entire Signatures folder to a CD or USB storage device and transfer them to the infected computer for installation.

AVG Anti-Spyware's default location is: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
AVG Anti-Spyware's default definitions location is: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures

3. Install AVG Anti-Spyware using the same instructions as provided in "NORMAL MODE" but skip the part for updating since you already have the current set of definitions.
4. However, be sure to copy the entire Signatures folder to AVG Anti-Spyware's Signatures default location.
5. Finally scan with AVG Anti-Spyware following the instructions provided for either "SAFE MODE" or "NORMAL MODE".
Click to expand...

HOW TO REMOVE FILES FROM QUARANTINE
1. Launch AVG Anti-Spyware and click the "Infections" button.
2. Click the "Quarantine" tab, choose "Select All" and click "Remove finally".
3. A window will pop up asking "Are you sure you want to remove the selected files...?"
4. Choose "Yes".

HOW TO RESTORE FILES FROM QUARANTINE:
1. Launch AVG Anti-Spyware and click the "Infections" button.
2. Click the "Quarantine" tab and highlight the file(s) you want to restore.
3. Click "Restore".
Click to expand...
Click to expand...

Regards Howard :)

This thread is for the use of r2power only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Howard,

We were able to get a report when we did a partial scan. It seems to only be the full system scan that will not generate a report. We'll keep trying, but we thought we should give you what we have.

Thanks.
 
Absolutely no problems with your AVG Antispyware log there mate.

Please post a fresh Combofix log.

Regards Howard :)

This thread is for the use of r2power only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:



Folder::
C:\Program Files\Viewpoint
C:\VundoFix Backups
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\qoobox
Click to expand...


Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

Regards Howard :)

This thread is for the use of r2power only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Next steps

Howard,

Here are the two files. I assume that the word "Folder" in your quote was right and not the word "File", which was in your narrative. If not, we will need to run it again.

Thanks.
 
All clean.

Yes the word Folder:: was intentional.

Delete the following folder.

C:\qoobox.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of r2power only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

Jos
When fans take their love for Twitch streamers too far
Replies
12
Views
2K
yukka
Y
DjKraid
Steam: How to spot scams and how to avoid them
Replies
0
Views
18K
DjKraid
DjKraid
C
Solved Real stubborn malware that I can't find or get rid of
2
Replies
42
Views
28K
Broni
Broni

Latest posts

Back