What are awola, winferno, & spydawn?
- Thread starter marygg
- Start date
- Status
Blind Dragon
Posts: 3,774 +4
pretends to be a anti-spyware application but instead provides exaggerated or fake results of Spyware found on your computer. In order to clean the found items you must purchase the full commercial version of the software. These false results are actually used as a scare tactic to have you purchase their software. It goes without saying that you should not purchase this software.
Run Smitfraudfix
Download\install 'SuperAntiSpyware Home Edition Free Version' from HERE
Highjackthis Instructions
Please post the logs as attachments by using the paperclip ICON above your next reply
Run Smitfraudfix
- Download Smitfraudfix by S!ri from HERE
- Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
- Double-click SmitfraudFix.exe
- Select 2 and hit Enter to delete infected files.
- You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
- The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
- A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
Download\install 'SuperAntiSpyware Home Edition Free Version' from HERE
- Launch SuperAntiSpyware and click on 'Check for updates'.
- On the main screen click on 'Scan your computer'.
- Check: 'Perform Complete Scan then Click 'Next' to start the scan.
- Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
- Make sure everything found has a checkmark next to it,then press 'Next'.
- Click on 'Finish' when you've done.
It's possible that the program will ask you to reboot in order to delete some files.
Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Attach the notepad file here on your next reply
Highjackthis Instructions
- Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
- Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
- After installing, the program launches automatically, select Scan now and save a log
- After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.
***Under no circumstances should you add any items to the HJT ignore list. Under no circumstances should you change the directory that highjackthis downloads to. Under no circumstances should you Fix anything without specific instruction to do so. Under no circumstances should you click any buttons other that specified in the directions including AnalyzeThis!***
Please post the logs as attachments by using the paperclip ICON above your next reply
Blind Dragon
Posts: 3,774 +4
*Remove this post please (duplicate)
Blind Dragon
Posts: 3,774 +4
you may want to print out these instructions for reference, since you will have to restart your computer during the fix.
Please download FixWareout from one of these sites:
http://forums.subratam.org/index.php?act=Attach&type=post&id=43811
http://swandog46.geekstogo.com/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:
Click Fix Checked. Close HijackThis, and click OK to proceed.
At the end of the fix, you may need to restart your computer again.
Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.
Please download FixWareout from one of these sites:
http://forums.subratam.org/index.php?act=Attach&type=post&id=43811
http://swandog46.geekstogo.com/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:
- R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://sorgate.com/gatevc.php?pn=srch0p1total7s2
O2 - BHO: DeskalertsBHO - {E61B9B49-2001-4b8a-97EB-F1128224DCE3} - C:\Program Files\DeskAlerts\deskbar.dll
O4 - HKCU\..\Run: [wzif] C:\PROGRA~1\COMMON~1\wzif\wzifm.exe
O4 - HKCU\..\Run: [Else More] C:\DOCUME~1\MARIOA~2\APPLIC~1\TOOLFI~1\BurnBitsBib.exe
O4 - HKCU\..\Run: [Awola] "C:\Documents and Settings\Mario Amezcua_2\Application Data\Awola\Awola.exe" /MIN
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm231YYUS
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.151
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.112
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.112
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O20 - Winlogon Notify: pwewoaob - pwewoaob.dll (file missing)
O21 - SSODL: E404Helper - {a08a6db8-9fcf-4d98-993e-1535f43955dd} - e404d.dll (file missing)
Click Fix Checked. Close HijackThis, and click OK to proceed.
At the end of the fix, you may need to restart your computer again.
Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.
Blind Dragon
Posts: 3,774 +4
Print out or at least write down the folders and files listed below
Boot into Safe Mode
Use Windows Explorer to navigate to and delete the following files:
Folders:
After deleting the above Go to Start, click Search, click All files and folders, and then click More advanced options. Click the check boxes to Search system folders and Search hidden files and folders.
In the search box for All or part of the file name please type
Awola.exe and delete all instances
Spydawn and delete all instances
BurnBitsBib.exe and delete all instances
wzifm.exe and delete all instances
deskbar.dll and delete all instances
Reboot the computer into Normal Mode
-------------------------------------------------------------------------------------------------------
And just to be sure we got everything
Combofix
Combofix will automatically save the log file to C:\combofix.txt
In your next reply
Hijackthis log
Combofix log
Boot into Safe Mode
- Restart your computer and start pressing the F8 key on your keyboard.
- Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Use Windows Explorer to navigate to and delete the following files:
- Access Windows Explorer by clicking Start, point to All Programs, Accesories, and then click Windows Explorer. Or hold the windows key and press E
Folders:
C:\Program Files\DeskAlerts\<-This folder only
C:\Program Files\COMMONFiles\wzif<-This folder only
C:\Documents and Settings\Mario Amezcua_2\Application Data\TOOLFI~1<-This folder only
C:\Documents and Settings\Mario Amezcua_2\Application Data\Awola<-This folder only
C:\Program Files\RcvSystem<-This folder only
After deleting the above Go to Start, click Search, click All files and folders, and then click More advanced options. Click the check boxes to Search system folders and Search hidden files and folders.
In the search box for All or part of the file name please type
Awola.exe and delete all instances
Spydawn and delete all instances
BurnBitsBib.exe and delete all instances
wzifm.exe and delete all instances
deskbar.dll and delete all instances
Reboot the computer into Normal Mode
-------------------------------------------------------------------------------------------------------
And just to be sure we got everything
Combofix
- Download Combofix to your desktop.
- Double click combofix.exe & follow the prompts.
- A window will open with a warning.
- Type "1" (and Enter) to start the fix.
- When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
Combofix will automatically save the log file to C:\combofix.txt
In your next reply
Hijackthis log
Combofix log
Blind Dragon
Posts: 3,774 +4
You are doing great. There was a lot of infections on there. Still some left.
Please download VundoFix.exe to your desktop.
* Double-click VundoFix.exe to run it.
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.
-------------------------------------------------------------------------------------------------------
Re-scan with Hijackthis and attach log
Please download VundoFix.exe to your desktop.
* Double-click VundoFix.exe to run it.
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.
-------------------------------------------------------------------------------------------------------
Re-scan with Hijackthis and attach log
Blind Dragon
Posts: 3,774 +4
Ok, that got a few more off there.
Please Reboot into Safe Mode by tapping F8 before windows loads, select safe mode, and press enter
Go to start -> control panel -> add/remove programs
Remove/Uninstall the following if there:
My Web Search
ErrorSafe Free
Windows Plus
*In your next reply let me know which of these were there.
---------------------------------------------------------------------------------------------------------
While still in Safe Mode, Do a scan with Hijackthis and put a check next to the following if there:
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\7.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [was_check] C:\Program Files\ErrorSafe Free\PASmon.exe
O4 - HKLM\..\Run: [UERScw] C:\Program Files\ErrorSafe Free\UERScw.exe -c
O4 - HKLM\..\Run: [hosyc] C:\Program Files\Windows Plus\hosyc77798.exe
O4 - HKLM\..\Run: [843936ad] rundll32.exe "C:\WINDOWS\system32\qinfrptm.dll",b
Select Fix checked
Close Hijackthis for now.
Show hidden files through windows explorer
Use Windows Explorer to navigate to and delete the following files:
Files:
C:\C:\WINDOWS\system32\qinfrptm.dll <-This file only
Folders:
C:\Program Files\Windows Plus <-This folder only
C:\PROGRAM Files\MYWEBSearch <- This folder only
C:\Program Files\ErrorSafe Free<-This folder only
Reboot the computer into Normal Mode Run a scan with Hijackthis and save a log to attach here.
Please Reboot into Safe Mode by tapping F8 before windows loads, select safe mode, and press enter
Go to start -> control panel -> add/remove programs
Remove/Uninstall the following if there:
My Web Search
ErrorSafe Free
Windows Plus
*In your next reply let me know which of these were there.
---------------------------------------------------------------------------------------------------------
While still in Safe Mode, Do a scan with Hijackthis and put a check next to the following if there:
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\7.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [was_check] C:\Program Files\ErrorSafe Free\PASmon.exe
O4 - HKLM\..\Run: [UERScw] C:\Program Files\ErrorSafe Free\UERScw.exe -c
O4 - HKLM\..\Run: [hosyc] C:\Program Files\Windows Plus\hosyc77798.exe
O4 - HKLM\..\Run: [843936ad] rundll32.exe "C:\WINDOWS\system32\qinfrptm.dll",b
Select Fix checked
Close Hijackthis for now.
Show hidden files through windows explorer
- Access Windows Explorer by clicking Start, point to All Programs, Accesories, and then click Windows Explorer. Or hold the windows key and press E
- On the Tools menu in Windows Explorer, click Folder Options.
- Click the View tab.
- Under Hidden files and folders, click Show hidden files and folders and Turn Hide protected operating system files off.
Use Windows Explorer to navigate to and delete the following files:
- Access Windows Explorer by clicking Start, point to All Programs, Accesories, and then click Windows Explorer. Or hold the windows key and press E
Files:
C:\C:\WINDOWS\system32\qinfrptm.dll <-This file only
Folders:
C:\Program Files\Windows Plus <-This folder only
C:\PROGRAM Files\MYWEBSearch <- This folder only
C:\Program Files\ErrorSafe Free<-This folder only
Reboot the computer into Normal Mode Run a scan with Hijackthis and save a log to attach here.
Blind Dragon
Posts: 3,774 +4
Go to Start, click Search, click All files and folders, and then click More advanced options. Click the check boxes to Search system folders and Search hidden files and folders.
In the search box for All or part of the file name please type mwsbar
If any instances are shown Delete them.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------
If you have no other problems your logs look clean:
Update your Java Runtime Environment
You can go to Start -> Run -> type in Combofix /u
-This will unintstall combofix
-rehides hidden and system files
-Remove vundofix backups and combofix quarentine
-Creates a new fresh restore point.
You can remove Hijackthis from add/remove programs
You can delete smitfraudfix and fixwareout from the desktop
I didn't see spybot S & D in your log. I recommend you get it and follow these instructions
Spybot Search and Destroy
Now, if you would like to speed up how fast your computer boots up. Follow below
Through spybot S&D. Go to Mode and select advanced. then expand tools in the left pane, then double click system startup uncheck items that don't need to be started everytime you turn on your computer. If you don't know what something is you can post here or google for it. Don't uncheck anything in green.
In the search box for All or part of the file name please type mwsbar
If any instances are shown Delete them.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------
If you have no other problems your logs look clean:
Update your Java Runtime Environment
- Click the following link
Java Runtime Environment 6 Update 4 - The 4th option down is the one you want
- After the download locate and double click the installer jre-6u4-windows-i586-p-iftw.exe
- Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions except Java 6 Update 4
You can go to Start -> Run -> type in Combofix /u
-This will unintstall combofix
-rehides hidden and system files
-Remove vundofix backups and combofix quarentine
-Creates a new fresh restore point.
You can remove Hijackthis from add/remove programs
You can delete smitfraudfix and fixwareout from the desktop
I didn't see spybot S & D in your log. I recommend you get it and follow these instructions
Spybot Search and Destroy
- Download and install the latest version of Spybot - Search & Destroy (currently 1.5.2 (If you already have this version please open it, update, immunize, and Check for problems under search and destroy)
- When you have downloaded the program, double click on the downloaded file to start the installation. Follow the default selections, agreeing to the user agreements, and pressing the Next button until you get to the Select Additional Tasks screen.
- Make sure that the last entry ("Use system settings protection (Tea Timer)") IS checked.
- Press the Next button and then the Install button to start the installation process
- Check Run Spybot S&D press Finish. Spybot - S&D will now start
- The first screen asks if you want to backup your registry in order to be able to restore from it in the future. This can cause no harm, so it is a worthwhile task to do. You should click on the Create registry backup button
- Click on the Search for updates button. If updates are available then select the Download all available updates button
- When the updates are installed click on the Next button
- You should now click on the Immunize this system button. When it finishes click on Next button
- Then click on the button labeled Start using this program to begin using Spybot - Search & Destroy
- For help with any problems please see this guide Spybot tutorial
Now, if you would like to speed up how fast your computer boots up. Follow below
Through spybot S&D. Go to Mode and select advanced. then expand tools in the left pane, then double click system startup uncheck items that don't need to be started everytime you turn on your computer. If you don't know what something is you can post here or google for it. Don't uncheck anything in green.
Blind Dragon
Posts: 3,774 +4
You are very welcome marygg.
If you have any more problems please post in this thread
Regards
BD
The instructions given in this thread were for the use of marygg only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
If you have any more problems please post in this thread
Regards
BD
The instructions given in this thread were for the use of marygg only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Similar threads
Latest posts
-
QDEL technology set to become the premium display replacement to OLEDs by 2026
- Cal Jeffrey replied
-
What should i do?- bruno167573 replied
