Whataboutadog

Status
Not open for further replies.
K

koao

Today, I turned on my computer, and half of my applications do not work.

1) I have infered the following:

iexplore.exe runs in the background, everytime this happens.

I found this site, and ran FindAWF:


Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Fri 10/19/2007
The current time is: 20:38:57.39


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report
 
Hello and welcome to Techspot.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.

Please download FindAWF to your Desktop.
Double-click FindAWF.exe to start the tool.
Select "option #1 - Scan for bak folders" by typing 1 and press Enter
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.

Regards Howard :wave: :wave:

This thread is for the use of koao only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Thanks for replying.

1) I have ran the inf file as indicated.
2) I ran the FindAWF and saved a log.
3) I ran Hijackthis, saved a log.

The number of bak directories has decreased since i ran it four hours ago.

The behavior of the virus is still there, however.
 
Both log files are clean.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard :)

This thread is for the use of koao only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hi, I'm new to the forums and just wanted to make a quick post.

I discovered your wonderful forums after spending hours researching a problem that turned out to be the aboutadog download.awf trojan(?). Through the info I found here, I was quickly able to fix the machine.

I do have a couple of questions -- does anyone understand the infection vector of aboutadog? Did my client click on a bad link, not have up-to-date patching? Why won't Norton, AVG, SpyBot S&D, or AdAware detect this (even from a PE boot-cd environment)? Is the Author of the exploit trying to point out vulnerabilities or just being nice by making the bak files so easy to reinstall?

Any comments would be welcome.

Thanks!

David
 
Hello and welcome to Techspot.

The Whataboutadog etc trojan is caused by the trojan called Downloader.Agent.awf. It replaces legitimate files that are common on most computers with an infected file. Then, it moves the legitimate files to a bak or backup folder.

Exactly how your computer became infected is any ones guess, but as with most infections, user error is usually to blame.

I don`t have to know exactly how and why an infection works, I just need to be able to get rid of it once it`s identified.

Why won't Norton, AVG, SpyBot S&D, or AdAware detect this
Click to expand...

Basically, even if they could detect it I doubt it`d do any good as it alters so many legit files and you can`t tell by simply looking at the files. If an AV programme was to quarantine the infected files, your system would soon become unusable. In anycase, they certainly aren`t detecting it at the moment and why that is I don`t know.

Is the Author of the exploit trying to point out vulnerabilities or just being nice by making the bak files so easy to reinstall?
Click to expand...

I doubt very much if the author of the infection is being nice at all. I suppose it`s possible that the author is just being mischevious, but I don`t know for sure. I don`t know the specifics, but there will be a reason as to why the infection makes backups of the original files.

Whatever the reason, it`s a good job it does, otherwise we`d have a real nightmare on our hands.

Regards Howard :wave: :wave:

This thread is for the use of koao only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
1) Followed all instructions completely.

2) Whataboutadog is back. HJT shows it. :(

3) AVG did not find anything, avast did not show any viruses.

4) I had to disable Internet Explorer through firewall as of right now, due to the fact everytime I restart my computer, Iexplore shows up as a process as in background mode.

5) Panda rootkit found nothing.
 
In that case, you`d better do the following again.

Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.

Please download FindAWF to your Desktop.
Double-click FindAWF.exe to start the tool.
Select "option #1 - Scan for bak folders" by typing 1 and press Enter
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.

Post a fresh HJT log as well.

Regards Howard :)

This thread is for the use of koao only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
After running looking at my processes through AVG, I noticed that FindAWF did not pick up one. I ran FindAWF again, it did not pick it up.

So I am going to remove it manually.

EDIT:
After removing several instances of Java,

It seems it will not appear again.

Thank you for your help and time, Howard ~!

The 2nd one is the one after I removed Java~
 
Everything looks clean mate.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of koao only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

midian182
Amazon Prime Video will introduce ads to its movies and TV shows starting January 29
Replies
23
Views
508
ZackL04
Z
Shawn Knight
Former intelligence official claims US has retrieved partially and fully intact craft...
2 3
Replies
65
Views
2K
Gastec
Gastec
Daniel Sims
The iPhone 14 Pro almost supported ray tracing
Replies
21
Views
1K
neeyik
neeyik

Latest posts

Back