On Windows Vista and 7: Insert the Windows CD into the CD-ROM drive and restart the computer.Click on "Repair Your Computer"When the System Recovery Options dialog comes up, choose the Command Please provide the new FindAWF log in your reply . Now run Option 4. Go to Start > Run and copy and paste next command in the field: ComboFix /u Make sure there's a space between Combofix and / Then hit Enter. http://p2pzone.net/need-help/need-help-with-a-doginhispen.html
Action taken: Cannot delete. Dec 6, 2007 #5 evilfantasy Banned Posts: 428 Double-click the FindAWF icon once again If a Security Alert shows, allow the program to run. Ask a Question See Latest Posts TechSpot Forums are dedicated to computer enthusiasts and power users. Alternatively they may be installed by visiting a malicious web page (either by clicking on a link, or by the website hosting a scripted exploit which installs the Downloader onto the
Adam Smith Glasgow, 1760 Back to top #6 nasdaq nasdaq Forum Deity Global Moderator 49,124 posts Posted 22 October 2007 - 07:36 AM Glad we could help. When done, a text file, Find AWF report is produced. I am concerned that I may have lost some functionality in my applications. Starter Edition\NTPrint\NILaunch.exe" 24576 Feb 5 1998 "C:\WINDOWS\system32\bak\NILaunch.exe" 26636 Oct 19 2007 "C:\!KillBox\psdrvcheck.exe" 406016 Mar 11 2004 "C:\WINDOWS\system32\bak\PSDrvCheck.exe" 26636 Oct 19 2007 "C:\!KillBox\hpbootop.exe" 1605740 Sep 21 2005 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe" 26636
When finished, it will produce a log for you. 3. In such cases, once the threat is removed the original files need to be restored from backup. You can donate using a credit card and PayPal. Here is the combo fix logComboFix 07-11-08.1 - Compaq_Administrator 2007-11-08 19:09:51.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.451 [GMT -5:00]Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other
Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program. Use the following option: Press 3 then Enter to remove bak folders A text file opens called: folders.txt Click below the line and paste the following list of folders to be Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. or read our Welcome Guide to learn how to use this site.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program. It should have cleared the infected restore points so hopefully the Trend Micro alerts will stop. Is there a problem here?...do I need to do more as a result? There were also registry entries added.
Zone 2 is regarded by Internet Explorer as "This zone contains web sites that you trust not to damage your computer or your files." The Trojan alters the following values in read this article Next run ATF Cleaner with all boxes checked. I have used excite.com for my email and homepage for probably 8-10 years now without a problem, but I am confused why I cannot even get there now. Their technician remotely controlled my computer and downloaded killbox and used it to delete files.
Thank you, here is my log file: (after fixing whataboutadog) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:08:05 PM, on 10/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Music Jukebox\ymetray.exec:\program files\common files\aol\1102898379\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exeC:\Program Files\Common Files\AOL\1102898379\EE\aolsoftware.exeC:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEC:\Program Files\Yahoo!\UPnP\yupnpsrv.exeC:\Program Files\Yahoo!\Yahoo! From the desktop Right-click on DelDomains.inf Select Install making sure Internet Explorer is closed. Please read and follow How did I get infected?, With steps so it does not happen again!as well asHow to prevent Malware' by miekiemoes If you want to improve speed/system performance
Right Click Start. 2. Download DelDomains.inf IE users Right-click on the link and select Save As. Download OTMoveIT to the desktop. check over here That is the worst BitDefender scan I have seen.
You can donate using a credit card and PayPal. Music Jukebox\ymetray.exec:\program files\common files\aol\1102898379\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exec:\program files\common files\aol\1102898379\ee\aolsoftware.exec:\program files\internet explorer\iexplore.exeC:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar When I restarted, there was a new entry of a.doginhispen in my history, and another "checkin" of b.whataboutadog in my history as well. That was a waste of money.
Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. The list of compromised programs is below. Once files.txt is saved, FindAWF does the following: -It attempts to terminate the process represented by each filename on the list, if running -Deletes the rogue file from the parent folder, this content This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again Dec 7, 2007 #20
However, I now close the pop-ups through task manager by killing the IEXPLORE.EXE process. When I asked him about restoring the files, he disconnected me. Music Jukebox\ymetray.exeO8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: &Yahoo! Back to top #13 SifuMike SifuMike malware expert Staff Emeritus 15,385 posts OFFLINE Gender:Male Location:Vancouver (not BC) WA (Not DC) USA Local time:12:17 PM Posted 14 November 2007 - 10:41
Dec 7, 2007 #19 evilfantasy Banned Posts: 428 Those two logs are clean. Everyone else please begin a New Topic. No, it did not acesses data. If you require support, please visit the Safety & Security Center.Other Microsoft sitesWindowsOfficeSurfaceWindows PhoneMobile devicesXboxSkypeMSNBingMicrosoft StoreDownloadsDownload CenterWindows downloadsOffice downloadsSupportSupport homeKnowledge baseMicrosoft communityAboutThe MMPCMMPC Privacy StatementMicrosoftCareersCitizenshipCompany newsInvestor relationsSite mapPopular resourcesSecurity and privacy
Were you working with another forum? Dec 6, 2007 #10 stellaj76 TS Rookie Topic Starter Posts: 68 not sure it's clean I did all these things...and thank you so much for your help, but I don't think This trojan may also replace the executables listed under the startup run registry entries with copies of itself. Dec 6, 2007 #17 evilfantasy Banned Posts: 428 No problem I am about done for tonight as well.
You won't see anything happen. Uncheck the Hide protected operating system files (recommended) option. 8. Everyone else please begin a New Topic. Find AWF report by noahdfear ©2006 Version 1.40 Option 3 run successfully The current date is: Thu 11/08/2007 The current time is: 17:57:43.81 bak folders found ~~~~~~~~~~~ Directory of C:\PROGRA~1\MESSEN~1\BAK 0
This trojan tries to download other malware from various websites and also lowers security settings on the compromised machine. Dec 6, 2007 #15 evilfantasy Banned Posts: 428 Please download Combofix by sUBs from either here or here Save Combofix.exe to your your Desktop. 1. Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransferO4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServerO4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotifyO4 - also files in the run area of the registry were copied to the \bak folder and replaced by another file.