Tech Support Team

kr4614 · #1 (**permalink**) **Top** 4th February 2008, 12:37 AM

Ok I have been trying for 2 days to figure this out...I need help inluding on how run FindAWF...everytime I bootup trend micro give me a security alert you have tried to open a dangerous website a.doginhispen...please help...thanks in advance!

bushwhacker · #2 (**permalink**) **Top** 4th February 2008, 12:46 AM

Wrong forum, if you are having some security problems, please head to Security Forum from the TST page.

Enjoy your stay.

Howard · #3 (**permalink**) **Top** 4th February 2008, 12:57 AM

Hello and welcome to

I have moved your thread to the correct forum.

Please go and follow the instructions in this thread HERE. Then, post the requested log files.

Regards Howard

This thread is for the use of kr4614 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

kr4614 · #4 (**permalink**) **Top** 4th February 2008, 01:28 AM

I downloaded HJT to desktop but ut won't let me rename ...tried right click rename 4 times

Howard · #5 (**permalink**) **Top** 4th February 2008, 01:31 AM

Once you`ve downloaded HJT, double click the icon and it will install HJT to the correct directory. You can then delete the installer.

Then, go and rename HijackThis.exe as per the instructions.

Regards Howard

This thread is for the use of kr4614 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

kr4614 · #6 (**permalink**) **Top** 4th February 2008, 03:00 AM

ok I tried FindAWF but nothing changed...After pasting it scrolls repeating some kind of error and then new screen scrolls can't locate file (too fast to read) here is step 3 results

Howard · #7 (**permalink**) **Top** 4th February 2008, 03:17 AM

Ok mate, we need to do this one step at a time.

Please download FindAWF to your Desktop.
Double-click FindAWF.exe to start the tool.
Select "option #1 - Scan for bak folders" by typing 1 and press Enter
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.

Regards Howard

This thread is for the use of kr4614 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

kr4614 · #8 (**permalink**) **Top** 4th February 2008, 03:49 AM

Here you go, sorry its so slow...Thanks so much

Howard · #9 (**permalink**) **Top** 4th February 2008, 06:30 AM

Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.

Double-click FindAWF.exe to start the tool. Then, do the following
Select "option #2 - Restore files from bak folders" by typing 2 and press Enter .
A text file will open up. Please copy/paste the following text from the quote box (all except the word QUOTE) into the text file.

Quote:

"C:\hp\KBD\bak\KBD.EXE"

"C:\Program Files\AIM\bak\aim.exe"

"C:\Program Files\DISC\bak\DISCover.exe"

"C:\Program Files\iTunes\bak\iTunesHelper.exe"

"C:\Program Files\Microsoft ActiveSync\bak\wcescomm.exe"

"C:\Program Files\QuickTime\bak\qttask.exe"

"C:\WINDOWS\CREATOR\bak\Remind_XP.exe"

"C:\WINDOWS\ehome\bak\ehtray.exe"

"C:\WINDOWS\SMINST\bak\RECGUARD.EXE"

"C:\WINDOWS\system32\bak\ctfmon.exe"

"C:\Program Files\Canon\MyPrinter\bak\BJMyPrt.exe"

"C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolb arNotifier.exe"

"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.csv"

"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"

"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"

"C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe"

"C:\Program Files\Veoh Networks\Veoh\bak\VeohClient.exe"

"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"

"C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"

"C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"

Close the .txt file and click Yes to save the changes.
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt in your next reply as an attachment.

Regards Howard

This thread is for the use of kr4614 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

kr4614 · #10 (**permalink**) **Top** 4th February 2008, 02:40 PM

Hi Howard, I have to FindAWF in safemode...how do I save the text to paste in text on step 2 and then paste after I restart in safemode? sorry I am inexperienced with safemode...Thanks and Thanks for your paitence!

Howard · #11 (**permalink**) **Top** 4th February 2008, 02:50 PM

Why do you need to use FindAWF in safe mode? Normally, you would follow my instructions from normal mode.

You could copy and paste my instructions to a notepad file, then you could have the file open in safe mode, so you could follow the instructions.

Regards Howard

This thread is for the use of kr4614 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

kr4614 · #12 (**permalink**) **Top** 4th February 2008, 03:51 PM

Got it, be there momentarily

Originaly i tried to run FindAWF in normal and it would not run...search would flash for a couple hrs and no search performed. Look like all the 01/31/08 events are gone...that is the day this happened i thank...here you go...Thanks!

Howard · #13 (**permalink**) **Top** 4th February 2008, 04:03 PM

Please double-click the FindAWF icon once again
This time we are going to remove some folders.

Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

Quote:

C:\hp\KBD\bak

C:\Program Files\AIM\bak

C:\Program Files\DISC\bak

C:\Program Files\iTunes\bak

C:\Program Files\Microsoft ActiveSync\bak

C:\Program Files\QuickTime\bak

C:\WINDOWS\CREATOR\bak

C:\WINDOWS\ehome\bak

C:\WINDOWS\SMINST\bak

C:\WINDOWS\system32\bak

C:\Program Files\Canon\MyPrinter\bak

C:\Program Files\Google\GoogleToolbarNotifier\bak

C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak

C:\Program Files\HP\HP Software Update\bak

C:\Program Files\ScanSoft\OmniPageSE4.0\bak

C:\Program Files\Veoh Networks\Veoh\bak

C:\Program Files\Common Files\Real\Update_OB\bak

C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak

C:\Program Files\Java\jre1.6.0_03\bin\bak

Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log

Regards Howard

This thread is for the use of kr4614 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

kr4614 · #14 (**permalink**) **Top** 4th February 2008, 04:39 PM

I was to run in normal mode, couldn't yesterday...computer is faster...here is awf3...Thanks

Howard · #15 (**permalink**) **Top** 4th February 2008, 04:42 PM

Ok mate, that`s looking a whole lot better. However, we still need to get rid of a few more entries.

Double-click FindAWF.exe to start the tool. Then, do the following
Select "option #2 - Restore files from bak folders" by typing 2 and press Enter .
A text file will open up. Please copy/paste the following text from the quote box (all except the word QUOTE) into the text file.

Quote:

"C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolb arNotifier.exe"
"C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"

Close the .txt file and click Yes to save the changes.
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt in your next reply as an attachment.

Regards Howard

This thread is for the use of kr4614 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

kr4614 · #16 (**permalink**) **Top** 4th February 2008, 04:55 PM

Here you go

Howard · #17 (**permalink**) **Top** 4th February 2008, 04:59 PM

Please double-click the FindAWF icon once again
This time we are going to remove some folders.

Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

Quote:

C:\Program Files\Google\GoogleToolbarNotifier\bak
C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak
C:\Program Files\Java\jre1.6.0_03\bin\bak

Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log

Regards Howard

This thread is for the use of kr4614 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

kr4614 · #18 (**permalink**) **Top** 4th February 2008, 05:10 PM

Wow feel like we are really moving along! lol here you go Howard!!

Howard · #19 (**permalink**) **Top** 4th February 2008, 05:23 PM

Ok mate, we now need to remove some entires manually. After doing this, you will need to re-install your Google Toolbar and your scansoft software.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Google
ScanSoft

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

googletoolbar1user.exe
GoogleSketchUpWEN.exe
GoogleToolbarNotifier.exe

GoogleToolbarInstaller.exe
GoogleUpdaterService.exe
SSBkgdupdate.exe
SSBkgdupdate.exe

Close task manager.

Locate and delete the following bold files and/or folders(if there).

C:\Program Files\Google<Delete the entire folder.
C:\Documents and Settings\Compaq_Administrator\My Documents\GoogleSketchUpWEN.exe
C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe
C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak

Reboot into normal mode and rehide your protected OS files.

Double-click FindAWF.exe to start the tool.
Select "option #1 - Scan for bak folders" by typing 1 and press Enter
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.

Also, please post a fresh HJT log.

Regards Howard

This thread is for the use of kr4614 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

kr4614 · #20 (**permalink**) **Top** 4th February 2008, 05:28 PM

only one problem...this computer is on linksys wireless and it only allows you to access the admin account

what do I do? Thanks Howard