| Hello and Welcome to Tech Support Team! Before you can start posting and answering questions, you'll have to register. Registration is fast, simple and absolutely free! Feel free to browse through existing questions by choosing the forum you want to visit below. | |
|
 | 
7th February 2008, 12:42 AM
|  | Newcomer | | Join Date: Feb 2008, 13 posts. Reputation:  | | | [SOLVED] Help with a.doginhispen. HJT attached please look
I ran FindAWF and followed the instructions for options one, two, and three (as posted in the sticky). I still ended up with duplicate bak directories :frown:
I attached the HJT log. I, of course, can't make much sense of it. Could someone please take a look and let me know how to get rid of this thing? Thanks a ton
-BJR
|
7th February 2008, 12:46 AM
| | TST Master | | Join Date: Dec 2007, 3,366 posts. Reputation: | | Hello and welcome to 
Please download FindAWF to your Desktop.
Double-click FindAWF.exe to start the tool.
Select "option #1 - Scan for bak folders" by typing 1 and press Enter
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.
Regards Howard  This thread is for the use of BJRuecks only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum. |
8th February 2008, 12:42 AM
| | Newcomer | | Join Date: Feb 2008, 13 posts. Reputation: | | | fresh awf
here's a fresh AWF log for option 1. I ran options 1-3 already according to the instructions in the sticky. Let me know if you find anything I need to change. Thank you for your fast response.
BJR
|
8th February 2008, 12:50 AM
| | TST Master | | Join Date: Dec 2007, 3,366 posts. Reputation: | |
Ok, if we can`t successfully get rid of these with the FindAWF tool, we`ll have to manually delete them, which isn`t that much of a problem.
Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.
Double-click FindAWF.exe to start the tool. Then, do the following
Select "option #2 - Restore files from bak folders" by typing 2 and press Enter .
A text file will open up. Please copy/paste the following text from the quote box (all except the word QUOTE) into the text file. Quote:
"C:\WINDOWS\system32\bak\JMRaidTool.exe"
"C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolb arNotifier.exe"
| Close the .txt file and click Yes to save the changes.
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt in your next reply as an attachment.
Regards Howard  This thread is for the use of BJRuecks only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum. |
8th February 2008, 10:25 PM
| | Newcomer | | Join Date: Feb 2008, 13 posts. Reputation: | | |
Here's the new report. What did the inf file do?
-BJR-
|
9th February 2008, 09:23 AM
| | TST Master | | Join Date: Dec 2007, 3,366 posts. Reputation: | |
The .inf file did exactly what it says it did. I.E. Delete any sites that are added to the trusted zone.
Please double-click the FindAWF icon once again
This time we are going to remove some folders.
Use the following option: Press 3 then Enter to remove bak folders
A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed: Quote:
C:\WINDOWS\system32\bak
C:\Program Files\Google\GoogleToolbarNotifier\bak
|
Next, close and click Yes to save the changes.
When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log
Regards Howard This thread is for the use of BJRuecks only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum. |
9th February 2008, 10:30 PM
| | Newcomer | | Join Date: Feb 2008, 13 posts. Reputation: | | |
new report attached. The jmraidtool is still showing up as a duplicate file. What exactly does that mean? Thanks Howard. You're the man.
-BJR-
|
10th February 2008, 07:16 AM
| | TST Master | | Join Date: Dec 2007, 3,366 posts. Reputation: | |
Ok, we`re going to have to delete this manually.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier. Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE. In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for( if there).
JMRaidTool.exe
Close task manager.
Locate and delete the following bold files and/or folders( if there).
C:\WINDOWS\system32\ JMRaidTool.exe
Now, go to the following directory and drag the JMRaidTool.exe file into your C:\windows\system32 folder.
C:\WINDOWS\system32\bak\ JMRaidTool.exe
Then, delete the C:\WINDOWS\system32\ bak folder.
Reboot into normal mode and rehide your protected OS files.
Run the FindAWF tool option 1 and post the awf.txt log.
Also, please do the following.
Download combofix.exe. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "Y" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Combofix will automatically save the log file to C:\combofix.txt
Post the Combofix log as well as a fresh HJT log.
Regards Howard This thread is for the use of BJRuecks only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum. |
12th February 2008, 03:03 AM
| | Newcomer | | Join Date: Feb 2008, 13 posts. Reputation: | | |
OK Howard hopefully this is the last go around. I followed the directions exactly. The logs are attached. Question: Did all of this clean up the damage caused by the virus, or get rid of the virus completely (or both)? Thanks again.
-BJR-
|
12th February 2008, 03:25 AM
| | TST Master | | Join Date: Dec 2007, 3,366 posts. Reputation: | |
That all looks clean.
Unless you`re still having problems, you should be good to go.
If you`re not having any problms, please do the following.
Click start/run and type combofix /u into the run box and hit the enter key. Note the space between combofix and forward slash. This will uninstall Combofix and all it`s folders etc. Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard This thread is for the use of BJRuecks only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum. |
16th February 2008, 12:15 AM
| | TST Master | | Join Date: Dec 2007, 3,366 posts. Reputation: | |
I`m marking this thread solved.
If you need this thread re-opened please contact a moderator or PM me.
Regards Howard | |  Only registered members can participate in forum threads. You must register or log in to contribute.
All times are GMT. The time now is 11:45 PM.
|
|
|
Submit Your Article 
Forum Rules 
FAQ 
About Us 
Main Menu
Contact Us