a.doginhispen and skitodayplease help me!

I installed all the programs under Windows XP cleaning procedue on this website, but when I rebooted, I am still showing these websites (a.doginhispen and skitodayplease)in my history. My computer gets hijacked once a day and goes to some weird website (entropeneur.com?). It was also slow in loading windows after a reboot. After running all the fix programs, it does load faster, but I still see these two websites in my history and I just turned my computer on! Please help!!
Thank you,
Julie

 

Hi jmager4132,
Welcome to MajorGeeks!

I'll look at your logs and get back to you with some instructions. This takes quite a bit of time, so thanks for being patient.

abri

 

I just rebooted my computer after installing ZoneAlarm (I thought Windows Defender was a firewall) and it was sooo slow in starting again, so that problem has not gone away. Thanks for your help and for this forum!!

 

Hi jamager,
Your computer is infected. That's most likely why it's slow. Please don't install anything right now.

Download FindAWF.exe

• Save to your desktop.
• Double-click the FindAWF icon.
  • If a Security Alert shows, allow the program to run.
• As instructed, press any key to continue.
• Use the following option: Press 2 then Enter to restore files from bak folders
• A text file opens called: files.txt
• Click below the line and paste the following list of files to be restored:

• Next, close and click Yes to save the changes.
• Once files.txt is saved, FindAWF does the following:
  • It attempts to terminate the process represented by each filename on the list, if running
  • Deletes the rogue file from the parent folder, if present
  • Copies the original file to the parent folder
• When done with the above, it automatically runs a new scan and opens a new log.
• Please attach the new FindAWF log to your next message.

Now we need to use ComboFix to remove some malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

File::
C:\Documents and Settings\Rusty\Local Settings\Temp\1053775503.exe
C:\Documents and Settings\Owner\Local Settings\Temp\2914861317.exe
C:\Documents and Settings\Owner\Local Settings\Temp\543175841.exe
C:\Documents and Settings\Owner\Local Settings\Temp\936654491.exe
 
Folder::
C:\WINDOWS\system32\bak

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run Ccleaner!


Now run C:\MGtools\GetLogs.bat file by double clicking on it. Attach the new MGlogs.zip (found directly under C just above the superman icon) along with the new FindAWF log and the Combofix log.

abri

 

Ok, I did as instructed, here are the logs! Hope and pray it worked!

Julie

 

Hi jmager,

It looks like you are using Avast for your antivirus. I see evidence in the following folders of other antivirus programs. Have they all been uninstalled except for these remnant folders or do you have more than one antivirus program installed even if they are not all running?

C:\Program Files\Panda Security
C:\Program Files\McAfee
C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll

If you look at the log called log.txt and scroll not quite halfway down the page, you will see a lot of entries for Zonelabs antivirus. Please tell me more about this.


Next continue as follows:

Now we need to use ComboFix to remove some duplicate files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it :

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

When you finish, please attach the Combofix and MGlogs.zip to your next post along with the information regarding my questions about the antivirus programs.

abri

 

abri,
The antivirus software that I use is Avast. Zone Labs is ZoneAlarm Spy Blocker I am using for a firewall, which I downloaded earlier today. The McAfee is gone, and I don't remeber downloading this Panda, so I got rid of it. Attached are the logs requested!!
Thank you!!
Julie

 

Hi jmager,
That looks good. How is your computer working?

If things are running okay, I would like for you to continue with the final cleanup intructions:

abri

 

Thank you so much. My computer works much better now. I am very grateful for the service you all provide!!!!

Julie

 

Glad things are working better!
Do read through the thread How to protect yourself from malware. It's an easy read and has a lot of useful information.
abri