Awola, maybe others.

Discussion in 'Malware Help (A Specialist Will Reply)' started by Arka, Jan 22, 2008.

  1. Arka

    Arka Private E-2

    I'm infected with Awola.

    I don't know if that's what it's called exactly, and there could be more to my problem than that; but there are other threads on this very problem. As far as I could tell, netiquette on MajorGeeks says I should make my own thread rather than invade someone else's.

    If I'm wrong, I'm very sorry for having made a redundant thread.

    Symptoms:

    - A yellow triangle with a black exclamation point in it sitting in my task bar. It spawns a large, intrusive word bubble telling me I'm infected with spyware and that Windows will download the Awola anti-spyware program if I click the bubble.

    - My system will freeze for several seconds at a seemingly random frequency. It always unfreezes, and anything I've done during the 'frozen' period (words I've typed, things I've clicked on, etc.) eventually happens after things come unfrozen.

    What I was doing when I first noticed the infection:

    - I'd been gone for two days, and my computer had been left on. When I came back I noticed my internet browser was open, and the word bubble was staring at me. I don't believe anyone touched my computer while I was gone.

    Hopefully I've attached everything properly.

    I did an AVG scan, but the log reads:

    I followed the directions in the "read me first and do these things" thread, and saved the log, and I payed special attention to where I saved the log, and this is what it gave me. I don't know if it's an errror or if I messed up or what.

    Anything you can do to help me would be appreciated.

    :major
     

    Attached Files:

    Arka, Jan 22, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Is your copy of Spywar Doctor a paid version or free trial? If free, uninstall it now.

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Uninstall the below software:
    J2SE Runtime Environment 5.0 Update 11
    Java(TM) 6 Update 3
    Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R3 - URLSearchHook: (no name) - <default> - (no file)
    O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\system32\s1940.dll
    O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1940.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Microsoft Windows Adapter 5.1.3214] C:\Documents and Settings\RICHARD\Application Data\pzruv.exe
    O4 - HKCU\..\Run: [Awola] "C:\Documents and Settings\RICHARD\Application Data\Awola\Awola.exe" /MIN
    O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1940.dll/blogimage

    After clicking Fix, exit HJT.

    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Check the 'Input script manually' box.
    • Click on the magnifying glass icon.
    • Copy everything in the Quote box below, and paste it in the box that opens:
    • Now click the 'Done' button.
    • Click on the traffic light icon and OK the prompt.
    • You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt
    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

    Make sure you tell me how things are working now!
     
    chaslang, Jan 22, 2008
    #2
  3. Arka

    Arka Private E-2

    The Spyware Doctor is a paid version. I can take it off and replace it with something if you think I'd be better off with another program. The freer the better, though.

    Hopefully I've attached the proper logs for you.

    My computer seems fine now. The word bubble's gone!


    Please let me know if there's anything more I need to do.

    If not, thank you so much for the help. I'm a grad student, so I have to make sure this computer stays healthy. Again, thanks!
     

    Attached Files:

    Arka, Jan 23, 2008
    #3
  4. Arka

    Arka Private E-2

    Sorry for the bump-post, but there DOES seem to be one issue present that I was dealing with after all this started:

    Every 30 seconds or so my browser will freeze up for about 5 seconds, then unfreeze. Anything I type during the frozen period will show up after things unfreeze. The cursor will move around just fine, but I can't click anything. If I click a link during the frozen period, the link will activate (can't think of a better way to word this, sorry) after the browser unfreezes.

    I don't know if this is a related issue, but it did begin to do this after I was infected with Awola.

    I thought it was an important detail to mention.
     
    Arka, Jan 24, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The problems you mentioned may not be malware. It could be due to something you are running. Do you notice those problems in safe boot mode? What about if you shutdown Spyware Doctor in normal boot mode.

    Uninstall AVG Antispyware now since you have a paid version of Spyware Doctor.
    I also recommend that you uninstall a-squared Free.

    Now do you still have a problem.

    It appears you may have missed a step from my previous message.

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.


    Is the below file something you saved?
    C:\Documents and Settings\RICHARD\My Documents\awola.txt
     
    chaslang, Jan 24, 2008
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds