Trojan help?! - VeggieBoards
Forum Jump: 
 
Thread Tools
#1 Old 02-28-2008, 05:37 PM
Veggie Regular
 
Beachbnny's Avatar
 
Join Date: Feb 2007
Posts: 3,875
So apparently I have a virus. I don't think I can infect anyone else but I'd really love some trustworthy advice. I've looked things up but I don't understand what the sites are asking me to do.



Everyday I have these sites appear in my history:



88.80.7.66

a.doginhispen

b.skitodayplease



I've read that this is pretty bad. I've since blocked the sites but I doubt that will help. The only issue I've had with this is that any new windows I try and open take forever to load. As in, 2-3 minutes to open any new window or link.



Any advice? I read that if you scrub the files it comes back. I've seen a very limited number if success stories but again, I just don't get what they did... nor do I really trust the sites the info is posted on.



Help?! Please?!
Beachbnny is offline  
Sponsored Links
Advertisement
 
#2 Old 02-28-2008, 05:58 PM
Veggie Regular
 
MissGarbo's Avatar
 
Join Date: Dec 2006
Posts: 443
Backup your data.



I googled for you, hopefully you can find your answer in one of these places:**

http://forums.techguy.org/malware-re...se-trojan.html

http://www.techspot.com/vb/topic98604.html

http://www.bleepingcomputer.com/forums/topic129659.html



If it were me I would try the FindAWF.exe program that is referenced first.



**Edit... sorry On further examination, this does look pretty sticky. I would post on one of those boards where people are getting help with it. (Are those pay sites?)



Do you have Ad-Aware and/or Spybot: Search and Destroy? Those are both trustworthy, free programs (try cnet.com or tucows). They will remove a lot of crap from your computer without hurting it. Make sure you DO backup your system registry before using Spybot--I once had a glitch with it, but it was on Windows ME.



I would also recommend Sygate Personal Firewall (also free). If you learn how to use it, it helps you recognize when you've got a malicious program right away.
MissGarbo is offline  
#3 Old 02-28-2008, 06:18 PM
Veggie Regular
 
Beachbnny's Avatar
 
Join Date: Feb 2007
Posts: 3,875
Thank you I believe it said somewhere when I did some google'ing that Adaware won't fix it. Both Adaware and Spybot recognize the program but can not get rid of it. Hence the call for help lol



I saw the mention of the FindAWF program but what is that exactly? My computer is well backed up, on a seperate noninfected, (I believe) not connected hard drive. Thank Goodness for that!



I'd ask my friend's husband who is a program code writer something manger guy but he won't be available until next week.



ps- Anyone know how you get this stuff? Our computer is on lock down, always, and all we visit is VB, e-mail, drudge, and three other very trusted sites. That's it so uh... how did this get here?



Thanks again
Beachbnny is offline  
Sponsored Links
Advertisement
 
#4 Old 02-28-2008, 06:37 PM
Veggie Regular
 
mazikeen's Avatar
 
Join Date: Sep 2005
Posts: 2,977
If you can locate the program that's causing the problem, you could remove it manually. Usually, if a program cannot be removed, it's because it's running. You can restart your computer in safe mode (restart and press F8 as your computer is booting), which will mean that only the basic programs will run, and remove the offensive program.



Hope this helps!!
mazikeen is offline  
#5 Old 02-28-2008, 06:46 PM
Veggie Regular
 
MissGarbo's Avatar
 
Join Date: Dec 2006
Posts: 443
Quote:
Originally Posted by Beachbnny View Post


I saw the mention of the FindAWF program but what is that exactly? My computer is well backed up, on a seperate noninfected, (I believe) not connected hard drive. Thank Goodness for that!

It seems to be a program written by a private party (these people, looks like) for the purpose of removing this specific trojan. It looks legit enough to me but it also does not look user-friendly. If you can get some free help about how to use it from one of those boards, that would be the best plan. This is a very particular problem, I don't know that anyone around VB is an expert on it. So post there, and hopefully someone will walk you through it.



Can you unplug the drive your stuff is backed up on? It isn't necessary if it's really not electronically connected, I'm just a bit nervous if you don't know for sure.



I don't know how it got on... have you installed any new software or devices recently? What browser do you use? Windows is not my O/S anymore so I'm a bit rusty, maybe someone else has an idea.
MissGarbo is offline  
#6 Old 02-28-2008, 07:32 PM
Veggie Regular
 
Beachbnny's Avatar
 
Join Date: Feb 2007
Posts: 3,875
Quote:
Originally Posted by mazikeen View Post

If you can locate the program that's causing the problem, you could remove it manually. Usually, if a program cannot be removed, it's because it's running. You can restart your computer in safe mode (restart and press F8 as your computer is booting), which will mean that only the basic programs will run, and remove the offensive program.



Hope this helps!!



Thank you I know about safe mode but this is waaaay beyond stuff like that. It's a straight up mean little virus that I didn't put here and can't get rid of. Thank you though



Quote:
Originally Posted by MissGarbo View Post

It seems to be a program written by a private party (these people, looks like) for the purpose of removing this specific trojan. It looks legit enough to me but it also does not look user-friendly. If you can get some free help about how to use it from one of those boards, that would be the best plan. This is a very particular problem, I don't know that anyone around VB is an expert on it. So post there, and hopefully someone will walk you through it.



Can you unplug the drive your stuff is backed up on? It isn't necessary if it's really not electronically connected, I'm just a bit nervous if you don't know for sure.



I don't know how it got on... have you installed any new software or devices recently? What browser do you use? Windows is not my O/S anymore so I'm a bit rusty, maybe someone else has an idea.



The drive we put our stuff on is never hooked up to the computer. It's plugged in but only to an independant power suply not to the USB that connects it to the computer only for when we do backups. Unfortunately, it has been plugged in since I got this (I think) but I have no idea if it would trasfer. (ETA: That original sentence was supposed to imply that I don't think the drive is infected, not that I'm not sure if it's plugged in. It's definitely not, lol. I just looked and noticed that was confusing.)



I just put a post up on a site I trust with technology inclined people. I'll see what they say. That program doesn't look user friendly, does it? I stared at the screen of directions and I swear it was in Latin lol. I do use IE (not 7) and it's bad bad bad. I know better and should use firefox or netscape or something. My block obviously failed cause it's already back again. Dang it. lol



Thank you again I was just kinda hoping someone here was knowledgable about trojans like this and could offer me some advice. I'll keep trying...
Beachbnny is offline  
#7 Old 02-28-2008, 07:36 PM
Veggie Regular
 
gillibean's Avatar
 
Join Date: Oct 2007
Posts: 1,794
I'm no help with the current virus but after my hard drive was wiped out by a virus I installed AVG. It's a free antivirus program that I use in addition to the ie spyware thing plus a seperate spyware program. It had pretty good reviews and its very easy to use and install. http://free.grisoft.com/doc/2/lng/us/tpl/v5
gillibean is offline  
#8 Old 02-28-2008, 08:06 PM
Newbie
 
Karate Princess's Avatar
 
Join Date: Feb 2008
Posts: 9
Quote:
Originally Posted by mazikeen View Post

If you can locate the program that's causing the problem, you could remove it manually.



This is actually what I did recently. My PC was infected with the CWS trojan and although it was detected everytime I ran the spysweeper program, I only had the trial version of spysweeper so couldn't remove it.



Other programs wouldn't detect it but although spysweeper could detect it it couldn't be used to remove it!



So I followed the path shown in spysweeper and removed it manually. Since then I have ran many different scans and it has not shown up again.



Can you copy and paste (or write down) the file path of the trojan? Like C://Windows/Appdata/locallow... etc etc and then follow it manually yourself and remove it that way?



I tried to remove this trojan many times with various products and in the end this was the only way that finally removed it for me.



Good luck!
Karate Princess is offline  
#9 Old 02-28-2008, 08:12 PM
Veggie Regular
 
Skylark's Avatar
 
Join Date: Nov 2001
Posts: 15,684
*insert obligatory joke about Trojan condom help here*

Q: How many poets does it take to change a light bulb? A: 1001...one to change the bulb, 1000 to say it's already been done.
Skylark is offline  
#10 Old 02-28-2008, 08:13 PM
Veggie Regular
 
Beachbnny's Avatar
 
Join Date: Feb 2007
Posts: 3,875
I... don't know lol. How would I find it specifically? I mean it's not a program I can find an uninstall, or at least not with my current ability. It only shows up in my history, as in my web browser history. Its' very very odd. It comes back with these three sites every two hours or so. This particular program seems to a harsh little bugger. If you type in google "a.doginhispen" the results are very strange indeed. (The name of that particular site freaked me out immediately cause, ya know, I don't want any dog in a pen lol. Odd coincedence.)



Any idea how to manually track a trojan and find the filename and path?
Beachbnny is offline  
#11 Old 02-28-2008, 08:14 PM
Veggie Regular
 
Beachbnny's Avatar
 
Join Date: Feb 2007
Posts: 3,875
Quote:
Originally Posted by Skylark View Post

*insert obligatory joke about Trojan condom help here*



Thank you Skylark
Beachbnny is offline  
#12 Old 02-28-2008, 08:18 PM
Newbie
 
GhostUser's Avatar
 
Join Date: Oct 2010
Posts: 0
GhostUser is offline  
#13 Old 02-28-2008, 08:22 PM
Veggie Regular
 
gillibean's Avatar
 
Join Date: Oct 2007
Posts: 1,794
Quote:
Originally Posted by Skylark View Post

*insert obligatory joke about Trojan condom help here*





I was so tempted to say something but I didn't want people to think I'm strange
gillibean is offline  
#14 Old 02-28-2008, 08:26 PM
Veggie Regular
 
Skylark's Avatar
 
Join Date: Nov 2001
Posts: 15,684
Quote:
Originally Posted by gillibean View Post

I was so tempted to say something but I didn't want people to think I'm strange



They already know I'm strange. *shrugs*

Q: How many poets does it take to change a light bulb? A: 1001...one to change the bulb, 1000 to say it's already been done.
Skylark is offline  
#15 Old 02-28-2008, 08:29 PM
Veggie Regular
 
Beachbnny's Avatar
 
Join Date: Feb 2007
Posts: 3,875
Quote:
Originally Posted by gillibean View Post

I was so tempted to say something but I didn't want people to think I'm strange



Quote:
Originally Posted by Skylark View Post

They already know I'm strange. *shrugs*



I look now and realize that my title choice was awful lol. I guess I just figured that if I was putting in the tech files it would make sense. It does look like I need help with condoms
Beachbnny is offline  
#16 Old 02-28-2008, 08:35 PM
Veggie Regular
 
Beachbnny's Avatar
 
Join Date: Feb 2007
Posts: 3,875
Quote:
Originally Posted by pkk View Post

This McAfee page might help: http://us.mcafee.com/virusInfo/defau...virus_k=143361



(It takes forever for links to open but I finally saw this )



I'm probably a total idiot but are those instructions? Or is that telling me that McAfee will fix it? Cause I have McAfee and it's not even showing up. I've run and updated my software too.



What's weird is I keep seeing that it's supposed to be terminating my processes and it's not. It did try and lower my security zone settings which is creepy but I fixed that earlier today. I guess I'll have to keep an eye on that until I get this fized.



Can I just add that I love you guys! I've put up posts on 3 other forums today (and the one MsGarbo suggested) and I've got no replies anywhere. But you all are so sweet and quick to offer help- thank you!
Beachbnny is offline  
#17 Old 02-28-2008, 08:42 PM
Veggie Regular
 
Skylark's Avatar
 
Join Date: Nov 2001
Posts: 15,684
Quote:
Originally Posted by Beachbnny View Post

I look now and realize that my title choice was awful lol. I guess I just figured that if I was putting in the tech files it would make sense. It does look like I need help with condoms



It's not awful! It's hilarious. I ordinarily wouldn't have seen it, but I was surfing by "New Posts" not by forums, and this thread kept surfacing.

Q: How many poets does it take to change a light bulb? A: 1001...one to change the bulb, 1000 to say it's already been done.
Skylark is offline  
#18 Old 02-28-2008, 09:15 PM
Bof
Banned
 
Join Date: May 2007
Posts: 3,965
There's info on removing this trojan at SpywareInfo. It's a bit dated though.
Bof is offline  
#19 Old 02-28-2008, 09:51 PM
Veggie Regular
 
Scythe's Avatar
 
Join Date: Oct 2005
Posts: 3,546
Both AVG-Free and Spybot S&D (which are already suggested here) have removed trojans from my pc in the past and have so far kept it clean since I got rid of some sad Symantec virus scanner years ago. I hear Avast antivirus is also pretty good, but I haven't tried it.



I imagine if you just install, update and run them one or the other should fix the problem.
Scythe is offline  
#20 Old 02-28-2008, 10:12 PM
Veggie Regular
 
Beachbnny's Avatar
 
Join Date: Feb 2007
Posts: 3,875
Quote:
Originally Posted by Bof View Post

There's info on removing this trojan at SpywareInfo. It's a bit dated though.



Thanks I'm off to bed and I'll give that a try in the morning. Though, it is pretty dated, it might help.



Quote:
Originally Posted by Scythe View Post

Both AVG-Free and Spybot S&D (which are already suggested here) have removed trojans from my pc in the past and have so far kept it clean since I got rid of some sad Symantec virus scanner years ago. I hear Avast antivirus is also pretty good, but I haven't tried it.



I imagine if you just install, update and run them one or the other should fix the problem.



I've gotten rid of trojans before too (though it's been years and never on this computer) but this isn't a normal little trojan. It's not like the "I love you" virus or anything I've seen before. I've just run my AdAware again and I've got nothing, which is common for what I keep reading about. From what I'm getting I have to use the FindAWF to get rid of this and I can't figure that one out.



In the morning, I'll run these two programs you suggest (provided I can get them off again) and I'll see what happens then. Thanks!
Beachbnny is offline  
#21 Old 02-28-2008, 10:18 PM
Veggie Regular
 
Brandon's Avatar
 
Join Date: Mar 2004
Posts: 18,833
Just one question, Beachbnny. Which version of Ad-Aware are you running?



The SE Personal edition is no longer being supported and they're not doing updates.



If you don't have it, you'll want to get the 2007 edition. HTH.
Brandon is offline  
#22 Old 02-29-2008, 12:56 PM
Veggie Regular
 
Beachbnny's Avatar
 
Join Date: Feb 2007
Posts: 3,875
My version of AdAware is whatever my Husband updated it to last. We ran an update last week and again recently while trying to fix this. Still no luck today either.



He has installed and run SpyHunter3... even paid for it. And that doesn't seem to have helped either. Though it did catch and clean up a lot of junk. This is pretty sucky lol.
Beachbnny is offline  
#23 Old 02-29-2008, 12:58 PM
Veggie Regular
 
Brandon's Avatar
 
Join Date: Mar 2004
Posts: 18,833
Well, it was a thought anyway.



Sorry it wasn't a more helpful one!
Brandon is offline  
#24 Old 02-29-2008, 03:11 PM
Veggie Regular
 
Beachbnny's Avatar
 
Join Date: Feb 2007
Posts: 3,875
Oh it's ok Brandon, Thank you I'm having a really really hard time with this. My Husband is excellent with this stuff and he's not been able to figure it out either.... *sighs* Something will work... eventually
Beachbnny is offline  
#25 Old 03-02-2008, 03:30 AM
Veggie Regular
 
karenlovessnow's Avatar
 
Join Date: Oct 2005
Location: Home Sweet Home
Posts: 12,079
Quote:
Originally Posted by Skylark View Post

*insert obligatory joke about Trojan condom help here*



Sorry to bring this up again, but I couldn't help thinking the same thing everytime I saw the thread title...carry on.
karenlovessnow is offline  
#26 Old 03-03-2008, 01:44 AM
Newbie
 
GhostUser's Avatar
 
Join Date: Oct 2010
Posts: 0
Skitodayplease is apparently a clone of diginhispen. heres the specific removal programs for both of those trojans for you to download and run:



Doginhispen scanner



Skitodayplease scanner



theres manual removal instructions included on these pages, but I wouldnt recommend doing that unless your husband really does know what hes doing. good luck







Quote:
Originally Posted by Beachbnny View Post

ps- Anyone know how you get this stuff? Our computer is on lock down, always, and all we visit is VB, e-mail, drudge, and three other very trusted sites. That's it so uh... how did this get here?



these particular ones are picked up on p2p filsharing sites like Bearshare, or on video codecs and gaming downloads. they couldve also come bundled with any freeware or shareware that you downloaded recently, or if your pc has been to porn or crack sites.
GhostUser is offline  
#27 Old 03-03-2008, 08:53 AM
Veggie Regular
 
Beachbnny's Avatar
 
Join Date: Feb 2007
Posts: 3,875
Quote:
Originally Posted by kali View Post

Skitodayplease is apparently a clone of diginhispen. heres the specific removal programs for both of those trojans for you to download and run:



Doginhispen scanner



Skitodayplease scanner



theres manual removal instructions included on these pages, but I wouldnt recommend doing that unless your husband really does know what hes doing. good luck











these particular ones are picked up on p2p filsharing sites like Bearshare, or on video codecs and gaming downloads. they couldve also come bundled with any freeware or shareware that you downloaded recently, or if your pc has been to porn or crack sites.



Oooo thank you Kali!!! I've been working on this for about an hour or two every day. The only thing we've recently put on our computer is itunes but there has been the rare occassion I've been bored and hit up addictinggames.com. There's definitely not been any porn or crack sites lol. (What the hey is a crack site anyway?! I don't really want to know...)



I'm gonna go try and run these two programs right now. I haven't been able to get anything else to work and I'm getting a little desperate. I'll update how it goes.



Thank you, thank you, thank you!!!!



Aww crud.... So we already bought spyhunter and it didn't work. But I never saw anything about specifically removing adoginhispen. I'll keep trying and see if my software has a removal
Beachbnny is offline  
#28 Old 03-03-2008, 10:51 AM
Newbie
 
GhostUser's Avatar
 
Join Date: Oct 2010
Posts: 0
Quote:
Originally Posted by Beachbnny View Post

Aww crud.... So we already bought spyhunter and it didn't work.



apparently theres a problem with the program, according to the website of the company that makes the program. theyve discovered a problem in the activation part of the program that causes the software to downgrade its infection database. they say it can be fixed by updating the program. this can be done by first uninstalling all the versions of spyhunter3 that youve downloaded and then re-downloading and re-installing the spyhunter program. instructions on how to do this here
GhostUser is offline  
#29 Old 03-03-2008, 10:53 AM
Veggie Regular
 
Beachbnny's Avatar
 
Join Date: Feb 2007
Posts: 3,875
Quote:
Originally Posted by kali View Post

apparently theres a problem with the program, according to the website of the company that makes the program. theyve discovered a problem in the activation part of the program that causes the software to downgrade its infection database. they say it can be fixed by updating the program. this can be done by first uninstalling all the versions of spyhunter3 that youve downloaded and then re-downloading and re-installing the spyhunter program. instructions on how to do this here



OMG- thank you for being so helpful! We just bought it on the 28th of last month so only a few days ago. I'll go ahead and uninstall and reinstall and see if that catches it.
Beachbnny is offline  
#30 Old 03-08-2008, 11:21 AM
Veggie Regular
 
bigdufstuff's Avatar
 
Join Date: May 2003
Posts: 2,472
Back up your data, then download a OS that isn't susceptible to trojans and virus such as Fedora. Install the new OS. Move your data back. And be glad you'll never deal with a virus or trojan again.
bigdufstuff is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the VeggieBoards forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in


Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off