optionrefi.com

Home > General > A.doginhispen

A.doginhispen

Thereafter, please post fresh HJT and AVG Antispyware logs and the resultant ComboFix log and AWF log from the above instructions as attachments into this thread. Instead, open a new thread in our security and the web forum. Like Show 0 Likes(0) Actions Actions Remove from profile Feature on your profile More Like This Retrieving data ... © 2007-2017 Jive Software | Powered by Home | Top of page Ask a question and give support.

Please attach this new FindAWF log in your reply. Jan 8, 2008 #2 kingsbishop TS Rookie Topic Starter Posts: 24 Thanks Momok for your help! Press 2 then Enter. Regards, momok Jan 14, 2008 #12 kingsbishop TS Rookie Topic Starter Posts: 24 Hello Momok, Done, seems it works!

Next, close and click Yes to save the changes. Learn how to do that HERE. Please don't post your own virus/spyware problems in this thread. Ask a question and give support.

Installation When executed, Backdoor:Win32/Zonebac.gen!F initially checks for processes containing the following substrings, and quits if found: ad-watchalmonalsvcaluschedapvxdwinashdispashmaisvashservashwebsvavcenteravcimanavengineavesvcavgntavguardavpbdagentbdmconcaissdtcavridcavtrayccappccetvmcclawccproxyccsetmgrclamtrayclamwincounterdpasntfirewallnfsawfsguidllfsm32fspexguardxkickoffhsockisafekavkavpfkpf4guikpf4sslivesrvmcagemcdetmcshimctskmcupdmcupdmmcvsmcvssmpengmpfagmpfsermpftmsascuimscifmscomsfwmskagemsksrmsmpsmsmsgsmxtasknavapsvcnipnipsvcnjeevesnod32krnnod32kuinpfmsg2npfsvicenscsrvcenvcoasnvcschedoasclpavfnsvrPXAgentpxconsPXConsolesavadminssavserscfmanagerscfservicescftraysdhesndsrvcspbbcsvcspyswsunprotectsunservsunthreateswdoctsymlcsvctsantivba32ldrvir.exevrfwvrmovsmonvsservwebproxywebrootwinssnowmiprvxcommsvrzandazlclizlh   Backdoor:Win32/Zonebac.gen!F may replace executables that have an existing registry run key value (referenced Thanks a lot! Regards, momok =) This thread is for the use of kingsbishop only. Save it on your Desktop. 2.

Show 1 reply 1. Doginhispen is a recent malicious Trojan related to the recent skitodayplease parasite and IP address 88.80.7.66. All removal instructions have been internally tested by Spyware Techie technicians. http://www.bleepingcomputer.com/forums/t/130316/adoginhispen/ That was because you did not post your logs earlier and allow me to fix the root of the problem.

If a user is infected with a Trojan related to Doginhispen or 88.80.7.66 it may render a computer useless by embedding a virus into a system's registry. C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\CAPONN.EXE C:\WINDOWS\system32\dla\bak\tfswctrl.exe C:\WINDOWS\system32\bak\ctfmon.exe C:\Programmi\Toshiba\Windows Utilities\bak\Hotkey.exe C:\Programmi\Toshiba\Touch and Launch\bak\PadExe.exe C:\Programmi\Toshiba\TOSHIBA Zooming Utility\bak\SmoothView.exe C:\Programmi\Toshiba\TOSCDSPD\bak\toscdspd.exe C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe C:\Programmi\QuickTime\bak\qttask.exe C:\Programmi\Nero\Nero8\Nero BackItUp\bak\NBKeyScan.exe C:\Programmi\Lexmark X1100 Series\bak\lxbkbmgr.exe C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\bak\kav.exe C:\Programmi\iTunes\bak\iTunesHelper.exe C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe C:\Programmi\File comuni\Nero\Lib\bak\NeroCheck.exe C:\Programmi\ATI Restart your Windows.Using Portable SuperAntiSpyware: To thoroughly remove the virus, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\CAPONN.EXE C:\WINDOWS\system32\dla\bak\tfswctrl.exe C:\WINDOWS\system32\bak\ctfmon.exe C:\Programmi\Toshiba\Windows Utilities\bak\Hotkey.exe C:\Programmi\Toshiba\Touch and Launch\bak\PadExe.exe C:\Programmi\Toshiba\TOSHIBA Zooming Utility\bak\SmoothView.exe C:\Programmi\Toshiba\TOSCDSPD\bak\toscdspd.exe C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe C:\Programmi\QuickTime\bak\qttask.exe C:\Programmi\Nero\Nero8\Nero BackItUp\bak\NBKeyScan.exe C:\Programmi\Lexmark X1100 Series\bak\lxbkbmgr.exe C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\bak\kav.exe C:\Programmi\iTunes\bak\iTunesHelper.exe C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe C:\Programmi\File comuni\Nero\Lib\bak\NeroCheck.exe C:\Programmi\ATI

TechSpot is a registered trademark. Please update. 6. Regards, momok =) This thread is for the use of kingsbishop only. Jan 14, 2008 #10 kingsbishop TS Rookie Topic Starter Posts: 24 Hello Momok, nothing to do...same problem with new FindAWF too.

If I've saved you time & money, please make a donation so I can keep helping people just like you! Press 1 then Enter. Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe Can be deleted here.", but can not do it!

Already have an account? If you're not already familiar with forums, watch our Welcome Guide to get started. For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx. Please don't post your own virus/spyware problems in this thread.

What do I do? 0 user(s) are reading this topic 0 members, 0 guests, 0 anonymous users Reply to quoted postsClear BleepingComputer.com → Security → Am I infected? Javascript is disabled in your web browserFor full functionality of this site it is necessary to enable JavaScript. Feb 2, 2008 #2 (You must log in or sign up to reply here.) Show Ignored Content Topic Status: Not open for further replies.

Regards KsB Jan 17, 2008 #21 momok TS Rookie Posts: 2,265 Hi, Your logs look clean now.

Please attach this new FindAWF log in your reply, along with the requested logs from the above instructions. Please don't post your own virus/spyware problems in this thread. If a Security Alert shows, allow the program to run. Jan 17, 2008 #22 kingsbishop TS Rookie Topic Starter Posts: 24 Thanks a lot for your help and your patience Momok!

No, create an account now. Register now! Show Ignored Content As Seen On Welcome to Tech Support Guy! About a.doginhispen.com, can anyone help me to delete this problem?

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. If I've saved you time & money, please make a donation so I can keep helping people just like you! A.doginhispen Started by mk3g , Feb 06 2008 10:28 PM Please log in to reply 2 replies to this topic #1 mk3g mk3g Members 3 posts OFFLINE Local time:02:01 AM Agent.DXH appears to be a component of a malware that targets Italian computer users.

Thank you! Your system is close to clean. Jan 15, 2008 #16 kingsbishop TS Rookie Topic Starter Posts: 24 Hello Momok, seems I can not able to send you the requested files! Both parasites are back door Trojans that can hide out in your web browser history.

Please download and run CCleaner via step 9 of the instructions HERE. When the program returns to the main menu, use the following option: Press E then Enter to EXIT Delete the following folder: C:\QooBox\Quarantine\C\WINDOWS Thereafter, please post fresh HJT and AVG Antispyware Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. I went to the Microsoft site and ran the virus scan there...also without result.Thanks in advance.Edit: Moved topic to the more appropriate forum. ~ Animal Back to top BC AdBot (Login

Click here to join today! Doginhispen or 88.80.7.66 may display popups and flashing red X's on your background attempting to take over your system. TechSpot is a registered trademark. Regards, momok =) This thread is for the use of kingsbishop only.