Quote -Hi guys yep the awf has backed up the files it replaced and saved them (how nice) into their own backup directories so it is simply a matter of removing the baddies and placing the originals back where they belong.įrom what I can see this is not what FindAWF does: it seems to find bakups only and it is up to the user to confirm that the agent.AWF has replaced the original file by looking at the date of creation: I fail to see how either agent.AWF or FindAWF could have created a backup in 2005. Welcome here, Matty, follow the instructions Essexboy gives you. Seems that Matty survived this bootcamp thread, learned quite a lot during the experience, and will soon be out here to help us and others fight malware. AVG found 1 threat a trojan A0146867.exe located C:\System Volume Information\_restore\RP208\A0146867.exe Ok I did those steps essexboy and I attached the logs. Post that log and a HiJackthis log in your next reply When finished, it shall produce a log for you.
Move /y "C:\Program Files\Yahoo!\bak\Messenger\ypager.exe" "C:\Program Files\Yahoo!\Messenger\ypager.exe"ĭownload ComboFix from Here or Here to your Desktop.ĭouble click combofix.exe and follow the prompts. Move /y "C:\Program Files\Norton AntiVirus\bak\navapw32.exe" "C:\Program Files\Norton AntiVirus\navapw32.exe" Move /y "C:\Program Files\iTunes\bak\iTunesHelper.exe" "C:\Program files\iTunes\iTunesHelper.exe" Move /y "C:\Program Files\\bakAIM\aim.exe" "C:\Program Files\AIM\aim.exe" Then run fix1.bat by double clicking you may see a black box appear briefly Then you will need to create another batch fix to do that copy and paste ALL of the below in the quote box to a notepad file. Then run fix.bat by double clicking you may see a black box appear brieflyĪttrib -s -r -h "C:\Program Files\AIM\aim.exe"Īttrib -s -r -h "C:\Program Files\iTunes\iTunesHelper.exe"ĭel /q "C:\Program Files\iTunes\iTunesHelper.exe"Īttrib -s -r -h "C:\Program Files\Norton AntiVirus\navapw32.exe"ĭel /q "C:\Program Files\Norton AntiVirus\navapw32.exe"Īttrib -s -r -h "C:\Program Files\Yahoo!\Messenger\ypager.exe"ĭel /q "C:\Program Files\Yahoo!\Messenger\ypager.exe" This will create a batch file which is a small blue box with a yellow cog in it
Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES Next you will need to create the batch fix to do that copy and paste ALL of the below in the quote box to a notepad file. These will delete and then replace the bad files, the ones I haven't touched are unimportant Here you go matty your own personal batch files. AxFreePorn Disconnects me Other > Viruses and worms