Do I have a virus?

A few days ago I started noticing in my IE7 history tab the following two entries:
a.doginhispen/com
b.skitodayplease/com

When I clear out the history tab, they keep reappearing. Around this same time, IE explorer started to intermittently shutdown. I can log back on right away when it does this...but I'm starting to get a bad feeling about what's going on. I'm careful about where I surf, although a few day ago my wife went to a game website to print out some information. Hmmm.

I've got Nod32 v3.0.612.0 on my system (Windows XP Pro SP2). My most recent scan of my hard drive was this morning. Nothing was detected. The settings are per Blackspeare's recent tutorial.

I've never had a computer virus before...and have no clue what to do if that's what it is. Please help.

 

That sounds like spyware not a virus. use SuperAntiSpyware and Spybot and see if finds anything. You can also Google those files and see what they are.

 

http://www.techspot.com/vb/all/windows/t-89041-Help-The-Dog-Got-Me-TOO.html

 

i think it must be some kind of spyware
use free SUPERAntiSpyware and sca your os
h**p://downloads2.superantispyware.com/downloads/SUPERAntiSpyware.exe

 

Doodler skitodayplease Is typically loaded on users pc Via video codecs,fake Gaming downloads and popular p2p sites take a look at spywarenotice.com

 

@Doodler
Your wife posted at MajorGeeks' Malware Removal Forum. While waiting for help, read and follow their malware removal guide and see if that removes the infection.

thanatos

 

Also use FIREFOX and not Internet Explorer.

 

First...many, many thanks to all for your input so far. Please be patient with me. I'll probably be asking lots of questions. I'm pretty much a newbie with computers and this is my first (hopefully last) experience with malware.

Right now, the four most predominant questions I have are:

Question 1: I'm reading conflicting information regarding how to proceed. Different web sites are being suggested as well as downloading different antispy programs. Is there a "best" approach to fixing this problem with a.doginhispen.com and b.skitodayplease? djohn suggested spywarenotice.com and that web site indicates they have download removal tools for both those trojans, or viruses, or whatever they are. Do you think using those removal tools is a good approach?

Question 2: I do online financial transactions. Do I need to be worried about that information being compromised as a result of a.doginhispen.com and bskitodayplease.com? I assume the financial sites I go to have robust security measures to protect their customers, but if I have spyware on my system, what sort of trouble am I in?

Question 3: I back up my system each week to an external drive. Should I assume my external is infected? Steps I should take about it?

Question 4: Any ideas why EsetNod32 didn't catch this malware before I got clobbered by them?

Again, please be patient and many thanks for your help!

 

This particular malware and it's off springs does take some proper diagnosis from those that specialize in matters such as this. We suggest you visit one of the below sites contained in the below quote which is from this Announcement thread.

In regards to the above comment concerning your "wife also posting @ MajorGeeks' Malware Removal Forum", when you both decide which of the above mentioned sites you choose to ask for assistance or which ever site you choose, Please understand many of the volunteers assist on numerous forums. Having said that, We do advise that once you have started with one, Please help them by not posting @ other sites also. Having the problem fixed is paramount but one does the volunteers no favors by posting on various forums.

Bubba

 

You can ask professional help from techspot or MajorGeeks. However, your wife already posted at MajorGeeks so I suggest you continue there. The remover SpywareNotice wants you to download is the installer of Spyware Doctor.

a.doginhispen.com is a trojan downloader detected by Mcafee as Downloader-BEW. This nasty might be the one terminating your NOD32 (v3.0.566). b.skitodayplease.com according to SpywareNotice is a new variant of a.doginhispen.com. At the moment we don't know if either of these two downloaded a logger to spy you. Experts at MajorGeeks can help you determine that and guide you on what steps to follow.

Probably. So after your PC has been cleaned, before opening it, scan it first.

No scanner detects 100% of threats. If you happen to get samples of both, email them to ESET (samples@eset.com) for analysis. Put the samples in a password-protected zip and be sure to include the password in the email body.

thanatos

 

Bubba,
I understand and appreciate your instructions about the proper protocol to follow. I didn't know my wife had posted on MajorGeeks last night when she did (actually, since my infected machine is still working, I was posting my thread on Eset not knowing she was simultaneously doing likewise at MajorGeek on her Mac). Based on feedback I get to one last question (see below), I'll be deciding how to proceed.


Thanatos_Theos,
Thanks very much for your comments on each of my questions. I appreciate the direction they provide.

It sounds like I have a major problem. I never thought this would happen to me and right now it feels daunting.

I don't want to wear out my welcome in this thread. If I may, I'd like to ask one more follow-up: On a whim, I called IBM today (mfg of my pc that's still under warranty). They said I should use the IBM Rescue and Recovery feature on my machine. They said doing so cleans the guts and reinstalls the preloaded programs and that it should wipe out a.doginhispen and b.skitodayplease. Do you agree with that or is MajorGeeks (or some other qualified site) the way to go?

 

You will just wipe out anything that you installed on your pc that wasn't preinstalled. Basically they are telling you to reinstall Windows.

 

@Doodler
Either Way you really Need to Clean your system.A New Install of your windows will reformat a clean system, but Keep In mind any programs you have added need to be reinstalled If wanted along with your drivers.If you Do Have Tech support and decide to install a fresh copy of windows, I would suggest you have tech support walk you through a reformat If your Not confident on your own.Best of luck to you. djohn

 

Good advice, djohn. And thanks for the well-wishes.

 

your welcome

 

Do what IBM Support advised. IBM's Rescue and Recovery feature will reinstall Windows with the needed IBM drivers and programs and preinstalled software (OEM). Before using Rescue and Recovery be sure to backup important files and notify your MajorGeeks helper (TimW) that you don't need help anymore.

PS: Your wife already posted the needed logs. Please coordinate with her and tell her your decision.

thanatos