TechSpot

Abebot, PC-Antispyware, PCCleaner

By dlk10782
Apr 1, 2008
  1. I am having the same problem as I see many others are having with the PC-Antispyware, Abebot and PCCleaner. Except I only know the basics on how to use a computer so I am confused on how to get rid of it. Could someone please help me? I have no idea where to begin. I did a vrus scan using AVG but the pop ups are still going like crazy. Thank you!
     
  2. kritius

    kritius TS Guru Posts: 2,084

    The first thing that I need you to do for me is to download and install HijackThis for me,

    Highjackthis Instructions
    • Make sure you have the LATEST version of HJT (currently v2.0.2) it can be downloaded from HERE
    • Run the HijackThis Installer and it will automatically place HJT in its own folder, usually C:\Program Files\Trend Micro\HijackThis. Please don't change the directory as it is necessary to create backups.
    • After installing, the program launches automatically, select Scan now and save a log
    • After the scan is complete attach the log into your reply.
    Do not attempt to fix any item yet.
    Do not add anything to the ignore list.
    Don't use the AnalyseThis button, its findings are dangerous if misinterpreted.

    Hijackthis will give me an idea as to what nasty things there are lurking about in your system and will help the both of us get rid of them.

    If you have any problems or questions then please post back.

    Download and Run Malwarebytes' Anti-Malware
    Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach the log into your next reply.
    • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally attach the contents of the Report.txt back on the forum with a new HijackThis log

    That should start you off.
     
  3. dlk10782

    dlk10782 TS Rookie Topic Starter

    Okay! I think I got this so far, here is my hijack this report and the Malware report. I tried the SDFix, it extracts and then just goes away, something pops up saying it wasn't installed correctly.... I have no idea. Well I thought I could attach my hijack report and malware report but now I can't find it in my documents. This is frustrating please help me.... lol.
     
  4. kritius

    kritius TS Guru Posts: 2,084

    Are you running xp or vista?
     
  5. dlk10782

    dlk10782 TS Rookie Topic Starter

    Okay I found them. So here is the reports so far. I still need help with the SDFix. Thank you!
     
  6. dlk10782

    dlk10782 TS Rookie Topic Starter

    I have vista.
     
  7. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    SDFix is not yet compatible with Vista

    Go ahead and run
    Combofix
    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • Type "1" (and Enter) to start the fix.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt

    Scan with Hijackthis after combofix is done and attach both logs please
     
  8. dlk10782

    dlk10782 TS Rookie Topic Starter

    I did the combifix and here is the log for it. I tried to hijackthis but when i click on it, it says it's already running.
     
  9. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    your running combofix from your temp files, this wont work though it removed some of the infection already
    C:\Users\Donna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6EFRJGWP\ComboFix[1].exe

    please navigate there and move it to the desktop
     
  10. dlk10782

    dlk10782 TS Rookie Topic Starter

    I went to look for it to move it to my desktop and I can't find it anywhere. I went to Users/Donna but I can't find the application data. Is there another way I can find it? I have to go pick my child up from school and should be back around in a hour or 2. Thank you for all your help so far.
     
  11. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Go to start -> run -> type combofix /u -> click ok

    After combofix has uninstalled redo the above instructions, letting it installed to the correct directory
     
  12. dlk10782

    dlk10782 TS Rookie Topic Starter

    I went to search and put in COMBOFIX and nothing came up. I searched under COM and nothing either.
     
  13. kritius

    kritius TS Guru Posts: 2,084

    Do this, it will unistall it for you.

    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK
    • [​IMG]
    • When shown the disclaimer, Select "2"
     
  14. dlk10782

    dlk10782 TS Rookie Topic Starter

    Aww your awesome! I got it uninstalled so I am going to redo it now. I will check back with the report. Thanks :)!
     
  15. dlk10782

    dlk10782 TS Rookie Topic Starter

    Ok I was able to save combofix to my desktop and here is the log. I also ran Hijackthis but it said " For some reason your system denied write access to the Hosts file." I after I hit ok it opened a log in notepad. I am not sure if it scanned my system or not but I attached the log.
     
  16. dlk10782

    dlk10782 TS Rookie Topic Starter

    Ok so it wouldn't let me attach the hijackthis log because it says I already have, so I am guessing it did not scan my system again.
     
  17. dlk10782

    dlk10782 TS Rookie Topic Starter

    Ok here is the new log.
     
  18. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Update your Java Runtime Environment
    • First try going to Start -> Control Panel -> double click Java
    • Select the Update Tab at the top of the Java console
    • Click the Check for Updates button at the bottom
    • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
    • After it installs the newest version Go back to Control Panel -> Add/remove programs
    • Uninstall any older versions of Java

    If for some reason you couldn't update through the above instructions.
    • Click the following link
      Java Runtime Environment 6 Update 5
    • The 4th option down is the one you want (click Download)
    • Check the box to agree to terms of service
    • Check the box for your operating system and click 'Download selected'at the bottom
    • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
    • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder
    ----------------------------------------------------------------------------
    CFScript
    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
     
  19. dlk10782

    dlk10782 TS Rookie Topic Starter

    Here are the new logs.
     
  20. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Your Java doesnt appear to have been updated. This is how these vundo type infections usually get in. The exploit older versions of Java. Please update Java using the above instructions.

    I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect.

    Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
    I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components :
    1. Click Start, point to Settings, and then click Control Panel.
    2. In Control Panel, double-click Add or Remove Programs.
    3. In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.

      How to prevent it from being recreated every time you run the AOL software:
      • Open AOL
      • Go to Help on the toolbar
      • Select About AOL
      • Hit Ctrl D and a secret panel can be accessed which will allow you to disable all desktop and IM features associated with Viewpoint.


    Download and Run ATF Cleaner
    Download ATF Cleaner by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it.

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    Firefox or Opera:
    Click Firefox or Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    :Run Kaspersky Online AV Scanner:

    Order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
    Attach the report into your next reply
     
  21. dlk10782

    dlk10782 TS Rookie Topic Starter

    I ran the kaspersky but when i went to attach it to this reply it said it is not available. Do I need to run it again?
     
  22. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    By default it is saved onto your desktop, do you see an icon for it?
     
  23. dlk10782

    dlk10782 TS Rookie Topic Starter

    I dont see it on my desktop, I went to save it and it said it was saved to my temporary internet files but when I search for it, I can't find it.
     
  24. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Unless it didn't find any infections, run again. If it had found something, I need to see where the infections are.
     
  25. dlk10782

    dlk10782 TS Rookie Topic Starter

    It found 2 infections. I can't upload it, it is saying invalid file or file failed.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...