Abebot popups

[eafshar]

i have the same problem as described by toolegion, topic102347 in another thread.

1)
" Security System Protection Control Panel " TrojanDownloader.XS.

It is a White and Blue window that says 'Security system Waring"

2)
A red box mentioning something to the extent of:

Alert Details
File: C:\WINDOWS\wml.exe

Threat:Abebot

3)

System Integrity Scan Wizard
Warning: Your computer may have critical errors in Windows registry and file system!

and 4)

Yellow Triangle with exclamation mark in the bottom right corner where the clock is located. Its constantly prompting me there is spyware infecting my system and is directing me to a website to download some spyware remover.




i attempted the first set of steps that was on the link above. VundoFix.exe found a file but was not able to remove it and after restarting there was no popup for me to click on to fix the problem. so running it again resulted on a another restart. i have included VirtumundoBeGone, and SmitfraudFix.

i have been living with the popups for 2 weeks now but hadn't had the time to try to get rid of them.

I'd appreciate any help.

i have also attached my hijackthis log. I'm going to try to get vundo fix to remove the file and will update if i was successful.

 

[kritius]

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please attach the log into your next reply.
• If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Download and Run ComboFix

• Download this file from either of the two below listed places :
  
  HERE or HERE
  
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Attach that log in your next reply

WARNING: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

[eafshar]

here are the log files.

ran mbam twice. the one with -2 is what i got running a full scan a 2nd time.

tha popups used to happen every 10-20m. that have stopped now. havnt had one for the past 2 hours.

 

[eafshar]

i was reading some of the other threads and seems like u guys emphasize having a good firewall. i have Norton 360 running in addition to windows firewall. if i knew how crappy Norton is overall i would have gone with something else. is the Norton firewall good enough?

i run spybot s&D, Norton 360, + w/e comes with vista. do u have any recommendation on any other program to use? my system can probably handle more if its necessary.

+ thanks ALOT for your help the pop ups have gone away.

i have attached a new hijackthis log

 

[kritius]

Ill have to look over the logs later but ill get back to you.

 

[eafshar]

just making my fifth post

 

[kritius]

What about your fifth post?

Next please follow these instructions. Your version of Hijackthis is out of date AND installed in the wrong folder

First please go to Start -> Control Panel -> Add/remove programs and uninstall Hijackthis.

Highjackthis Instructions

• Make sure you have the LATEST version of HJT (currently v2.0.2) it can be downloaded from HERE
• Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
• After installing, the program launches automatically, close it.

Rename HijackThis.exe to eafshar.exe by doing the following;

• Navigate here using Windows Explorer (windows button + E) or My Computer -> Local Disk C: -> C:\Program Files\Trend Micro\HijackThis
• Right-click on the HijackThis.exe
• Choose from the pull-down menu; "Rename"
• And now Rename HijackThis.exe to eafshar.exe

Disable Teatimer
Please disable Teatimer as it may interfere with the fix.
First:

• Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
• Choose Exit Spybot S&D Resident

Second:

• Open Spybot S&D
• Click Mode, check Advanced Mode
• Go To Left Panel, Click Tools, then also in left panel, click Resident
• If your firewall raises a question, say OK
• Uncheck the box labeled Resident Tea-Timer and OK any prompts.
• Use File, Exit to terminate Spybot
• Reboot your machine for the changes to take effect.

Once your log is clean you can re-enable those settings in TeaTimer.


COMBOFIX-Script

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  

  Folder::
  C:\ProgramData\tanyzobq
  C:\ProgramData\igwzimxh
  C:\ProgramData\dghzkxdl
  C:\ProgramData\nuyyakzu
  C:\ProgramData\jfdgbkuk

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Finally run the newly renamed and up to date HijackThis from its proper location and post the log back here with the ComboFix log.

 

[eafshar]

im doing my univ exam right now.. so i'll try to get them done asap