Abebot problems

By Marioni
May 4, 2008
  1. Hello.
    I'm having problems with this trojan, and I cant seem to remove it...
    Can anyone help me please?
    I would greatly appreciate it
    Thank you.
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Highjackthis Instructions
    • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
    • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
    • After installing, the program launches automatically, select Scan now and save a log
    • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.
  3. Marioni

    Marioni TS Rookie Topic Starter

  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    I don't see the infection in this log, however I am not sure how well vista 64bit works with Hijackthis

    Let's see if this finds anything then can go from there:

    Malwarebytes' Anti-Malware

    • Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  5. Marioni

    Marioni TS Rookie Topic Starter

    Okay, I did the scan and this is what I got.

    I'm really desperate, I need to resolve this soon... but thank you again for helping :)

    Malwarebytes' Anti-Malware 1.11
    Database version: 712

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 266295
    Time elapsed: 3 hour(s), 23 minute(s), 42 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 7
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    C:\ProgramData\upagoxlw\vwxsfqbi.exe (Trojan.FakeAlert) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upagoxlw (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\ProgramData\upagoxlw\vwxsfqbi.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  6. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Delete this whole folder:


    Download and Run ATF Cleaner
    Download ATF Cleaner by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it.

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    Firefox or Opera:
    Click Firefox or Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Run Kaspersky Online AV Scanner

    Order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
    Attach the report into your next reply
  7. Marioni

    Marioni TS Rookie Topic Starter

    Well I did the first part, and it worked well.

    The second part didnt work for me, it wouldnt let me dowload the definitions, I downloaded the ActiveX and everything, I tri4ed it like 5 times and it still wouldnt let me... so is it alright if I just download the Kaspersky Antivirus and scan it with that?
  8. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Were you using Internet Explorer?

    If so try this one as an alternative

    Panda Online Scan
    • Please visit Panda Online Scanner
    • Click on "Scan your PC".
    • A new browser window will open with Panda ActiveScan.
    • Click the big "Check Now" button
    • Enter your Country, State/Province, e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    Note: If this is the first time you scanned your PC, you´ll have to download the ActiveX controls (8 MB). The time it takes to download these can vary depending on your connection
    • Click on "Local Disks" to start the scan
    • Save the log file to your desktop
  9. Marioni

    Marioni TS Rookie Topic Starter

  10. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Have you still been having any issues with it? Everything looks good from the logs, if no more issues then we can clear restore points and cleanup the programs that we used.
  11. Marioni

    Marioni TS Rookie Topic Starter

    Yeah, I've notice I havent had anymore problems with it anymore, so I guess I'm good now, sorry for all the trouble.

    Thank you so much for all your help Blind Dragon, I apreciate it :)

  12. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Cleanup using OTMoveit2 by OldTimer
    Now we can clear out the rest of the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally.

    Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop.

    1. Double click OTMoveIt2.exe to launch it.
    If using Vista Right-Click OTMoveIt and choose Run As Administrator
    2. Click on the CleanUp! button.
    3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
    4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

    * When finished exit out of OTMoveIt2


    Set correct settings for files
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
    • If unchecked please check Hide protected operating system files (Recommended)
    • If necessary check "Display content of system folders"
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK

    clear system restore points

    • This is a good time to clear your existing system restore points and establish a new clean restore point:
      • Go to Start > All Programs > Accessories > System Tools > System Restore
      • Select Create a restore point, and Ok it.
      • Next, go to Start > Run and type in cleanmgr
      • Select the More options tab
      • Choose the option to clean up system restore and OK it.
      This will remove all restore points except the new one you just created.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...