TechSpot

Abebot removal: Can someone look at the log and help?

By midnightxstar
Apr 7, 2008
Topic Status:
Not open for further replies.
  1. Any help would be appreciated. This abebot virus has been slowing down my computer.
     
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    Please follow these in order


    OK. First of all only use internet explorer if you absolutely have to: Here are 2 more secure browsers to choose from
    1)Firefox -> http://www.mozilla.com/en-US/firefox/
    2)Opera -> http://www.opera.com/



    Update your Java Runtime Environment
    • First try going to Start -> Control Panel -> double click Java
    • Select the Update Tab at the top of the Java console
    • Click the Check for Updates button at the bottom
    • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
    • After it installs the newest version Go back to Control Panel -> Add/remove programs
    • Uninstall any older versions of Java

    If for some reason you couldn't update through the above instructions.
    • Click the following link
      Java Runtime Environment 6 Update 5
    • The 4th option down is the one you want (click Download)
    • Check the box to agree to terms of service
    • Check the box for your operating system and click 'Download selected'at the bottom
    • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
    • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder




    Malwarebytes' Anti-Malware
    • Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt




    Download\install 'SuperAntiSpyware Home Edition Free Version' from HERE
    • Launch SuperAntiSpyware and click on 'Check for updates'.
    • Once the updates have been installed,exit SuperAntiSpyware.

    Scan with SuperAntiSpyware
    • Start SuperAntiSpyware.
    • On the main screen click on 'Scan your computer'.
    • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
    • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
    • Make sure everything found has a checkmark next to it,then press 'Next'.
    • Click on 'Finish' when you've done.

      It's possible that the program will ask you to reboot in order to delete some files.

      Obtain the SuperAntiSpyware log as follows:
      Click on 'Preferences'.
      Click on the 'Statistics/Logs' tab.
      Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
      It will then open in your default text editor,such as Notepad.
      Attach the notepad file here on your next reply




    Combofix
    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • Type "1" (and Enter) to start the fix.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt


    Next reply should include:
    1)MBAM log
    2)SAS log
    3)Combofix log
    4)Hijackthis log ran after everything else.
     
  3. midnightxstar

    midnightxstar TS Rookie Topic Starter

    java error

    i tried downloading java from both internet explorer and mozilla, but neither of them work. When gets to 'copying new files', an error sign just pops up. can you help?
     
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    Does the error say anything specific?
     
  5. midnightxstar

    midnightxstar TS Rookie Topic Starter

    java error

    It says "Error 1606. Could not access network location
    h ttp://javadll.sun.com/webapps/download/GetFile/1.6.0_05-b13/windowsi586/jo160000.cab.
     
  6. midnightxstar

    midnightxstar TS Rookie Topic Starter

    java error

    It says "Error 1606. Could not access network location
    h ttp://javadll.sun.com/webapps/download/GetFile/1.6.0_05-b13/windowsi586/jo160000.cab.
     
  7. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    Try this

    1)Go to Start, Run, type regedit, click ok

    2)Navigate to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurentVersion \ Explorer \ User Shell Folders

    3)look in the right pane for Recent -> right click it and select delete

    4) restart computer and try again
     
  8. midnightxstar

    midnightxstar TS Rookie Topic Starter

    it still doesn't work.
     
  9. midnightxstar

    midnightxstar TS Rookie Topic Starter

    i have also been getting this popup

    Microsoft Visual C++ Runtime Library

    Buffer overrun detected!
    Program: C:\WINDOWS\explorer.exe
    A buffer overrun has been detected which has corrupted the program's internal state. The program cannot safely continue...
     
  10. midnightxstar

    midnightxstar TS Rookie Topic Starter

    Yay! Java's working!
     
  11. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    Ok, continue on with the instructions. However, for future reference what got it working again.
     
     
  12. midnightxstar

    midnightxstar TS Rookie Topic Starter

    sorry... i'm trying to upload my mbam log but when i get to my user... i can't find the application data folder...

    oh and to answer your question... i went i tried using the offline version of java.
     
  13. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    Open windows explorer (double click my computer or hold windows key on keyboard and press E)

    Tool -> folder options-> view tab:

    Check "Show hidden files and folders"
    Uncheck "Hide protected operating system files"

    Then come back here and try to attach the log
     
  14. midnightxstar

    midnightxstar TS Rookie Topic Starter

    I know this is a dumb question, but where is Preferences?
     
  15. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    A lot of programs have Preferences in them, what are you trying to do?
     
  16. midnightxstar

    midnightxstar TS Rookie Topic Starter

    i'm trying to upload the sas log
     
  17. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    Once you open the log save it to your desktop so it will be easy to find

    [​IMG]


    After the above you will see this screen click on the Statistics/Logs tab then double click the log to open

    [​IMG]
     
  18. midnightxstar

    midnightxstar TS Rookie Topic Starter

    here you go...
     
  19. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    This should get most of it, the rest should be able to be cleared up through Hijackthis.

    CFScript

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
     
  20. midnightxstar

    midnightxstar TS Rookie Topic Starter

    Thanks! Is the virus completely gone now.
     
  21. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    Not yet, I missed one

    CFScript

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again.

    Afterwards close combofix
    ---------------------------------------------------------------------------------------------------------

    Remove bad HijackThis entries
    • Run HijackThis
    • Click on the System Scan Only button
    • Put a check beside all of the items listed below (if present):

      O20 - Winlogon Notify: urqRHyaY - urqRHyaY.dll (file missing)
    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.

    -----------------------------------------------------------------------------------------------------

    Time to double check
    Run Kaspersky Online AV Scanner

    Order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
    Attach the report into your next reply
     
  22. midnightxstar

    midnightxstar TS Rookie Topic Starter

    it says my file is 6 times larger than the, so i can't upload it.
     
  23. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    Click on my name and select send an email to Blind Dragon. then attach the file there. please put your forum name and kaspersky log as the subject
     
  24. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    Uninstall Combofix
    * Click START then RUN
    * Now type Combofix /u in the runbox
    * Make sure there's a space between Combofix and /u
    * Then hit Enter.

    * The above procedure will:
    * Delete the following:
    * ComboFix and its associated files and folders.
    * Reset the clock settings.
    * Hide file extensions, if required.
    * Hide System/Hidden files, if required.
    * Set a new, clean Restore Point.

    -----------------------------------------------------------------------
    Cleanup using OTMoveit2 by OldTimer
    Now we can clear out the rest of the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally.

    Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop.

    1. Double click OTMoveIt2.exe to launch it.
    If using Vista Right-Click OTMoveIt and choose Run As Administrator
    2. Click on the CleanUp! button.
    3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
    4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

    * When finished exit out of OTMoveIt2

    ---------------------------------------------------------------------------
    I recommend you keep
    1 anti virus program
    1 firewall
    Combo of Anti-Spyware (Spybot S&D and MBAM, or your choice)

    For Spybot you can download the latest version from HERE.

    keep them updated.

    You can also turn on tea timer in Spybot:
    • Click on Mode at the top and make sure that Advanced is checked
    • Expand the Tools tab in the left pane
    • Single click on the Resident Icon also in the left pane
    • check Resident "TeaTimer" (Protection of over-all system settings) Active
    • Close spybot

    Also under Tools you can double-click System Startup in the right pane and disable programs from running at startup. This will free up system resources. For example if you don't use MSN Messenger everytime you run your computer you can disable it, then when you want to use it you can launch it through Start -> all programs, or make a shortcut on the desktop for it. That way it doesn't use resources when you aren't using it. Don't disable any entries in green though.

    And just to be sure
    Set correct settings for files
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
    • If unchecked please check Hide protected operating system files (Recommended)
    • If necessary check "Display content of system folders"
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK

    clear system restore points

    • This is a good time to clear your existing system restore points and establish a new clean restore point:
      • Go to Start > All Programs > Accessories > System Tools > System Restore
      • Select Create a restore point, and Ok it.
      • Next, go to Start > Run and type in cleanmgr
      • Select the More options tab
      • Choose the option to clean up system restore and OK it.
      This will remove all restore points except the new one you just created.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.