Abebot removal

By kgrant66
Apr 7, 2008
  1. I found some great threads on here and ran through the Malware, Windows Updates, AVG, AVG Spyware, Ad-Aware, CCLeaner, etc, etc. (15 Steps) that were posted and those all worked great! Unfortunately I have business info on here and bank online.

    I have attached the three necessary logs below (AntiSpyware, Combofix & Hijackthis) and just don't want to delete anything that the Hijackthis (Crusty) found yet, because I don't know what I can delete. Can someone help?

  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Update your Java Runtime Environment
    • First try going to Start -> Control Panel -> double click Java
    • Select the Update Tab at the top of the Java console
    • Click the Check for Updates button at the bottom
    • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
    • After it installs the newest version Go back to Control Panel -> Add/remove programs
    • Uninstall any older versions of Java

    If for some reason you couldn't update through the above instructions.
    • Click the following link
      Java Runtime Environment 6 Update 5
    • The 4th option down is the one you want (click Download)
    • Check the box to agree to terms of service
    • Check the box for your operating system and click 'Download selected'at the bottom
    • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
    • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder

    Disable Teatimer
    • Right click the Spybot -SD Resident Icon located in your system tray, Select Exit Spybot - S&D Resident
    • Open Spybot S&D
    • Click on Mode at the top and make sure that Advanced is checked
    • Expand the Tools tab in the left pane
    • Single click on the Resident Icon also in the left pane
    • Uncheck Resident "TeaTimer" (Protection of over-all system settings) Active
    • Close spybot

    Not sure on what you have installed as i see AVG 7.5 free and a lot of symantec products, it is recommended to only have 1 active anti-virus. Also do you have a firewall through Norton? We need to get you down to 1 anti-virus program and 1 firewall.

    Malwarebytes' Anti-Malware

    • Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    After all of that please run a fresh Hijackthis log for me
  3. kgrant66

    kgrant66 TS Rookie Topic Starter Posts: 36

    I realy appreciate your time! I am downloading the new Java now ( says 2 hours 8 mins) and will follow your other directions after that. I do have Norton on the computer. I guess I over did it on the protection. I've got the Malware too and will double check the Teatimer. Looks like I will get back to you later. Thanks a million!
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    K, Teatimer is fine, we just need it disabled while we fix this infection, afterwards I will give intructions to turn back on. Don't remove anything yet. Except Norton OR AVG Free (not antispyware)

    Rule of thumb you can have 1 anti-virus, 1 firewall, and a combonation of Anti-spyware
  5. kgrant66

    kgrant66 TS Rookie Topic Starter Posts: 36

    Norton has a firewall for the web (active). I will uninstall Norton.
  6. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    If you would like to keep Norton that is your choice. For a long term solution I would look at switching to AVG or Avast with either Comodo or Zone Alarm as a firewall.

    This is a free solution that works very well. If you have paid for Norton I know it can be hard to get rid of, if that is the case then I suggest switching when it is expired. If norton is already expired I will give complete removal instructions for that, and set you up with links to plenty of free software.
  7. kgrant66

    kgrant66 TS Rookie Topic Starter Posts: 36

    I had 87 days left on the Norton. I can part with something that didnt seem to help me. On uninstalling it asks if I want to turn on the WIndows Firewall, should I? I am not savvy in this stuff, so is the AVG doing the firewalling? I think I am going to need instructions. I feel so dahh, and I am a software programmer.
  8. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Here are my saved speeches with links

    You aren't running Firewall Software. Please download and install one of these first!

    Use a Firewall - It is very important that you use a Firewall on your computer. If you use the Windows Firewall you might think that's enough but it only controls inbound traffic. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some firewalls which are free for personal use and most commonly used:

    Vista Compatible:

    If you decide to ditch norton run this to uninstall it

    the free AVG or Avast antivirus programs
  9. kgrant66

    kgrant66 TS Rookie Topic Starter Posts: 36

    For Comodo, how do I know whether my Vista is 32 or 64 bit?
  10. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    You have 32bit Windows Vista Home Basic ;)
  11. kgrant66

    kgrant66 TS Rookie Topic Starter Posts: 36

    Norton has been deleted. Comodo is installed and running a scan. Found Malware ntagent.web, Rpcnet.exe and SmitfraudFix\Reboot.exe. in the C:\WIndows\System32\ directory so far.

    The Java is still downloading (4 hours to go).UG. Why so slow? On my other home computer I have Java 6 Update 5 and there are other updates (6 updt 2, 6 updt 3, etc. and J2SE Runtime Environment 5.0 version 1, 9 and 10 - are these old Java exe too or just a compatible app that gets loaded?
  12. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Everything you mention except java 6 update 5 is an old version and can be removed through add/remove programs

    Java should NOT take that long to update, what browser did you use? Or did you do it through the Java Icon?

    Older Java versions are easily exploited by the a-holes that write this junk. So always make sure you have the most current version. You can always come to techspot and ask what is the most current version if you are ever unsure. It is common knowledge on this section of the forum.

    After everything is set proceed to disable tea timer and scan with MBAM, if it finds a lot of infections, run another full scan. Attach the logs back here afterwards, then we can proceed with combofix. There is just know point removing it, if you are not protected. It will come right back as I have seen many times. So we secure your system a bit first, then we will remove it.
  13. kgrant66

    kgrant66 TS Rookie Topic Starter Posts: 36

    I clicked on the Java link you posted above (used IE browser), chose 4th option down,etc. and it takes me to a download list, I chose Windows (1st one) and clicked link to download a 15.1 MB file (should take seconds) and it is very slow. I will try again real quick, but I had issues with that Java site from my other computer too, so it wasn't just this one. If there is another way to pull it I am game. Tea timer is diabled. Should I turn it back on until I am ready to run MBAM?
  14. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    No leave it off for now. Make sure that when Comodo pops up telling you Java wants to do something that you select "remember this decision" and allow it

    Also please don't use internet explorer unless absolutely necessary.

    Here are 2, more secure, browsers to choose from (pick one)
    1)Firefox ->
    2)Opera ->
  15. kgrant66

    kgrant66 TS Rookie Topic Starter Posts: 36

    This time it took 27 secs. Wahoo! Trucking now. Will be running MBAM soon.
  16. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Good News! Attach the log along with a fresh Hijackthis log and I will give further instructions from there
  17. kgrant66

    kgrant66 TS Rookie Topic Starter Posts: 36

    When I dowloaded Comodo I denied one too many popup securities and locked myself out of the net. I am now using Firefox as web browser and ZoneAlarm as Firewall (working very well) thanks!
    Here is my mbam log (didn't know where to attach, so copy/pasted). I have been in C# class all day, so forgive me for not posting.

    MBAM log-
    Malwarebytes' Anti-Malware 1.11
    Database version: 603

    Scan type: Full Scan (C:\|D:\|E:\|)
    Objects scanned: 122215
    Time elapsed: 32 minute(s), 23 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
  18. kgrant66

    kgrant66 TS Rookie Topic Starter Posts: 36

    Hijackthis log -
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:11:19 PM, on 4/5/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal
    The log is on my computer.
  19. kgrant66

    kgrant66 TS Rookie Topic Starter Posts: 36

    The rest of Hijackthi log that wouldn't fit in other post box above-
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    .... See more in the log in my computer.
  20. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Few things.

    1)Java is still not current version. I see Java 6 update 0, current version is Java 6 update 5.

    2) Abebot entry is gone, but there are still some little things that need removed. Let's try one more scan then we will remove manually.

    Download\install 'SuperAntiSpyware Home Edition Free Version' from HERE
    • Launch SuperAntiSpyware and click on 'Check for updates'.
    • Once the updates have been installed,exit SuperAntiSpyware.

    Scan with SuperAntiSpyware
    • Start SuperAntiSpyware.
    • On the main screen click on 'Scan your computer'.
    • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
    • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
    • Make sure everything found has a checkmark next to it,then press 'Next'.
    • Click on 'Finish' when you've done.

      It's possible that the program will ask you to reboot in order to delete some files.

      Obtain the SuperAntiSpyware log as follows:
      Click on 'Preferences'.
      Click on the 'Statistics/Logs' tab.
      Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
      It will then open in your default text editor,such as Notepad.
      Attach the notepad file here on your next reply
  21. kgrant66

    kgrant66 TS Rookie Topic Starter Posts: 36

    SuperSpyware log added

    I double checked the Java and it's Java 6 update 5. I downloaded, installed and ran the suggested SuperSpyware program and the log is attached. Can't wait to hear what comes next.

  22. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Looking good, it only found some cookies. After ATF, we will double check with Kaspersky, but I think it is time to clean up and secure what we have done. So after I see the Kaspersky scan we can finish up if clean. Are you having any symptoms? How is the computer running?

    Go to Add/remove programs and uninstall any older versions of Java except 6update 5.

    Download and Run ATF Cleaner
    Download ATF Cleaner by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it.

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    Firefox or Opera:
    Click Firefox or Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.

    Run Kaspersky Online AV Scanner

    Order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
    Attach the report into your next reply
  23. kgrant66

    kgrant66 TS Rookie Topic Starter Posts: 36

    I have posted my logs on the page two of this abebot thread. I don't know if you've seen it yet. Need direction. Hope you're feeling ok. Thanks again for all your help.
  24. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    I dont see the kaspersky log?
  25. kgrant66

    kgrant66 TS Rookie Topic Starter Posts: 36

    Part 1 of ? Kaspersky log

    Sunday, April 13, 2008 7:22:43 AM
    Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
    Kaspersky Online Scanner version:
    Kaspersky Anti-Virus database last update: 13/04/2008
    Kaspersky Anti-Virus database records: 701234

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:

    Scan Statistics:
    Total number of scanned objects: 85953
    Number of viruses found: 1
    Number of infected objects: 5
    Number of suspicious objects: 0
    Duration of the scan process: 01:01:43

    Infected Object Name / Virus Name / Last Action
    rest of log is on comuter------
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...