Abebot removal

Status
Not open for further replies.

kgrant66

Posts: 35   +0
I found some great threads on here and ran through the Malware, Windows Updates, AVG, AVG Spyware, Ad-Aware, CCLeaner, etc, etc. (15 Steps) that were posted and those all worked great! Unfortunately I have business info on here and bank online.

I have attached the three necessary logs below (AntiSpyware, Combofix & Hijackthis) and just don't want to delete anything that the Hijackthis (Crusty) found yet, because I don't know what I can delete. Can someone help?

Kel
 
Update your Java Runtime Environment
  • First try going to Start -> Control Panel -> double click Java
  • Select the Update Tab at the top of the Java console
  • Click the Check for Updates button at the bottom
  • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
  • After it installs the newest version Go back to Control Panel -> Add/remove programs
  • Uninstall any older versions of Java

If for some reason you couldn't update through the above instructions.
  • Click the following link
    Java Runtime Environment 6 Update 5
  • The 4th option down is the one you want (click Download)
  • Check the box to agree to terms of service
  • Check the box for your operating system and click 'Download selected'at the bottom
  • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
  • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder



Disable Teatimer
  • Right click the Spybot -SD Resident Icon located in your system tray, Select Exit Spybot - S&D Resident
  • Open Spybot S&D
  • Click on Mode at the top and make sure that Advanced is checked
  • Expand the Tools tab in the left pane
  • Single click on the Resident Icon also in the left pane
  • Uncheck Resident "TeaTimer" (Protection of over-all system settings) Active
  • Close spybot



Not sure on what you have installed as i see AVG 7.5 free and a lot of symantec products, it is recommended to only have 1 active anti-virus. Also do you have a firewall through Norton? We need to get you down to 1 anti-virus program and 1 firewall.



Malwarebytes' Anti-Malware

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt



After all of that please run a fresh Hijackthis log for me
 
I realy appreciate your time! I am downloading the new Java now ( says 2 hours 8 mins) and will follow your other directions after that. I do have Norton on the computer. I guess I over did it on the protection. I've got the Malware too and will double check the Teatimer. Looks like I will get back to you later. Thanks a million!
 
K, Teatimer is fine, we just need it disabled while we fix this infection, afterwards I will give intructions to turn back on. Don't remove anything yet. Except Norton OR AVG Free (not antispyware)

Rule of thumb you can have 1 anti-virus, 1 firewall, and a combonation of Anti-spyware
 
If you would like to keep Norton that is your choice. For a long term solution I would look at switching to AVG or Avast with either Comodo or Zone Alarm as a firewall.

This is a free solution that works very well. If you have paid for Norton I know it can be hard to get rid of, if that is the case then I suggest switching when it is expired. If norton is already expired I will give complete removal instructions for that, and set you up with links to plenty of free software.
 
I had 87 days left on the Norton. I can part with something that didnt seem to help me. On uninstalling it asks if I want to turn on the WIndows Firewall, should I? I am not savvy in this stuff, so is the AVG doing the firewalling? I think I am going to need instructions. I feel so dahh, and I am a software programmer.
 
Here are my saved speeches with links

You aren't running Firewall Software. Please download and install one of these first!

Use a Firewall - It is very important that you use a Firewall on your computer. If you use the Windows Firewall you might think that's enough but it only controls inbound traffic. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some firewalls which are free for personal use and most commonly used:

Vista Compatible:
Comodo
Zonealarm

If you decide to ditch norton run this to uninstall it http://www.majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

Anti-Virus
the free AVG or Avast antivirus programs
 
Norton has been deleted. Comodo is installed and running a scan. Found Malware ntagent.web, Rpcnet.exe and SmitfraudFix\Reboot.exe. in the C:\WIndows\System32\ directory so far.

The Java is still downloading (4 hours to go).UG. Why so slow? On my other home computer I have Java 6 Update 5 and there are other updates (6 updt 2, 6 updt 3, etc. and J2SE Runtime Environment 5.0 version 1, 9 and 10 - are these old Java exe too or just a compatible app that gets loaded?
 
Everything you mention except java 6 update 5 is an old version and can be removed through add/remove programs

Java should NOT take that long to update, what browser did you use? Or did you do it through the Java Icon?

Older Java versions are easily exploited by the a-holes that write this junk. So always make sure you have the most current version. You can always come to techspot and ask what is the most current version if you are ever unsure. It is common knowledge on this section of the forum.

After everything is set proceed to disable tea timer and scan with MBAM, if it finds a lot of infections, run another full scan. Attach the logs back here afterwards, then we can proceed with combofix. There is just know point removing it, if you are not protected. It will come right back as I have seen many times. So we secure your system a bit first, then we will remove it.
 
I clicked on the Java link you posted above (used IE browser), chose 4th option down,etc. and it takes me to a download list, I chose Windows (1st one) and clicked link to download a 15.1 MB file (should take seconds) and it is very slow. I will try again real quick, but I had issues with that Java site from my other computer too, so it wasn't just this one. If there is another way to pull it I am game. Tea timer is diabled. Should I turn it back on until I am ready to run MBAM?
 
Good News! Attach the log along with a fresh Hijackthis log and I will give further instructions from there
 
When I dowloaded Comodo I denied one too many popup securities and locked myself out of the net. I am now using Firefox as web browser and ZoneAlarm as Firewall (working very well) thanks!
Here is my mbam log (didn't know where to attach, so copy/pasted). I have been in C# class all day, so forgive me for not posting.

MBAM log-
Malwarebytes' Anti-Malware 1.11
Database version: 603

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 122215
Time elapsed: 32 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
 
Hijackthis log -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:11:19 PM, on 4/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
The log is on my computer.
 
The rest of Hijackthi log that wouldn't fit in other post box above-
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
.... See more in the log in my computer.
 
Few things.

1)Java is still not current version. I see Java 6 update 0, current version is Java 6 update 5.

2) Abebot entry is gone, but there are still some little things that need removed. Let's try one more scan then we will remove manually.

Download\install 'SuperAntiSpyware Home Edition Free Version' from HERE
  • Launch SuperAntiSpyware and click on 'Check for updates'.
  • Once the updates have been installed,exit SuperAntiSpyware.

Scan with SuperAntiSpyware
  • Start SuperAntiSpyware.
  • On the main screen click on 'Scan your computer'.
  • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
  • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
  • Make sure everything found has a checkmark next to it,then press 'Next'.
  • Click on 'Finish' when you've done.

    It's possible that the program will ask you to reboot in order to delete some files.

    Obtain the SuperAntiSpyware log as follows:
    Click on 'Preferences'.
    Click on the 'Statistics/Logs' tab.
    Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
    It will then open in your default text editor,such as Notepad.
    Attach the notepad file here on your next reply
 
SuperSpyware log added

I double checked the Java and it's Java 6 update 5. I downloaded, installed and ran the suggested SuperSpyware program and the log is attached. Can't wait to hear what comes next.

Kel
 
Looking good, it only found some cookies. After ATF, we will double check with Kaspersky, but I think it is time to clean up and secure what we have done. So after I see the Kaspersky scan we can finish up if clean. Are you having any symptoms? How is the computer running?

Go to Add/remove programs and uninstall any older versions of Java except 6update 5.

Download and Run ATF Cleaner
Download ATF Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox or Opera:
Click Firefox or Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.



Run Kaspersky Online AV Scanner

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer"
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Attach the report into your next reply
 
I have posted my logs on the page two of this abebot thread. I don't know if you've seen it yet. Need direction. Hope you're feeling ok. Thanks again for all your help.
Kel
 
Part 1 of ? Kaspersky log

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 13, 2008 7:22:43 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/04/2008
Kaspersky Anti-Virus database records: 701234
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 85953
Number of viruses found: 1
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 01:01:43

Infected Object Name / Virus Name / Last Action
rest of log is on comuter------
 
Status
Not open for further replies.
Back