TechSpot

Abebot-trojandownload.xs and a yellow trinangle on bottom rigth toolbar

By seato1985
Mar 29, 2008
  1. Please healp been trying to sort this out for days now and have had no luck i have bitdfender/spy-bot s&d os/ vista

    carried out numerous scans but nothing has come up except these dam pop ups on my dessktop it was getting really bad at one stage getting web site jumps and other wired things untill i locked up the computer *security* to allow me to find a soultion any help would be great thx
     
  2. kritius

    kritius TS Guru Posts: 2,084

    The first thing that I need you to do for me is to download and install HijackThis for me,

    Highjackthis Instructions
    • Make sure you have the LATEST version of HJT (currently v2.0.2) it can be downloaded from HERE
    • Run the HijackThis Installer and it will automatically place HJT in its own folder, usually C:\Program Files\Trend Micro\HijackThis. Please don't change the directory as it is necessary to create backups.
    • After installing, the program launches automatically, select Scan now and save a log
    • After the scan is complete attach the log into your reply.
    Do not attempt to fix any item yet.
    Do not add anything to the ignore list.
    Don't use the AnalyseThis button, its findings are dangerous if misinterpreted.

    Hijackthis will give me an idea as to what nasty things there are lurking about in your system and will help the both of us get rid of them.

    If you have any problems or questions then please post back.
     
  3. seato1985

    seato1985 TS Rookie Topic Starter

  4. kritius

    kritius TS Guru Posts: 2,084

    Download and Run Malwarebytes' Anti-Malware
    Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach the log into your next reply.
    • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
     
  5. seato1985

    seato1985 TS Rookie Topic Starter

    still scaning shouldnt be too much longer
     
  6. kritius

    kritius TS Guru Posts: 2,084

    Well I have to head to sleep now so ill look over the log in the morning and advise further actions. After it finishes post a fresh HJT log for me too.
     
  7. seato1985

    seato1985 TS Rookie Topic Starter

    here is hijack this log file after other scan still trying to find the log file for that scan

    View attachment 30441
     
  8. seato1985

    seato1985 TS Rookie Topic Starter

  9. seato1985

    seato1985 TS Rookie Topic Starter

    how did it go are those correct ??
     
  10. kritius

    kritius TS Guru Posts: 2,084

    Disable Teatimer
    Please disable Teatimer as it may interfere with the fix.
    First:
    • Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
    • Choose Exit Spybot S&D Resident
    Second:
    • Open Spybot S&D
    • Click Mode, check Advanced Mode
    • Go To Left Panel, Click Tools, then also in left panel, click Resident
    • If your firewall raises a question, say OK
    • Uncheck the box labeled Resident Tea-Timer and OK any prompts.
    • Use File, Exit to terminate Spybot
    • Reboot your machine for the changes to take effect.
    Once your log is clean you can re-enable those settings in TeaTimer.

    After that run HJT for me again.
     
  11. kritius

    kritius TS Guru Posts: 2,084

    Please download SmitfraudFix (by S!Ri)

    Double-click SmitfraudFix.exe.
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please attach the report into your next reply.

    **If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
  12. seato1985

    seato1985 TS Rookie Topic Starter

  13. kritius

    kritius TS Guru Posts: 2,084

    Sorry, can you do the Smitfraud scan for me?
     
  14. seato1985

    seato1985 TS Rookie Topic Starter

  15. kritius

    kritius TS Guru Posts: 2,084

    Ok i looking over the logs now, ill post back with results
     
  16. seato1985

    seato1985 TS Rookie Topic Starter

    did you forget about me nah its cool
     
  17. kritius

    kritius TS Guru Posts: 2,084

    Give me some time, there are a lot of logs going on here at the minute and i do have other things to do except sit in front of the computer.
     
  18. slugger88

    slugger88 TS Rookie

    Hey Kritius,
    I realise that you are very busy at the moment with all the viruses going round, but I would greatly appreciate if you could tell me if you plan on looking at my thread (I have included the logs from Hijackthis and Malwarebytes).

    Thank you for your help,
    Luc
     
  19. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Download and Install SDFix
    • Download SDFix and save it to your Desktop.
    • Double click SDFix.exe and it will extract the files to %systemdrive%
      (Drive that contains the Windows Directory, typically C:\SDFix)

    Run SDFix
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    • Attach Report.txt back here
     
  20. seato1985

    seato1985 TS Rookie Topic Starter

    Hi blind dragon thanx for assistance but i am unable to get sdfix to work done everything you have to me to do, But when i try to run the programe it says needs to be run in adiminersrator i do that but then on the sdfix window it reads sdfix tool need me to be in safe mode for the tool to work. So i rebooted into safe mode but when i try to run the program the screen pops up for a few sections then disapeers and nothing happens can you please help
     
  21. seato1985

    seato1985 TS Rookie Topic Starter

    i have even tried to exracting the fiels again in adminersrator but still no difference:mad:
     
  22. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    I didn't realize you had Vista, SDFix is not yet compatible. Sorry.

    Lets see what kaspersky says is still on there and then we can remove piece by piece.

    ---------------------------------------------------------------------------------------------------------------------------------------------
    Malwarebytes' Anti-Malware

    • Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    ----------------------------------------------------------------------------------------------------------------------------------------------------

    Combofix
    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • Type "1" (and Enter) to start the fix.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt
     
  23. recperez

    recperez TS Rookie

    Hi..everyone I am new to your site..i am having the same problem with this td.xs

    Please help..i am not very good with computers..i have searched for assistance.

    I have windows xp
    mcfee, avg.anti spyware 7.5 and spybot & SD resident

    we had this worm in the system once before..so i told my son not to click on any popups..but i should have been more specific on what popups..he ignored when mcfee warned us..
    so now we have this popup, triangle and it has placed a default on my screensaver

    anyways
    please help..and guide a mother to cleaning her computer.

    thanks everyone
     
  24. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Hi,

    this thread is for the use of the original poster, we don't want to start putting your instructions in their thread, so please start a thread just for your problem in this section of the forum http://www.techspot.com/vb/menu28.html

    I will be online for a while so will be waiting for your thread
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...