Abebot-trojandownload.xs and a yellow trinangle on bottom rigth toolbar

[seato1985]

Please healp been trying to sort this out for days now and have had no luck i have bitdfender/spy-bot s&d os/ vista

carried out numerous scans but nothing has come up except these dam pop ups on my dessktop it was getting really bad at one stage getting web site jumps and other wired things untill i locked up the computer *security* to allow me to find a soultion any help would be great thx

 

[kritius]

The first thing that I need you to do for me is to download and install HijackThis for me,

Highjackthis Instructions

• Make sure you have the LATEST version of HJT (currently v2.0.2) it can be downloaded from HERE
• Run the HijackThis Installer and it will automatically place HJT in its own folder, usually C:\Program Files\Trend Micro\HijackThis. Please don't change the directory as it is necessary to create backups.
• After installing, the program launches automatically, select Scan now and save a log
• After the scan is complete attach the log into your reply.

Do not attempt to fix any item yet.
Do not add anything to the ignore list.
Don't use the AnalyseThis button, its findings are dangerous if misinterpreted.

Hijackthis will give me an idea as to what nasty things there are lurking about in your system and will help the both of us get rid of them.

If you have any problems or questions then please post back.

 

[seato1985]

this is it log file

View attachment 30434 this is mylog file thx for the reply

 

[kritius]

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please attach the log into your next reply.
• If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

 

[seato1985]

still scaning shouldnt be too much longer

 

[kritius]

Well I have to head to sleep now so ill look over the log in the morning and advise further actions. After it finishes post a fresh HJT log for me too.

 

[seato1985]

here is hijack this log file after other scan still trying to find the log file for that scan

View attachment 30441

 

[seato1985]

here is the othere one
View attachment 30442

 

[seato1985]

how did it go are those correct ??

 

[kritius]

Disable Teatimer
Please disable Teatimer as it may interfere with the fix.
First:

• Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
• Choose Exit Spybot S&D Resident

Second:

• Open Spybot S&D
• Click Mode, check Advanced Mode
• Go To Left Panel, Click Tools, then also in left panel, click Resident
• If your firewall raises a question, say OK
• Uncheck the box labeled Resident Tea-Timer and OK any prompts.
• Use File, Exit to terminate Spybot
• Reboot your machine for the changes to take effect.

Once your log is clean you can re-enable those settings in TeaTimer.

After that run HJT for me again.

 

[kritius]

Please download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please attach the report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

 

[seato1985]

View attachment 30449 heres the log file

 

[kritius]

Sorry, can you do the Smitfraud scan for me?

 

[seato1985]

here is the log file for smithfraud
View attachment 30450

 

[kritius]

Ok i looking over the logs now, ill post back with results

 

[seato1985]

did you forget about me nah its cool

 

[kritius]

Give me some time, there are a lot of logs going on here at the minute and i do have other things to do except sit in front of the computer.

 

[slugger88]

Hey Kritius,
I realise that you are very busy at the moment with all the viruses going round, but I would greatly appreciate if you could tell me if you plan on looking at my thread (I have included the logs from Hijackthis and Malwarebytes).

Thank you for your help,
Luc

 

[Blind Dragon]

Download and Install SDFix

• Download SDFix and save it to your Desktop.
  
• Double click SDFix.exe and it will extract the files to %systemdrive%
  (Drive that contains the Windows Directory, typically C:\SDFix)

Run SDFix

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
• Attach Report.txt back here

 

[seato1985]

Hi blind dragon thanx for assistance but i am unable to get sdfix to work done everything you have to me to do, But when i try to run the programe it says needs to be run in adiminersrator i do that but then on the sdfix window it reads sdfix tool need me to be in safe mode for the tool to work. So i rebooted into safe mode but when i try to run the program the screen pops up for a few sections then disapeers and nothing happens can you please help

 

[seato1985]

i have even tried to exracting the fiels again in adminersrator but still no difference

 

[Blind Dragon]

I didn't realize you had Vista, SDFix is not yet compatible. Sorry.

Lets see what kaspersky says is still on there and then we can remove piece by piece.

---------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware

• Please download Malwarebytes' Anti-Malware to your desktop.
  
• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------------------------------------------------------------------------------------------------

Combofix

• Download Combofix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• Type "1" (and Enter) to start the fix.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt

 

[recperez]

Hi..everyone I am new to your site..i am having the same problem with this td.xs

Please help..i am not very good with computers..i have searched for assistance.

I have windows xp
mcfee, avg.anti spyware 7.5 and spybot & SD resident

we had this worm in the system once before..so i told my son not to click on any popups..but i should have been more specific on what popups..he ignored when mcfee warned us..
so now we have this popup, triangle and it has placed a default on my screensaver

anyways
please help..and guide a mother to cleaning her computer.

thanks everyone

 

[Blind Dragon]

Hi,

this thread is for the use of the original poster, we don't want to start putting your instructions in their thread, so please start a thread just for your problem in this section of the forum https://www.techspot.com/vb/menu28.html

I will be online for a while so will be waiting for your thread