TechSpot

Abebot

By lapdanzer4u
Apr 6, 2008
  1. hi my name is michele i have abebot and trojandownloader.xs infection on my computer and need help getting rid of it i have mcafee and spyware doctor i think the problem is in my registry but need help thank you
     
  2. kritius

    kritius TS Guru Posts: 2,084

    Download and Run Malwarebytes' Anti-Malware
    Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach the log into your next reply.
    • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    Download and Run ComboFix
    • Download this file to your desktop from either of the two below listed places :

      HERE or HERE
    • Then double click combofix.exe & follow the prompts.
    • When finished, it shall produce a log for you. Attach that log in your next reply
    WARNING: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
     
  3. KBaxter

    KBaxter TS Rookie Posts: 19

    Hi there Kritius, I also have the blasted Abebot spyware on my laptop and was hoping you wouldn't mind helping me? I'm a newbie and need some HELP!
     
  4. kritius

    kritius TS Guru Posts: 2,084

    Start your own thread please
     
  5. lapdanzer4u

    lapdanzer4u TS Rookie Topic Starter Posts: 21

    hi thank you for helping me i am new at this so far i have i completed malware but i don't know how to attach the log for you also i can't download combo fix i the spy doctor is blocking it all help would be appreciated thank you
     
  6. kritius

    kritius TS Guru Posts: 2,084

    Turn off spy doctor and allow combofix to download to the desktop.

    When you hit post reply you will see this button,

    [​IMG]

    Browse to the file you want to attach.
     
  7. lapdanzer4u

    lapdanzer4u TS Rookie Topic Starter Posts: 21

    hi kritius ok did malware and did combofix but i can't find the logs to attach i have tried everything sorry to be a pain please help thank you
     
  8. lapdanzer4u

    lapdanzer4u TS Rookie Topic Starter Posts: 21

    hi me again if i try to do everything over again will i damage my computer?
     
  9. kritius

    kritius TS Guru Posts: 2,084

    Go ahead and redo them.
     
  10. lapdanzer4u

    lapdanzer4u TS Rookie Topic Starter Posts: 21

    hi i found my malware log every time i try to attach it it keeps saying invalid file since i did malware and combo fix my virus seems to be gone please help thank you
     
  11. lapdanzer4u

    lapdanzer4u TS Rookie Topic Starter Posts: 21

    here is one of my logs i don't know where to fing combofix log is
     

    Attached Files:

  12. kritius

    kritius TS Guru Posts: 2,084

    its usually saved at C:\ComboFix.txt
     
  13. lapdanzer4u

    lapdanzer4u TS Rookie Topic Starter Posts: 21

    hi here is combo fix log
     
  14. kritius

    kritius TS Guru Posts: 2,084

    Ill look it over in the morning its pretty late here.
     
  15. kritius

    kritius TS Guru Posts: 2,084

    Highjackthis Instructions
    • Make sure you have the LATEST version of HJT (currently v2.0.2) it can be downloaded from HERE
    • Run the HijackThis Installer and it will automatically place HJT in its own folder, usually C:\Program Files\Trend Micro\HijackThis. Please don't change the directory as it is necessary to create backups.
    • After installing, the program launches automatically, select Scan now and save a log
    • After the scan is complete copy and paste the contents into your reply.
    Do not attempt to fix any item yet.
    Do not add anything to the ignore list.
    Don't use the AnalyseThis button, its findings are dangerous if misinterpreted.
     
  16. lapdanzer4u

    lapdanzer4u TS Rookie Topic Starter Posts: 21

    hi kritius i just tried to install hijack this but i can't i get a message that says
    C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\ZVRDNIP1\HJTInstall[1].exe is not a valid win 32 application.

    please reply thank you
    michele
     
  17. kritius

    kritius TS Guru Posts: 2,084

    Did you inistall the old version first? Also when selecting where to download it to, select the desktop.
     
  18. lapdanzer4u

    lapdanzer4u TS Rookie Topic Starter Posts: 21

    hi here is my hijack this log please reply
    thank you
     
  19. lapdanzer4u

    lapdanzer4u TS Rookie Topic Starter Posts: 21

    hi did you have a chance to look at hijack this log please let me know what to do next
    thank you
     
  20. kritius

    kritius TS Guru Posts: 2,084

    Open your C:\ drive and create a new folder called HJT then put HijackThis.exe into it,

    Fix entries using HiJackThis
    • Launch HiJackThis
    • Click the Do a system scan only button
    • Put a check next to the entries listed below
    O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
    O3 - Toolbar: Multi_Media - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll<=======This is optional
    O4 - Startup: PowerReg Scheduler V3.exe
    O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O21 - SSODL: RunOnceRam - {93b36616-fa3c-4b53-a150-9aa225ebf1f8} - (no file)

    • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
    • Click the Fix checked button and close HiJackThis
    • Reboot HijackThis if necessary

    This is the reason for the optional fix

    Reboot into safe mode.

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

    PowerReg Scheduler V3

    Please note any other programs that you don't recognize in that list in your next response.

    Do a search and delete the following,
    PowerReg Scheduler V3.exe

    After that, Reboot, and post a new HijackThis log here in a reply as well as describing how your computer is running at the minute.
     
  21. lapdanzer4u

    lapdanzer4u TS Rookie Topic Starter Posts: 21

    hi could you please tell me how to do this
    open your C:\drive and create a new folder called HJT then put HijackThis.exe into it
    i tried but can't seem to do it sorry to be a pain
    thank you
     
  22. kritius

    kritius TS Guru Posts: 2,084

    Open My Computer

    Double click on C:

    The main drive of your computer, and add a new folder.

    rename it to HJT and put HijackThis inside it.
     
  23. lapdanzer4u

    lapdanzer4u TS Rookie Topic Starter Posts: 21

    hi kritius i did everything my computer seems to be running fine the only question is i don't have a new hijack this log do i need to do another scan and save log after i've fixed everthing ? and can i remove malwarebytes? thanks for the help
    michele
     
  24. kritius

    kritius TS Guru Posts: 2,084

    do a new scan and post the log back here.
     
  25. lapdanzer4u

    lapdanzer4u TS Rookie Topic Starter Posts: 21

    o k here is the log please reply
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...