TechSpot

Backdoor.Abebot Removal

By Bobbye
Apr 2, 2008
  1. I see so many with this malware. While it is possible the user may have other malware, you can find the removal for this on this Symantec site:

    http://www.symantec.com/security_response/writeup.jsp?docid=2005-011317-2305-99&tabid=3

    It's vital that you remove this Trojan as soon as possible as Backdoor.Abebot is a Trojan horse that opens a back door and lowers security settings on the compromised computer.

    You can find a summary on the same site.
     
  2. kritius

    kritius TS Guru Posts: 2,084

    The symantec removal instructions arnt that great, the only way weve been able to get rid of it so far has been a CFScript, OTMoveIt2 may work as well but I havnt tried yet.

    Plus its never good to disable system restore when doing a fix, especially if your going to be messing about with the registry.
     
  3. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Mbam appears to get a part of the infection, Combofix catches the majority of it without CFScript, then the CFScript finishes off the last 2 or 3 entries.

    This is way easier than following that guide, plus the guide is incorrect because the names are random and they are unique to each infection. the guide will work for some but not others
     
  4. Bobbye

    Bobbye Helper on the Fringe Topic Starter Posts: 16,335   +36

    As many users here that are complaining of this infections, I thought this would be helpful. I don't agree on the System Restore shut down-however I realize there are 2 schools of thought on that: 1. shut down as beginning or 2. shut down to drop old points when clean.

    My reasoning is that many will use the SR feature and reinfect themselves! I was also hoping that an updated virus scan would be able to remove this beast. The removal seems fairly simple to me. Note that I did make it clear it may not remove other malware. But since Abebot lowers the security settings, wouldn't it be better to try and get it off ASAP?
     
  5. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    I can remove it with 1 MBAM scan and 1 CFscript, so I am going to start doing that then let's refer them to the preliminary removal instructions

    The removal may seem simple to you, but the fact is that every infection on here has different named files and different registry entries that aren't listed on the symantec site. A lot of users may have trouble identifying it. I dont think it is a bad idea to use this first then show us logs, but I don't want people to just do symantec removal then think they are clean

    ***The other problem-> 'read somebodies combofix log after they run it, there a load of files that it removes, same files on each one, so I am positive they are associated.
     
  6. cgfnp

    cgfnp TS Rookie

    Have some pop up crap...

    says a warning about "Abebot" and leads you to a website where there are multiple PC tools. Pops up and stays on top no matter what. I've found their location, but when I try to delete it says "don't have permission".

    Can a guy just have panda scan it and pay the damn price and fix this crap? I really don't have time to do this as a doctor on call.

    Thanks

    And, as I type, another blue box that says "Trojandownloader.xs" and to remove click here...

    So much for Norton 360... waste of money.
     
  7. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Please start a thread in our security section, this can be removed in your spare time fairly easily with the help of one of our helpers.

    What do I want to see when helping with this infection.

    A Hijackthis log, that is it. Then we will suggest what additional programs you need to remove the infection.

    Highjackthis Instructions
    • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
    • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
    • After installing, the program launches automatically, select Scan now and save a log
    • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...