Have spyware infection Abebot on my PC!

Hi all the Guru here,

My PC has infected the same problem as others. I have attached the Hijack.log file.
this is my first time doing this, hope i have given enough info here. And I really hope to receiving some sort of help/advice that can help elimnate this problem.

................................................................................

Warning!!!
File: C:\WINDOWS\wml.exe

Threat:Abebot

Click here to visit PC-Antispyware web site..

There is also another similar one;

System Integrity Scan Wizard
Warning: Your ocmputer may have critical errors in Windows registry and file system!
................................................................................

Thanks

Hi Esuper,

Download and Install SDFix

• Download SDFix and save it to your Desktop.
  
• Double click SDFix.exe and it will extract the files to %systemdrive%
  (Drive that contains the Windows Directory, typically C:\SDFix)

Run SDFix

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
• Attach Report.txt back here

Malwarebytes' Anti-Malware

• Please download Malwarebytes' Anti-Malware to your desktop.
  
• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

This thread is for the use of Esuper only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Hi Blind Dragon.

There is no Y, in SDFix?? What should i choose from here?

1. Download/Run a-squared
2. Download/Run Norman Malware Cleaner
3. Download/Run SAV32CLI

A. Create System Report
B. Create Service/Drive List
C. Create Catchme Log
D. Export SafeBoot Key

U. Download Latest version of SDFix
E. EXIT

Thanks

Did you type Y?

If so, did it not work?

Thanks

Yes, i did type Y, and the SDFix Window close.

And this is the log file from Malwarebytes' Anti-Malware.

Thanks

Boot into Safe mode, use your regular account (not admin)

Type 2 to begin the cleanup process.

With MBAM everything says NO ACTION TAKEN, Be sure that everything is checked, and click Remove Selected.

Thank,

Certain items could not be remove! The first few are listed below. All items that could not be removed hav been added to the delete on reboot list. and ask me to restart?

here is the file:
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d}
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c}
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338}

Continue restart?

yes then attach the log here afterwards

Here is the Norman_Malware_Cleaner log file.

Did you crash while running the scan?

I need to see a fresh Hijackthis log

yes crash(but the system is ok).

Run SDFix from Safemode again this time selecting option 3

Then when it's done, and you have restarted run yet another scan with Hijackthis from normal mode and attach both logs here

I have to run the Run SDFix from Safemode option 3 agin, cannt find where is the log file located.

it's in the SDFix folder as Report.txt

I don't think it will remove all of it though so in addition

Run Smitfraudfix

• Download Smitfraudfix by S!ri from HERE
• Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
• Double-click SmitfraudFix.exe
• Select 2 and hit Enter to delete infected files.
• You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
• The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
• A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

This is the file

Combofix

• Download Combofix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• Type "1" (and Enter) to start the fix.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt

Have been stop by Spywaredoctor. And now the window prompt say:
Window cannot open this file:
To open this file, Windows need to know what program created it. Windows can go online to look it up automatically, or you can manually select from a list of program on your computer.

What to do?
Use the web service to find the appropriate program OR select the program from a list?

Spyware Doctor Block!!!
Thread:Trojan
Risk:High

Right click the running icon of Spywareguard in the system tray to open the program. Then go to Menu, File, and choose Exit.

try again if it still doesn't work

go to start -> run -> type combofix /u

reattempt the above instructions after it is uninstalled