TechSpot

Have spyware infection Abebot on my PC!

By Esuper
Mar 31, 2008
  1. Esuper

    Esuper TS Rookie Topic Starter Posts: 34

    O4 - HKLM\..\Policies\Explorer\Run: [rgWFEtNPPQ] I:\Documents and Settings\All Users\Application Data\ezclqdql\gxwzsbil.exe

    Dont see this lines in Hijackthis???
     
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    I see it in your last log right between

    O4 - HKCU\..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKLM\..\Policies\Explorer\Run: [rgWFEtNPPQ] I:\Documents and Settings\All Users\Application Data\ezclqdql\gxwzsbil.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
     
  3. Esuper

    Esuper TS Rookie Topic Starter Posts: 34

    Use Windows Explorer to navigate to and delete the following folder:

    Files:
    I:\Documents and Settings\All Users\Application Data\ezclqdql <-This folder only

    I'm having problem to find this file again. ezclqdql??
     
  4. kritius

    kritius TS Guru Posts: 2,087

    Download Pocket Killbox by Option^Explicit from here
    • Double-click on Killbox.exe to start Pocket Killbox
    • Select the Delete on reboot option
    • Click on All Files
    • Select the text in the below codebox and press Ctrl+C to copy it to the clipboard
      Code:
      I:\Documents and Settings\All Users\Application Data\ezclqdql 
    • Go back to Pocket Killbox and click File > Paste from clipboard
    • Click on the button in Pocket Killbox that looks like this[​IMG]
    • You will now get the prompt Files will be removed on reboot Do you want reboot now?
    • Click Yes this will restart your pc
    • Note: If your PC does not restart automatically please restart it manually
     
  5. Esuper

    Esuper TS Rookie Topic Starter Posts: 34

    Thanks for the help, Here is the log files
     
  6. kritius

    kritius TS Guru Posts: 2,087

    Go to add/remove programs and get rid of PowerReg Scheduler or anything like it.


    Fix entries using HiJackThis
    • Launch HiJackThis
    • Click the Do a system scan only button
    • Put a check next to the entries listed below
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - Startup: PowerReg Scheduler V3.exe

    • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
    • Click the Fix checked button and close HiJackThis
    • Reboot HijackThis if necessary



    Update your Java Runtime Environment
    • First try going to Start -> Control Panel -> double click Java
    • Select the Update TAb at the top
    • Click the Check for Updates button at the bottom
    • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
    • After it installs the newest version Go back to Control Panel -> Add/remove programs
    • Uninstall any older versions of Java

    If for some reason you couldn't update through the above instructions.
    • Click the following link
      Java Runtime Environment 6 Update 5
    • The 4th option down is the one you want (click Download)
    • Check the box to agree to terms of service
    • Check the box for your operating system and click 'Download selected'at the bottom
    • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
    • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder

    You should get a firewall as well, either, these firewalls are all free,
     
  7. Esuper

    Esuper TS Rookie Topic Starter Posts: 34

    Thanks, But i'm cannt get PowerReg Scheduler in add/remove programs??
    Could be in others name?
     
  8. kritius

    kritius TS Guru Posts: 2,087

    do a scan with combofix and post the log, ill be able to see from that.

    Do the other steps first though.

    Create an uninstall list
    • Launch Hijackthis
    • Click the Open the Misc Tools section button
    • Click the Open Uninstall Manager button.
    • Click the Save list button.
    • Copy and paste this log into your next reply
     
  9. Esuper

    Esuper TS Rookie Topic Starter Posts: 34

    ACDSee Pro
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge 1.0
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Common File Installer
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player ActiveX
    Adobe Fonts All
    Adobe FrameMaker v7.1
    Adobe Help Center 1.0
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS2
    Adobe Photoshop CS3
    Adobe Photoshop CS3
    Adobe Premiere Pro 2.0
    Adobe Reader 7.0.9
    Adobe Setup
    Adobe Stock Photos 1.0
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    AGEIA PhysX v2.3.3
    Ai Booster
    Alternate Dictionary 1.405
    ArtMoney SE v7.22
    ASP.NET Maker 2.2
    ASUS DH Remote
    ASUS Enhanced Display Driver
    ASUS GameFace Library
    ASUS GameLiveShow
    ASUS SmartDoctor
    ASUS Utilities
    ASUS VideoSecurity Online
    ASUS WiFi-AP Solo
    ASUS_Ai_Proactive_Screensaver (E)
    AsusUpdate
    AVG 7.5
    Avid Codecs LE
    Avid DIO Runtime
    Avid EDL Manager
    Avid FilmScribe
    Avid Log Exchange
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities Digital Photo Professional 3.1
    Canon Utilities EOS Utility
    Canon Utilities Original Data Security Tools
    Canon Utilities PhotoStitch
    Canon Utilities Picture Style Editor
    Canon Utilities WFT-E1/E2/E3 Utility
    Canon Utilities ZoomBrowser EX
    Chinese Star XP
    CINEMA 4D Release 10
    CloneCD
    CloneDVD2
    Command & Conquer 3
    Cool MP3 Splitter 2.2
    Creative Jukebox Driver
    Creative Removable Disk Manager
    Creative System Information
    Creative Zen Micro
    DesktopX Professional
    Digidesign Audio Drivers 7.1
    Digital Image Recovery 1.47
    Dragonshard
    Dungeon Siege 2
    Easy Photo Recovery 1.0
    EasyRecovery Professional Trial
    EZ-Backup Manager
    FinalRecovery 1.3
    GameFace Messenger
    Ghost Recon Advanced Warfighter
    Google Toolbar for Internet Explorer
    Gothic III
    Gothic III Release Update
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB935448)
    iFinger 2.0
    InterLok Driver Kit
    InterVideo Launcher
    J2SE Runtime Environment 5.0
    Java(TM) 6 Update 3
    JRAID
    K-Lite Codec Pack 2.82 Full
    LiveUpdate 3.0 (Symantec Corporation)
    Macromedia Dreamweaver MX 2004
    Macromedia Extension Manager
    Macromedia Flash MX
    Macromedia Flash MX 2004
    Macromedia FreeHand MXa
    Malwarebytes' Anti-Malware
    Manga Studio EX 3.0
    Marvell Miniport Driver
    MediaRescue Pro 3.9
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft AppLocale
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows Application Compatibility Database
    Mozilla Firefox (2.0.0.13)
    MSN
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    mTC (remove only)
    Nero Suite
    Neverwinter Nights
    Neverwinter Nights 2
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    Nokia Software Updater
    NVIDIA Drivers
    ObjectRescue Pro 4.0
    Opera 9.26
    PC Connectivity Solution
    PC Probe II
    PDF Settings
    PhotoRescue Pro 4.0
    Power MP3 Cutter Joiner 1.12
    Power MP3 Recorder Cutter, (ver 5.0)
    PPLive 1.9
    PPStream
    QuickTime
    Realtek High Definition Audio Driver
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 2.0 (KB928365)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB946026)
    Sentinel Protection Installer 7.2.2
    Serials 2000
    Serials 2000
    SimCity 4 Rush Hour
    Skype™ 3.5
    SmartSound Quicktracks Plugin
    SpellForce 2 - Shadow Wars
    SpellForce 2 Update v1.02
    Spyware Doctor 5.5
    SUPERAntiSpyware Free Edition
    TheSage
    ThumbDrive Guard
    TVUPlayer 2.3.0.0
    Ulead VideoStudio 9.0
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    VeohTV BETA
    Versal FileDownload ActiveX Control Trial Version
    Virtual Cable Tester
    Vodafone Mobile Connect Lite
    WindowBlinds
    Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
    Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Toolbar
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Support Tools
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    WinRAR archiver
    WMA To MP3 Encoder 5.09
    X360 Video Player ActiveX Control
    Xfire (remove only)
    Yahoo! Toolbar
     
  10. kritius

    kritius TS Guru Posts: 2,087

    Ccleaner
    Download CCleaner from HERE.
    • Double click on the ccsetup.exe file to start the installation of the program.
    • Select your language and click OK, then next.
    • Read the license agreement and click I Agree.
    • Click next to use the default install location.
    • Under Install Options, choose all the default settings except untick install the Yahoo! Toolbar.
    • Click Install then finish to complete installation.
    • Double click the CCleaner shortcut on the desktop to start the program.
    • In advanced deselect "Old Prefetch Data."
    • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items. Click on Issues and make sure Registry Integrity is UNchecked!
    • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
    • After CCleaner has completed this process several times until no more errors are found, click Exit.

    Java(TM) 6 Update 3
    LiveUpdate 3.0 (Symantec Corporation)
    Yahoo! Toolbar

    Unistall these three, then run combofix and attach the log.
     
  11. Esuper

    Esuper TS Rookie Topic Starter Posts: 34

    while i try to remove the last one(Java(TM) 6 Update 3), this prompt me:

    Have spyware infectipn Abebot on my PC! - Page 2 - TechSpot OpenBoards - Windows Internet Explorer
     
     
  12. kritius

    kritius TS Guru Posts: 2,087

    Do this bit first then try unistalling that,

    Update your Java Runtime Environment
    • First try going to Start -> Control Panel -> double click Java
    • Select the Update TAb at the top
    • Click the Check for Updates button at the bottom
    • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
    • After it installs the newest version Go back to Control Panel -> Add/remove programs
    • Uninstall any older versions of Java

    If for some reason you couldn't update through the above instructions.
    • Click the following link
      Java Runtime Environment 6 Update 5
    • The 4th option down is the one you want (click Download)
    • Check the box to agree to terms of service
    • Check the box for your operating system and click 'Download selected'at the bottom
    • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
    • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder
     
  13. Esuper

    Esuper TS Rookie Topic Starter Posts: 34

    C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder

    The other subfolder(jre1.5.0) i tryin to remove prompt me this:
    Cannot delete jucheck.exe: Access is denied.

    Make sure the disk is not full or write-protected and that the file is not currently use.
     
  14. kritius

    kritius TS Guru Posts: 2,087

    Skip it for now and do the ccleaner bit.
     
  15. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    You need to take ownership of the file, it's not of huge importance to do right away but when you delete the file do this:

    1. Right-click the file that you want to take ownership of, and then click Properties.
    2. Click the Security tab, and then click OK on the Security message (if one appears).
    3. Click Advanced, and then click the Owner tab.
    4. In the Name list, click Administrator, or click the Administrators group, and then click OK.

    The administrator or the Administrators group now owns the file. To change the permissions on the files and folders under this folder, go to step 5.
    5. Click Add.
    6. In the Enter the object names to select (examples) list, type the user or group account that you want to give access to the file. For example, type your user name or Administrator.
    7. Click OK.
    8. In the Group or user names list, click the account that you want, and then select the check boxes of the permissions that you want to assign that user.
    9. When you are finished assigning permissions, click OK.
     
  16. Esuper

    Esuper TS Rookie Topic Starter Posts: 34

    Here is the latest log, Thanks
     
  17. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    We should be pretty much done with Combofix.

    Trend Micro Housecall Free Online Scanner

    • It`s one of the very few online scanners that will actually disinfect viruses etc.
    • First Open Internet Explorer
    • Go to Trend Micro's Housecall website which can be found HERE
    • Click on the link that says "Scan now. It's Free"
    • A new tab will open where you will have to tick a box to agree to the terms of service.
    • Click "Launch House Call"
    • Follow any additional on screen instructions
    • Select any infections then Fix Checked after the scan

    After the fix is done through housecall, Launch Hijackthis - scan and save a log

    Attach the fresh hijackthis log back here, this one can take a while depending on how many infections are left and your connection speed. Just be patient with it as you are almost done.
     
  18. Esuper

    Esuper TS Rookie Topic Starter Posts: 34

    Hi Blind Dragon, I have to let it run over night, i guess, my connection speed is slow. I'll post it once it finish. Thanks for the support here.
     
  19. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    It will speed up towards the end, the timer isn't always accurate
     
  20. Esuper

    Esuper TS Rookie Topic Starter Posts: 34

    i just blow it!!! After a long hour of scanning finaly reach to clean the infection, i click on it and it say no able to remove, Ask me to buy their Product, and need to run another round of Scanning??? Any other solutions??? Thanks. And i only able to continue this at nite, I'll log in again tonite. Thanks again!!
     
  21. Esuper

    Esuper TS Rookie Topic Starter Posts: 34

    Here is the fresh Hijackthis log. Thanks
     
  22. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    Did you happen to catch the name of the infection it found?

    I have never had housecall suggest that I buy anything, from my experience if it can find it, then it could remove it.

    Sorry about that. I will look into it further and hold off on recommending them until it's sorted.
     
  23. Esuper

    Esuper TS Rookie Topic Starter Posts: 34

    Yea, so dump, i didnt write it down and click fix, total of 5 infected one.
    Hope there is somethings thats can download and run the scanning instead of Online scanning, my connections is super slow. Please keep me updates, if there is a solution to fix this. Thanks!!!
     
  24. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

  25. Esuper

    Esuper TS Rookie Topic Starter Posts: 34

    I already have using AVG, How do i get the log file??
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.