Hello to TechSpot professsionals, need help for abrebot

[baljeet]

hi there. this is mine first post. i m to vicitm of abrebot,screan flick up and ask for PC CLEANER OR PC ANTISPYWARE BUT I DONT KNOW HOW MY COMPUTER ASKING FOR PC CLEANER OR SPYWARE THATS NOT AN WINDOWS UTILITY.I SURF NET DAILY AS I AM ENROLLED FOR ONLINE COURSE. ITS ALMOST THE SAME PROBLEM AS ALL OTHER GETING. I M SENDING YOU THE LOG FILE CREATED THRU HIJACK THIS . I HAVE NORTRON 360 INSTALLED AND I SCAN ALL DRIVES THRU THAT BUT IT DIDNT STOP THE MESSAGE CALLED BY ITSELF. GIVE ME IMMEDIATE REPLY. THANKS
REGARDS
BALJEET

 

[kritius]

No need for the capitals

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally attach the Report.txt back on the forum with a new HijackThis log

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Please Download VirtumundoBeGone by secured2k

• Save the file to your desktop
• Close all running programs (including your Internet Browser)
• Double-click VirtumundoBeGone.exe on the desktop
• Read the introductory information, and then click Continue
• Click Start
• When asked if you want to continue, click Yes to run the fix
• Click "Save Log"

Note: It is normal for the the fix to terminate by producing a BLUE SCREEN OF DEATH so don't be concerned when this happens. It requires you to manually reboot to restore your normal windows desktop.

The log created by VirtumundoBeGone called VBG.TXT will be on located on your desktop. Please retain VBG.TXT.

Empty Recycle Bin.

Reboot and attach the VBG.TXT into this thread.
Also please describe how your computer behaves at the moment.

Please download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please attach that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

 

[baljeet]

process of sdfix and log of hijackthis after sdfix

thanks sir
for a instant reply .as per yours saying these are the file equested and right now vundofix is running i will soon send you vundo report with in five minute. if there is any else instrustion pls do write i am online. still i got the blue sceen alarming that
trojandownloader.xs as spy ware message.

 

[baljeet]

hello sir
vundofix didnt find any infected file .
do i have to still send you the new hijack log file. whats the next instruction pls write me back.
regards
baljeet

 

[kritius]

Dont bother with the HJT log yet, do virtmundobegone, then post back. I have to head out now though.

 

[Blind Dragon]

I'll take over for now, I am here till I have to drive home around 3 hours from now.

Go ahead and run this after virtmundobegone
Combofix

• Download Combofix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• Type "1" (and Enter) to start the fix.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt

Attach back 3 logs
1)VBG.txt
2)combofix.txt
3)Hijackthis.log scanned after running the other 2 programs

 

[baljeet]

virtumod report and smit fradfix rapport

hello there
sir i want to tell you one thing wen ever i run any given or prescribe utility by you i got the same message "your computer has critical registry problem......."and in quick launch on right hand side a yellow triangle with ! mark telling for spyware presentand took me to pc checker and pc antispyware side" isn that strange. or its calling itself .just look to the file
regards
baljeet

 

[baljeet]

log of combo and hijack after comba

sir
these r the result of combo and new hijack log. bt one thing i want you to tell i didnt press 1 only after i press start.i didnt give any option to press 1 .it start and as per your given instrustion i didnt press mine keyboard as well as touchpad.
thanks
bljeet

 

[kritius]

Fix entries using HiJackThis

• Launch HiJackThis
• Click the Do a system scan only button
• Put a check next to the entries listed below

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKCU\..\Run: [jskgmpem] C:\WINDOWS\system32\edybgbih.exe

• IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
• Click the Fix checked button and close HiJackThis
• Reboot HijackThis if necessary

Delete Files and Folders

• Right Click on the start button and chose explore
• Show all hidden files and folders, see how HERE
• Navigate to the following files and folders and delete them(if still present)

C:\WINDOWS\system32\edybgbih.exe<---------This File

• Empty the recycle bin.

If that does not work then repeat the process in safe mode. See how to boot into Safe mode HERE.
***DO NOT USE MSCONFIG TO BOOT INTO SAFE MODE***

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply.
• If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

After Malwarebytes has finished please run HijackThis again.

In your next post you should include,
1)Malwarebytes log
2)fresh HijackThis log
3)Update on how your system is running.

This thread is for the use of baljeet only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[baljeet]

results of log

hello sir
as per yours instructions i did the system scan from hijacthis and checked the enteries and fix them .
2. view hiddenfiles and folders
3.delete edybg......exe
4. run malware and delete the all enteries (checked )
5.run hijackthis
and files are attached , i can think that now my system is safe.pls tell me good software and advice me whether which software is good in antivirus presently i am usin norton 360 version 1.01
kaspersky ver 7
bit defender
macafee
Symantec_Corporate_10
zone alarm
eset smart security
do i have to install seprate software for spyware.

 

[baljeet]

sir you didnt reply me whether mine system is free from them or not. i do have one desktop i wana check that too what should i do for that should i give you hijack log file and sdfix and hijacklog after sdfix.

 

[kritius]

I would like you to do an online scan so that we can what else may be in your system,
Run Kaspersky online scanner
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.
Do not go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.

Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.

• The program will launch and then start to download the latest definition files.
• Once the scanner is installed and the definitions downloaded, click Next.
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  o Scan using the following Anti-Virus database:
  o Extended (If available, otherwise use standard)
  o Scan Options:
  o Scan Archives
  o Scan Mail Bases
• Click OK
• Under select a target to scan, select My Computer
• The scan will take a while so be patient and let it run.
• Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
• Click the Save Report As... button (see red arrow below)
  
  
  
  
  
• In the Save as... prompt, select Desktop
• In the File name box, name the file
• In the Save as type prompt, select Text file (see below)
  
  
  
  
  
• Include the report in your next post.

I will advise on security once your system is clean. Remember though use only ONE antivirus package and ONE firewall.


This thread is for the use of baljeet only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[baljeet]

Good morning sir
can you pls. assist which system u talking about mine laptop which is giving fake warning or the desktop which i ask you that i wana check it for virus.by the way i am checking mine laptop first of all.
pls do repy asap
regards
baljeet

 

[kritius]

I do one system at a time so were doing the one you started the thread off with.

 

[baljeet]

kasperskyonlinescanner test log

hello tech spot professional
sir
this is th repot of kaspersky online scanner. but i observing some strange thing. suddenly mine internet connection of lan which say unplug with red X sign says
internetgateway --> status connected ,duration 1day 02:30,speed 100mbps
internet<----internetGateway------my computer. why as i dont plug any lan cable why activities r on and i have internet speed of only 5mbps how 100mps speed is it showing. is somebody linked with mine computer remote access.
r u connected to mine computer.and when i open my network place in entire network i observe two more option M/S terminal , web client network which are not there earlier. pls do reply as soon as possible.
shuld i format and install a fresh copy of windows .give your suggestions.
regards baljeet

 

[baljeet]

after i restart my computer it again turn unconnected but the M/S terminal , web client network is still there

 

[baljeet]

is mine system free from fake alaram now. why r'n you reply me .you too have to sugest which antivirus is good. pls reply.
thanks

regards
baljeet

 

[kritius]

E:\software\vista\crack\vista crack all\Vista Automated Activation Crack v4.0.EXE??????

Non genuine windows.

I dont clean cracked OS.

 

[baljeet]

man i am usin genuine windows xp if u want genuine proof i can show you. i install vista but i didnt like it as it is slow than mine previous xp. so i roll back to mine xp.and thats original one if u wana proof i can send u windows genuine confirmation in mine next reply.thats come with mine laptop. you must have seen the details of log and they said the os is winxp

 

[Blind Dragon]

Download the diagnostic tool MGADiag and save it to your desktop.

* Double-click on MGADiag.exe.
* Click Run and Run again.
* Click Continue, then Copy.
* Next open Notepad, in the empty pane right click and select Paste. Save the file to your desktop so that you can attach it here

 

[baljeet]

thanks for your nice help.but there r some suspicion in my mind so i format and reinstall mine os and set bit defender and ca antispyware as mine antivirus/spyware software.and after that i didnt fount any lan connection conecting. btw im using genuine os but your utility is saying vlk blk bloked may be there is some prob in the software or anything else.
atlast ilike to thanks you again for your valueable time.and best wishes for tech spot. and you can close this thread now.
gud bye
regards
baljeet