Popups "Abebot" and "Trojan Warning"

Status
Not open for further replies.

cgfnp

Posts: 8   +0
I've ran spybot, spysweeper, Norton 360, and adaware 2007. So far, nothing helps.

I've ran the hijack thing, and I'll attach it.

Thanks for your help.
 
Malwarebytes' Anti-Malware

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt



Combofix
  • Download Combofix to your desktop.
  • Double click combofix.exe & follow the prompts.
  • A window will open with a warning.
  • Type "1" (and Enter) to start the fix.
  • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt
 
Step 1 done log attached

Working on second step. Thanks for you patience. I am on call for a little ER and hospital in the middle of nowhere and extra time is small and precious and usually taken by my girls.

Here's the log from step 1:

Malwarebytes' Anti-Malware 1.11
Database version: 599

Scan type: Full Scan (C:\|D:\|J:\|)
Objects scanned: 232336
Time elapsed: 2 hour(s), 22 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\Chris Gardner\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Files Infected:
C:\$Recycle.Bin\S-1-5-21-1532490775-3871460280-3544335488-1000\$RB06TJI.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1532490775-3871460280-3544335488-1000\$RD5APPC.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\hjazwqvl\permrali.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\zirqbyjy\lstkhszk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Chris Gardner\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Chris Gardner\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Chris Gardner\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Chris Gardner\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Chris Gardner\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
 
combofix link is dead

Blind Dragon said:



Combofix

  • Combofix[/URL] to your desktop.
  • Double click combofix.exe & follow the prompts.
  • A window will open with a warning.
  • Type "1" (and Enter) to start the fix.
  • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt


Problems with combofix? I'm reading some bad stuff about it too. Any other options?
 
leave combofix on the computer for now

Please download Deckard's System Scanner (DSS and save it to your Desktop.
DISCONNECT FROM THE INTERNET...REMOVE THE PLUG FROM THE BACK OF THE COMPUTER

Close all other windows before proceeding.

This means TURN OFF ALL other security programmes.
Norton Anti-virus, AVG Anti-spyware or any other security programmes you`re running.

Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please attach the main.txt and extra.txt in your next reply.

Re-enable your security programmes and reconnect to the net.
 
Blind Dragon said:
leave combofix on the computer for now

Please download Deckard's System Scanner (DSS)] and save it to your Desktop.
DISCONNECT FROM THE INTERNET...REMOVE THE PLUG FROM THE BACK OF THE COMPUTER

Close all other windows before proceeding.

This means TURN OFF ALL other security programmes.
Norton Anti-virus, AVG Anti-spyware or any other security programmes you`re running.

Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please attach the main.txt and extra.txt in your next reply.

Re-enable your security programmes and reconnect to the net.

Oh, great. What a *****. I forgot to unplug from the internet. So what did I just do? I did all the other stuff, and left my Norton firewall on, but like an *****, I forgot to unplug like you said.
 
I did it to myself, I know...

cgfnp said:
Oh, great. What a *****. I forgot to unplug from the internet. So what did I just do? I did all the other stuff, and left my Norton firewall on, but like an *****, I forgot to unplug like you said.

Can someone please tell me what happens when you download the deckard program and run it and forgot to unplug from the internet? I'm scared to death my financial data is out there now.
 
Dont worry, its just so that when you turn the antivirus off nothing bad gets on your computer, we get you to turn the antivirus off so that no programs interfere with the scan.

Your computer will be fine.
 
kritius said:
Dont worry, its just so that when you turn the antivirus off nothing bad gets on your computer, we get you to turn the antivirus off so that no programs interfere with the scan.

Your computer will be fine.

Thank you very much.
 
Status
Not open for further replies.
Back