TechSpot

Removing Abebot

By vickscc
Mar 30, 2008
  1. Can someone help me remove the virus Abebot
     
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Hi vickscc,

    Download and Install SDFix
    • Download SDFix and save it to your Desktop.
    • Double click SDFix.exe and it will extract the files to %systemdrive%
      (Drive that contains the Windows Directory, typically C:\SDFix)

    Run SDFix
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    • Attach Report.txt back here

    Malwarebytes' Anti-Malware

    • Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    This thread is for the use of vickscc only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. vickscc

    vickscc TS Rookie Topic Starter Posts: 16

    wait so i do both of these or do i just pick one
     
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    both! SDFix first from safe mode

    attach both logs back here

    This thread is for the use of vickscc only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. vickscc

    vickscc TS Rookie Topic Starter Posts: 16

    this how u do attachments
     
  6. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Yes that is correct did you run MBAM yet?
     
  7. vickscc

    vickscc TS Rookie Topic Starter Posts: 16

    im scanning it now
     
  8. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Perfect, Afterwards be sure that everything is checked, and click Remove Selected.

    Then
    Combofix
    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • Type "1" (and Enter) to start the fix.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt
     
  9. vickscc

    vickscc TS Rookie Topic Starter Posts: 16

    Here they are
     
  10. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    CFScript

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
     
  11. vickscc

    vickscc TS Rookie Topic Starter Posts: 16

    here they r
    thanks for always respondin quick and stuff// I apreciate it
     
  12. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    First, uninstall the My Web Search option from Add/Remove Programs

    1) Click on Start, Settings, Control Panel

    2) Double click on Add/Remove Programs

    3) Find "My Web Search" in the list of installed programs and click on Change/Remove to uninstall it. You may also want to uninstall any of the following items associated with FunWebProducts.

    * My Web Search (Smiley Central or FWP product as applicable)
    * My Way Speedbar (Smiley Central or other FWP as applicable)
    * My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
    * My Way Speedbar (Outlook, Outlook Express, and IncrediMail)
    * Search Assistant - My Way


    4) Reboot your Computer and run HijackThis

    5) Within HijackThis scan result put a check next to the following: Don't click fix checked yet
    *O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm021MWUS
    Close all windows except Hijackthis: Including this one

    Then you can select Fix checked

    6) Next, open My Computer, Drive C, and double-click on the Program Files folder

    7) Right-click and delete the folders for:

    *FunWebProducts
    *MyWebSearch

    ------------------------------------------------------------------------------------



    Download and Run ATF Cleaner
    Download ATF Cleaner by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it.

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    Firefox or Opera:
    Click Firefox or Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.
    ------------------------------------------------------------------------------------------

    Run Kaspersky Online AV Scanner

    Order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
    Attach the report into your next reply
    Attach a new hijackthis log ran after completing the above
     
  13. vickscc

    vickscc TS Rookie Topic Starter Posts: 16

    i cant find my web search in the list
     
  14. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    What about sub-folders within c:\program files\ FunWebProducts or MyWebSearch
     
  15. vickscc

    vickscc TS Rookie Topic Starter Posts: 16

    no its not in my program files either
     
  16. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Very good, then it must have just been a left over from it. Go ahead and proceed to ATF Cleaner and the Kaspersky scan
     
  17. vickscc

    vickscc TS Rookie Topic Starter Posts: 16

    like i did the ATF cleaner but the Firefox or Opera are not highlighted so i cant click em
     
  18. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Do you have Firefox or Opera?
     
  19. vickscc

    vickscc TS Rookie Topic Starter Posts: 16

    no i do not have either..
    do i have to download 1??
     
  20. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    You don't have to, but that is why those are greyed out, if you had firefox, then firefox would not be greyed out. I would however recommend that you use one of them, firefox is more popular, but both are more secure than Internet explorer.

    Here are 2 more secure browsers to choose from
    1)Firefox -> http://www.mozilla.com/en-US/firefox/
    2)Opera -> http://www.opera.com/
     
  21. vickscc

    vickscc TS Rookie Topic Starter Posts: 16

    here are the two things u wanted
     
  22. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    That is not a complete log from a kaspersky scan, looks like their website information?

    Number of viruses found:7
    Number of infected objects:11

    It will normally show where the infections are.

    was there more to it?
     
  23. vickscc

    vickscc TS Rookie Topic Starter Posts: 16

    here they are
     
  24. vickscc

    vickscc TS Rookie Topic Starter Posts: 16

    o my bad ima fix it i g2g now tho i have to finish it tommorow
     
  25. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    ok, if u need to just attach the part that shows what was scanned
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...