Same Abebot Trojan downloader. xs problem

By carolnewbee
Apr 2, 2008
  1. As usual I started off on the wrong foot. I put my post as a reply in wannabees post. See Abebot, trojans, need help in security and the web (yesterday).
    Duh to me! LOL Sorry for the confusion this has caused.
    Anyways, it won't let me post the same file again. I have done the sdfix. Here is the report file. Now what's next?

    Hi All,
    I've been struggling here all day with these warning messages! I was sure glad to come across this forum and hopefully I can get some help. I'm REALLY green at all this. Hopefully I will figure out how to attach the Hijack file. I'll be working on the rest of the instructions after I post this. Thanks for any help/guidance you can give.
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Hi carolnewbee,

    Welcome to techspot, it's no big deal as you have a thread just for you now. As of right now I am subscribed to the thread and will get email notification of your replies. With that being said try to only post 1 time between responses as I am receiving over 100 emails a day from this site.

    You can go to Edit Profile on the left side of the blue bar above

    Then go down to the bottom of the left panel to Attachments

    Remove all attachments there, then comeback and attach Hijackthis

    Step 1
    Highjackthis Instructions
    • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
    • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
    • After installing, the program launches automatically, select Scan now and save a log
    • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.

    Step 2
    Malwarebytes' Anti-Malware

    • Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    Step 3
    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • Type "1" (and Enter) to start the fix.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt

    This thread is for the use of carolnewbee only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. carolnewbee

    carolnewbee TS Rookie Topic Starter

    Things seem the same...nothing's been found

    Here are the VundoFix and VirtumundoBeGone logs. Nothing has been found. Still getting the security warnings..trojan downloader.xs and

    File: C:\\Windows\wml.exe

    Threat:Abebot...blah blah blah etc.

    I had manually gone to the registry and got the task manager enabled earlier in the day when I first realized it wasn't working.

    Other than this stuff, computer acts normal. Oops! Besides the fact that just now I got an Internet Explorer has an error and needs to close. (but it didn't) Go figure!

    Should I go on to SmithfraudFix?
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Please see my above post and follow it in order then post the requested logs
  5. carolnewbee

    carolnewbee TS Rookie Topic Starter

    Here are the after log files. The warnings seem to be gone. The only problem the computer seems to have right now is an error from Internet explorer that it has to close when I attach files to this post. Also I can't seem to get the before files to upload. It says it's in progress but nothing happens. This is my 2nd try so we'll see if I can get it done. I may have to try to get the mbam log and the before HJL file on my next post.
  6. carolnewbee

    carolnewbee TS Rookie Topic Starter

    This is the HJL from before I ran the Malwarebyte' Anti-Malware and the Combofix.
    Thanks again for all your help!
  7. scrounger

    scrounger TS Rookie

    This is my first post but it is the same as Carolnewbee. I have followed your instructions regarding highjackthis and have attached my log. Hope you find it helpful. I am excited that there is a forum like this to inquire about things like this.

    Kindest regards

  8. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Hi greg,

    Welcome to techspot. This thread is for the use of carolnewbee only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.


    Ok carolnewbee,

    Can you please download and use ->
    Just click the big green download button. It is a more secure browser than Internet explorer. It should fix your problem as well

    Step 1

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.


    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.


    Step 2
    Download and Run ATF Cleaner
    Download ATF Cleaner by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it.

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    Firefox or Opera:
    Click Firefox or Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Step 3
    Run Kaspersky Online AV Scanner

    Order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
    Attach the report into your next reply

    So in your next reply attach:
    2)Hijackthis.log ran after cfscript
    3)Kaspersky log

    This thread is for the use of carolnewbee only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  9. Ayoola

    Ayoola TS Rookie


    I believe that i have this spyware in my PC
  10. carolnewbee

    carolnewbee TS Rookie Topic Starter

    You need to open a new thread in the security / web forum. That way they will help you with your problem. Otherwise they may not find your post here.
    Good Luck to you!
  11. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    click on the above link then select "new thread" post your symptoms and we will help you there.

    The instructions in this thread were specific for the original thread starter.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...