Same problem as many

By kituli
Apr 11, 2008
  1. Abebot / TroganDownloader.XS/ Windows.wml.exe

    Please help!

    Looking at the forum a number of people have had a similar problem with this 'Abebot' threat. I keep getting pop's up warning me of a TroganDownloader.XS and threat from windows.wml.exe and from Abebot, also a small yellow trinangle in the taskbar keeps appearing linking to a site about PC spyware. Also pop up keeps appearing about critical errors to the registery (called system integrity scan)

    I have run scans of my with Norton, Windows Defender, Spysweeper and even purchased Noadware within the last three days. Their customer support is taking way to long to respond to the problems I am still having with abebot, trojanxs, and security system warning. They had me do a diagnostics log, but when they finally got back to me, over 24 hours later, with a list of the items I needed to check to fix, the "program encountered a problem and stopped working correctly". I am definitely learning lots about my computer, but I urgently need to get this issue taken care of since my e-mail is getting swamped with e-mails from sites that have tracking of similar sites I have been to.

    Anyone know how reputable or efficient noadware is? Anyone have any experience with this product/company?
  2. kituli

    kituli TS Rookie Topic Starter

    disabling real time protection

    does anyone else feel uncomfortable with the 1st step in removing spyware "disabling real time protection"? i would think it would make you more vulnerable to spyware.
  3. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Typing wml.exe in TechSpots Search yields over 100 posts.

    Here is one of the helpful replies:

    Please also try searching these, similar posts, for other tools (scanning tools) that were used

    Regarding your 2nd post:
    This is ok, do as required
    Stopping the real time protection is to avoid your security programs conflicting with the proceedures
  4. kituli

    kituli TS Rookie Topic Starter

    does the diagnostic tool matter?

    Kim, My diagnostics log is through noadware, would these same procedures described in the link in the previous post apply to my situation if I have not used highjackthis?
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Actually I'm a bit confused to what you are asking.

    Yes all your real time protection programs should be off
    Don't worry about HiJackThis anything, until the end

    By the way, I have mountains of experience, but I am not a Spyware specialist.
    I am helping you and others, because our two Spyware Specialists are presently not available.
  6. jobeard

    jobeard TS Ambassador Posts: 9,153   +598

    I'm on a laptop and the "real time protection" ate me alive, ie: kept the HD so busy
    I couldn't get anything done. Scanning the HD at every boot is excessive (IMO)
    especially where the laptop needs to conserve battery power a some hotspot.

    ergo, I've disable 'real time protection' and run a scan when I choose to.

    With a home environment of a router, good firewall and anti-virus products, the
    laptop has (thus far in 2+ years) been immune from infections. By controlling the
    firewall settings for hotspot connections, I've managed to still keep them out.

    There are 'real time scanners' that scan files as they are being opened --
    this is (again imo) the right way to implement RTS.
  7. kituli

    kituli TS Rookie Topic Starter

    Thanks for your encouragement Joe.

    I think I have actually cleared up my infections by following the steps listed on this site (makes me sound so nasty..hehe). I have gone almost 24 hours without any pop ups for abebot, trojan xs, and a security warning!

    However, I am not sure why I can no longer access craiglist from my computer. Does anyone here know if there a specific security control or something that I need to disable?
  8. jobeard

    jobeard TS Ambassador Posts: 9,153   +598

    post the actual URL you are using so we can work with it.

    the basic test is this
    1. take a given url http://[B][/B]/somelocation/somepage.html
    2. copy the portion
    3. now get a command prompt (run->cmd)
    4. test TCP for access to that domain (nslookup
    the name should return an IP address and furthermore,
    you should be able to access the host of using
    and see timing information. if all this works, then it's a browser issue, otherwise,
    we need to investigate TCP, DNS and your hosts file
  9. kituli

    kituli TS Rookie Topic Starter

    OK. I did the basic test and the site now works. It was

    Not sure why it is working now rather than before the test, but thanks.
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Run CCleaner to remove all temporary and offline files
  11. kituli

    kituli TS Rookie Topic Starter

    kim, thanks for the link to ccleaner. my laptop is not as slow now, and i am able to connect to sites i was having issues with. the problems i was having have been remedies through this forum, and would have otherwise cost me between $120-160/ hour to fix (i priced out local computer techs). i am glad to be at this forum.
  12. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Nobody has cleaned the actual infection yet, and it will come back. There is a difference between removing malware and removing symptoms. We need to see logs of what is on your computer.

    Malwarebytes' Anti-Malware

    • Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt

    Highjackthis Instructions
    • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
    • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
    • After installing, the program launches automatically, select Scan now and save a log
    • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.

  13. kituli

    kituli TS Rookie Topic Starter

    i was actually working with the customer support from the company i bought my anti-spyware from. i was in communication with them from the get -go, but they were slow to respond, which is why i sought help & confidence from this forum. finally, i was able to send them my logs, they responded with instructions, (and knock on wood) the infection has not been back. if you think i should still take precautions and download the programs you recommend, i will if they don't cost anything, and you think it won't take up too much memory. please advise.
  14. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    The choice is yours, I am sure they know what they are doing. But just for your reference all of the programs I suggest are free and are able to be removed afterwards automatically.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...