Abebot and other malwares

By jersey8786
Apr 18, 2008
  1. Hi i just create a new thread us blind dragon said from other thread

    if did follow the instructions from the said thread and heres the my log files.

    thanks this forum really helps
  2. kritius

    kritius TS Guru Posts: 2,084

    P2P Warning!

    • IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

      LimeWire and BitLord

      Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
      Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

      I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

      References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/community/columns/protection.mspx
      See Clean/Infected P2P Programs here

      I would recommend that you uninstall LimeWire,BitLord, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

      If you wish to keep it, please do not use it until your computer is cleaned.

    Disable Teatimer
    Please disable Teatimer as it may interfere with the fix.
    • Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
    • Choose Exit Spybot S&D Resident
    • Open Spybot S&D
    • Click Mode, check Advanced Mode
    • Go To Left Panel, Click Tools, then also in left panel, click Resident
    • If your firewall raises a question, say OK
    • Uncheck the box labeled Resident Tea-Timer and OK any prompts.
    • Use File, Exit to terminate Spybot
    • Reboot your machine for the changes to take effect.
    Once your log is clean you can re-enable those settings in TeaTimer.


    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F37B045-49CD-45B0-8E72-002E4EACFF1A}]
      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C62BFA3-9FE8-4EF5-8601-0C33F6278E55}]
      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EDEDB05-DE7A-468F-A1BC-92DE688B298C}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRHaawU]
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    Please download ATF Cleaner by Atribune.

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    Fix entries using HiJackThis
    • Launch HiJackThis
    • Click the Do a system scan only button
    • Put a check next to the entries listed below
    O2 - BHO: (no name) - {3F37B045-49CD-45B0-8E72-002E4EACFF1A} - C:\WINDOWS\system32\awtuuVoL.dll (file missing)
    O2 - BHO: (no name) - {6EDEDB05-DE7A-468F-A1BC-92DE688B298C} - C:\WINDOWS\system32\khfDtrPj.dll (file missing)
    O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
    O20 - Winlogon Notify: rqRHaawU - C:\WINDOWS\

    • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
    • Click the Fix checked button and close HiJackThis
    • Reboot HijackThis if necessary

    Post a fresh HijackThis log after these steps.
  3. jersey8786

    jersey8786 TS Rookie Topic Starter

    thanks kritius i will keep posted here for some updates after i follow your instructions
  4. jersey8786

    jersey8786 TS Rookie Topic Starter

    Hi! kritius

    Sorry for a very late response got busy with other stuff but anyway i did follow your instructions and here's my log files. I'll wait for your reply. Thanks for helping ;)
    View attachment 32459 View attachment 32460
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...