Abebot and other malwares

[jersey8786]

Hi i just create a new thread us blind dragon said from other thread




if did follow the instructions from the said thread and heres the my log files.

thanks this forum really helps

 

[kritius]

P2P Warning!

• IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
  
  LimeWire and BitLord
  
  Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
  Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation
  
  I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  
  References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/community/columns/protection.mspx
  http://www.techweb.com/wire/160500554
  http://www.internetworldstats.com/articles/art053.htm
  See Clean/Infected P2P Programs here
  
  I would recommend that you uninstall LimeWire,BitLord, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
  
  If you wish to keep it, please do not use it until your computer is cleaned.

Disable Teatimer
Please disable Teatimer as it may interfere with the fix.
First:

• Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
• Choose Exit Spybot S&D Resident

Second:

• Open Spybot S&D
• Click Mode, check Advanced Mode
• Go To Left Panel, Click Tools, then also in left panel, click Resident
• If your firewall raises a question, say OK
• Uncheck the box labeled Resident Tea-Timer and OK any prompts.
• Use File, Exit to terminate Spybot
• Reboot your machine for the changes to take effect.

Once your log is clean you can re-enable those settings in TeaTimer.


COMBOFIX-Script

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  

  File::
  C:\WINDOWS\BM5b613364.xml
  C:\WINDOWS\system32\qswxiobm.dll
  C:\WINDOWS\system32\khfDtrPj.dll
  C:\WINDOWS\system32\awtuuVoL.dll
  
  Registry::
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F37B045-49CD-45B0-8E72-002E4EACFF1A}]
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C62BFA3-9FE8-4EF5-8601-0C33F6278E55}]
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EDEDB05-DE7A-468F-A1BC-92DE688B298C}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "BM5b613364"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRHaawU]

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please download ATF Cleaner by Atribune.

• 
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Fix entries using HiJackThis

• Launch HiJackThis
• Click the Do a system scan only button
• Put a check next to the entries listed below

O2 - BHO: (no name) - {3F37B045-49CD-45B0-8E72-002E4EACFF1A} - C:\WINDOWS\system32\awtuuVoL.dll (file missing)
O2 - BHO: (no name) - {6EDEDB05-DE7A-468F-A1BC-92DE688B298C} - C:\WINDOWS\system32\khfDtrPj.dll (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O20 - Winlogon Notify: rqRHaawU - C:\WINDOWS\

• IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
• Click the Fix checked button and close HiJackThis
• Reboot HijackThis if necessary

Post a fresh HijackThis log after these steps.

 

[jersey8786]

thanks kritius i will keep posted here for some updates after i follow your instructions

 

[jersey8786]

Hi! kritius

Sorry for a very late response got busy with other stuff but anyway i did follow your instructions and here's my log files. I'll wait for your reply. Thanks for helping
View attachment 32459 View attachment 32460