Abebot on my PC

[theslaz1]

This is my first post here. Reason for this post is that it appears that my wife's computer has a virus or malware.

These are some of the warnings that have popped up:

-------------------------------------------------

Warning!!!
File: C:\WINDOWS\wml.exe

Threat:Abebot

Click here to visit PC-Antispyware web site..

There is also another similar one;

System Integrity Scan Wizard
Warning: Your computer may have critical errors in Windows registry and file system!

--------------------------------------------

Task manager has also been disabled as I get a dialogue box that pops up stating that "Task Manager has been disabled by the Administrator"

I am using the latest version of Kaspersky Anti Virus and the Windows firewall as my security.

I have run two online virus scans; one with Trend Micro Housecall and one with Kaspersky. The Trend Micro Housecall did complete the scan and indicated that it had found several infections; however it failed to remove them as it appeared to lockup when trying to do so. Kaspersky failed to do a complete scan as it to locked up at 55% completion.

As I type; I have the loaded Kaspersky program doing a complete scan and is at only 20% complete after two hours. Painfully slow! Will let it run it's course unless otherwise advised.

I have run Malwarebytes Anti-Malware and have used it to fix the infections it found. However; it appears the computer is still infected.

The computer is working fine; the only noticeable annoyance at this time is the Task manager. I keep reactivating it and it keeps being disabled!

I'm at your mercy.

I tried to attach the HJ fog; but for some reason I couldn't. I get a message that a pop up has been blocked.

 

[kritius]

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally attach the Report.txt back on the forum with a new HijackThis log

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Please Download VirtumundoBeGone by secured2k

• Save the file to your desktop
• Close all running programs (including your Internet Browser)
• Double-click VirtumundoBeGone.exe on the desktop
• Read the introductory information, and then click Continue
• Click Start
• When asked if you want to continue, click Yes to run the fix
• Click "Save Log"

Note: It is normal for the the fix to terminate by producing a BLUE SCREEN OF DEATH so don't be concerned when this happens. It requires you to manually reboot to restore your normal windows desktop.

The log created by VirtumundoBeGone called VBG.TXT will be on located on your desktop. Please retain VBG.TXT.

Empty Recycle Bin.

Reboot and attach the VBG.TXT into this thread.
Also please describe how your computer behaves at the moment.

Please download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please attach that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm



try these for now, use firefox as well and see if you can get an attachment put up.

 

[theslaz1]

Ran the SDFix program. Here is a copy of the report as well as a HJ log taken after the scan.

 

[kritius]

Please go to C:\Documents and Settings\Compaq_Owner\Desktop\Hijack This\HiJackThis.exe and rename HijackThis.exe to theslaz1.exe then send a shortcut to your desktop.

 

[theslaz1]

I have renamed said file! Awaiting your directions.

 

[kritius]

Run the rest of the instructions that come after SDFix. See above

 

[theslaz1]

Ran VundoFix. Nothing was found. Ran VirtumundoBeGone. Attached is the log

 

[theslaz1]

Forgot to tell you how the computer is at this moment. Appears normal. Task manger has NOT been disabled for some time now.

 

[theslaz1]

Attached are the log files for VundoFix and SmitfraudFix.

 

[kritius]

Post a fresh HJT log, myself or Blind Dragon will look at it.

 

[theslaz1]

Sorry for the delay. Had to go out and do some errands! Here is the HJ log.

 

[theslaz1]

Okay! Has someone looked at the HJ file I posted, Is there something I should be concerned about; or should I just assume everything is normal?

 

[kritius]

Sorry for the delay but this virus is everywhere,

did you set this?
O24 - Desktop Component 0: (no name) - http://www.jackfm.ca/freeloaders/freeloadersHDR4.gif

Go to add/remove programs and remove anything to do with MyWebSearch

Fix entries using HiJackThis

• Launch HiJackThis
• Click the Do a system scan only button
• Put a check next to the entries listed below

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYMGCA

• IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
• Click the Fix checked button and close HiJackThis
• Reboot HijackThis if necessary

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please attach the log into your next reply.
• If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

I would like you to do an online scan so that we can what else may be in your system,
Run Kaspersky online scanner
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.
Do not go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.

Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.

• The program will launch and then start to download the latest definition files.
• Once the scanner is installed and the definitions downloaded, click Next.
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  o Scan using the following Anti-Virus database:
  o Extended (If available, otherwise use standard)
  o Scan Options:
  o Scan Archives
  o Scan Mail Bases
• Click OK
• Under select a target to scan, select My Computer
• The scan will take a while so be patient and let it run.
• Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
• Click the Save Report As... button (see red arrow below)
  
  
  
  
  
• In the Save as... prompt, select Desktop
• In the File name box, name the file
• In the Save as type prompt, select Text file (see below)
  
  
  
  
  
• Attach the report in your next post.

Also run a fresh HJT scan and post that log.