Abebot removal help

Status
Not open for further replies.
R

RopeWarrior

Posts: 22   +0
Can someone please help me get rid of abebot. i don't know a whole lot about this kind of thing but i've been reading around a lot and i already downloaed hijackthis. the hijackthis log is attached. thank you
 
Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please attach the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Download and Run ComboFix
  • Download this file to your desktop from either of the two below listed places :

    HERE or HERE
  • Then double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Attach that log in your next reply
WARNING: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Rename HijackThis.exe to RopeWarrior.exe by doing the following;

  • Navigate here using Windows Explorer (windows button + E) or My Computer -> Local Disk C: -> C:\Program Files\Trend Micro\HijackThis
  • Right-click on the HijackThis.exe
  • Choose from the pull-down menu; "Rename"
  • And now Rename HijackThis.exe to RopeWarrior.exe
  • When you've renamed HijackThis, open HijackThis again.
  • Take a fresh HijackThis log (click Do a system scan and save a log file)
  • Post the fresh HijackThis log here.
 
nothing is happening when i click on combofix. a green meter fills up and then a small blue screen pops up but then disappears. i don't think i did anything wrong when i downloaded it. thanks for helping me out!
 
Disconnect from the internet and disable any real time monitoring programs

: Download and Run DSS

Download Deckard's System Scanner (DSS) to your Desktop. You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<- this one will be minimized.
  • Attach Main.txt and the extra.txt in your reply.
 
i figured out what i did wrong, i hadn't downloaded it to my desktop. it's working now. should i still download DSS or just include the logs for malewarebytes and combofix?
 
i have the combofix and hijackthis logs but i can't find the malwarebytes log. i followed the search criteria you posted but there is no Application Data folder under my username
 
thank you so much. since i've run all those scans, the pop ups have stopped and the little yellow triangle telling me i was infected has gone away. but i don't know if that means it's completely fixed or not.
 
Update your Java Runtime Environment
  • First try going to Start -> Control Panel -> double click Java
  • Select the Update TAb at the top
  • Click the Check for Updates button at the bottom
  • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
  • After it installs the newest version Go back to Control Panel -> Add/remove programs
  • Uninstall any older versions of Java

If for some reason you couldn't update through the above instructions.
  • Click the following link
    Java Runtime Environment 6 Update 5
  • The 4th option down is the one you want (click Download)
  • Check the box to agree to terms of service
  • Check the box for your operating system and click 'Download selected'at the bottom
  • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
  • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder

Create an uninstall list
  • Launch Hijackthis
  • Click the Open the Misc Tools section button
  • Click the Open Uninstall Manager button.
  • Click the Save list button.
  • Copy and paste this log into your next reply


COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File::
C:\WINDOWS\system32\C7D5AA596A.sys
C:\WINDOWS\system32\hefunglo.exe

Folder::
C:\VundoFix Backups
C:\Program Files\Trend Micro
C:\Program Files\Common Files\Symantec Shared
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\vsdavqhs

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rnhrfkaq"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBsQjjg]
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScript.gif

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Fix entries using HiJackThis
  • Launch HiJackThis
  • Click the Do a system scan only button
  • Put a check next to the entries listed below
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {C5816B13-D249-4FEF-8ED0-52DB3DFBF91D} - C:\WINDOWS\system32\fccdCsqo.dll (file missing)
O4 - HKCU\..\Run: [rnhrfkaq] C:\WINDOWS\system32\hefunglo.exe
O20 - Winlogon Notify: geBsQjjg - geBsQjjg.dll (file missing)

  • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
  • Click the Fix checked button and close HiJackThis
  • Reboot HijackThis if necessary


In the next post you should include,
1) ComboFix log that is produced
2) HijackThis uninstall list
3) Fresh HijackThis scan
4) How is the computer running now
 
i got through the first three parts ok but after combofix rebooted my computer hijackthis won't work. i attached a screenshot (because I don't know how to just post the picture) of my desktop so you can see what's happening.
 
ok, i reinstalled it but the entry O4 - HKCU\..\Run: [rnhrfkaq] C:\WINDOWS\system32\hefunglo.exe isn't showing up. the other three are there but not this one
 
Thats ok, we got it with the CFScript, I only put it in there as a backup. Post the requested logs please.
 
once again, i may have messed up. since i uninstalled and reinstalled hijackthis, the uninstall list that i saved before has been deleted. is it okay to just do it again and save it?
 
ok, here are all the logs. everything seems to be running normal. i haven't experienced any of the problems i was having before (i.e. yellow spyware triangle and pop ups).
 
Delete bad programs
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    Java 2 Runtime Environment, SE v1.4.2_03
    LiveUpdate 3.2
    Viewpoint Media Player

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

ATF Cleaner

  • Download and Run ATF Cleaner
    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

    Under Main choose:

    • Windows Temp
      Current User Temp
      All Users Temp
      Temporary Internet Files
      Java Cache
      *The other boxes are optional*
      Then click the Empty Selected button.
    if you use Firefox:

    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
    if you use Opera:

    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program

Rename HijackThis.exe to RopeWarrior.exe by doing the following;

  • Navigate here using Windows Explorer (windows button + E) or My Computer -> Local Disk C: -> C:\Program Files\Trend Micro\HijackThis
  • Right-click on the HijackThis.exe
  • Choose from the pull-down menu; "Rename"
  • And now Rename HijackThis.exe to RopeWarrior.exe
  • When you've renamed HijackThis, open HijackThis again.
  • Take a fresh HijackThis log (click Do a system scan and save a log file)
  • Attach the fresh HijackThis log here.

I would like you to do an online scan so that we can what else may be in your system,
Run Kaspersky online scanner
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.
Do not go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.

Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    o Scan using the following Anti-Virus database:
    o Extended (If available, otherwise use standard)
    o Scan Options:
    o Scan Archives
    o Scan Mail Bases
  • Click OK
  • Under select a target to scan, select My Computer
  • The scan will take a while so be patient and let it run.
  • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As... button (see red arrow below)

    Kas-SaveReport-1.gif

  • In the Save as... prompt, select Desktop
  • In the File name box, name the file
  • In the Save as type prompt, select Text file (see below)

    Kas-Savetxt.gif

  • Include the report in your next post.
 
Thats ok, we got most of it with the CFScript theres nothing running at the minute,

Try this and see if it works,

Norton Removal Tool. Follow the instructions on the site.

Then continue on with the rest of the steps.
 
after performing the last couple scans, i've noticed that some web pages either aren't loading correctly or not loading at all
 
Status
Not open for further replies.

Similar threads

B
Help with PUBG Mobile Pc
Replies
0
Views
434
basitdogar
B
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
474
eriksnyman1
E
Dood123
Help login in Instagram account, says use 2FA code but have not set up 2FA for insta
Replies
0
Views
713
Dood123
Dood123

Latest posts

Back