Abebot spyware

By iwantacookie ยท 10 replies
Apr 2, 2008
  1. Sorry i posted on jet's page ill make a new one i followed all of your instructions on there and am currently running the malware program, and scanning.

    Re: kritius btw

    and it is complete

    and this is the malware

    Both programs still open waiting for you to tell me what to do next

    (Moderator edit: FIVE Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)
  2. kritius

    kritius TS Guru Posts: 2,084

    redo the MBAM scan for a start and get it to remove all the bad things it found.

    And edit your post, you dont have to reply to yourself.


    You dont have a firewall or antvirus, no wonder you got infected.

    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please attach the contents of C:\vundofix.txt
    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

    Please Download VirtumundoBeGone by secured2k
    • Save the file to your desktop
    • Close all running programs (including your Internet Browser)
    • Double-click VirtumundoBeGone.exe on the desktop
    • Read the introductory information, and then click Continue
    • Click Start
    • When asked if you want to continue, click Yes to run the fix
    • Click "Save Log"

    Note: It is normal for the the fix to terminate by producing a BLUE SCREEN OF DEATH so don't be concerned when this happens. It requires you to manually reboot to restore your normal windows desktop.

    The log created by VirtumundoBeGone called VBG.TXT will be on located on your desktop. Please retain VBG.TXT.

    Empty Recycle Bin.

    Reboot and "attach" the VBG.TXT into this thread.
    Also please describe how your computer behaves at the moment.

    Please download SmitfraudFix (by S!Ri)

    Double-click SmitfraudFix.exe.
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please attach that report into your next reply.

    **If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

    Please download ONE of the following antivirus programs and install it.
    Once installed, Update it, run full system scan with it and allow it to fix up what it wants.
    Reboot if it fixed anything.

    You should get a firewall as well, either, these firewalls are all free,

    After all of these, and only after, run HijackThis again and post a fresh log.
  3. iwantacookie

    iwantacookie TS Rookie Topic Starter

    i got an error on startup and i had to turn off the firewall to play world of warcraft or it would be too slow
  4. kritius

    kritius TS Guru Posts: 2,084

    What was that error for?

    And the antivirus? I see from your screenshot you have Norton, you may as well have none. You should think about keeping the firewall on though, it is there for a reason. Did you see my edited post with all the instructions ok?
  5. iwantacookie

    iwantacookie TS Rookie Topic Starter

    i attached a picture of the error it happened on startup
    and vundofix says no problems detected

    had to reply again bec there is no option to attach in an edit

    Problem after downloading and installing one of the firewall links you gave me Comodo i got a blue screen of death that says "A problem has been detected and windows has been shut down to prevent damage to your computer"
    it has been showing up after 3 restarts already, im on my laptop now because it refuses to let me into windows.


    (Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)
    (Moderator edit2: Please do not copy and paste your logs. Instead, post them as attachments only in either .txt or .log format. To learn how to attach a log file, please see HERE.)
  6. kritius

    kritius TS Guru Posts: 2,084

    Hang tight. Ill see if someone will have a look. I have to head out now.

    If you can get logged on then
    Download and Run Malwarebytes' Anti-Malware
    Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please atach the log into your next reply.
    • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    Download and Run ComboFix
    If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    If that happened we want to know, and also what process you had to end.
  7. iwantacookie

    iwantacookie TS Rookie Topic Starter

    how can i install it if i cant log in i can only go in at safe mode and cant use internet there
    i ran the malware and it found 4 problems 2 where the Trojans i tried fixing them and still got the same error (did this on safe mode)
  8. kritius

    kritius TS Guru Posts: 2,084

    I said "if".
  9. iwantacookie

    iwantacookie TS Rookie Topic Starter

    ohhh sorry i misread thought you said if you cannot

    if you want we can do remote assistance

    More info on Blue Screen:

    Technical Information:
    **** 0x000000001 (0x00000014, 0x00000002, 0x00000000, 0x8BCABF7C)

    **** ndisuio.sys - address 8BDA8F7C base at 8BDA6000, datestamp 4549b2f2

    Getting nervous here, brand new computer

    please please say something!!!!

    i am now running that firewall program "Comodo" and it has its own scan program and the first "detection" was:
    application.win32.adware.virtumonde (id = 0x31fcc)
    Location: c:\users\moish\appdata\local\temp\removefile.bat

    Now running spybot and it has found something similar it found virtumonde.dll
    Location: c:\windows\system32\xaeuinnx.dll_old

    Well, i system restored all is okay for now...

    Seems like it is that antivirus program i tried to install it again and got the same error message i dont know if it was only me or not but i'd say to people not to get it

    (Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)
  10. momok

    momok TS Rookie Posts: 2,265

    This is a message to the original starter of the thread:
    Please understand that the helpers on this forum, as with several others on the internet, provide assistance here on a purely voluntary basis (read: work for free) and everyone here is entitled to his/her own time and life outside of these forums.

    Take note that requesting immediate help repeatedly by posting multiple replies to your own post are against the rules and policies of the forum. You are advised to cease such behaviour immediately.

    Should you require urgent assistance, please be advised to seek professional, paid-for help.

    Meanwhile please read this sticky: A message for all newcomers
  11. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Your system is crashing to protect itself, as weird as that may sound.
    SDBot infections are known to cause crashes to start with.

    However, it could be a combonation of things eating up resources till the computer crashes. My guess is that the infections coupled with the firewall, 2 anti-virus's, and tea-timer is eating way too much resources

    You should only have 1 active anti-virus
    You need to fully remove Norton OR the other Anti virus software

    Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

    Please remove one of them.

    If you do not want Norton uninstall it using the tool appropriate for your software http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

    Whatever other antivirus program you are referring to can be removed through add/remove if you wanted to keep norton

    Also Tea-timer is an excellent protector against unwanted registry changes, but it eats a lot of resources and could prevent fixes we are running from working correctly.
    Disable Teatimer
    • Right click the Spybot -SD Resident Icon located in your system tray, Select Exit Spybot - S&D Resident
    • Open Spybot S&D
    • Click on Mode at the top and make sure that Advanced is checked
    • Expand the Tools tab in the left pane
    • Single click on the Resident Icon also in the left pane
    • Uncheck Resident "TeaTimer" (Protection of over-all system settings) Active
    • Close spybot

    You need 1 active firewall and 1 active anti-virus
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...