Backdoor.Abebot Removal

Status
Not open for further replies.
The symantec removal instructions arnt that great, the only way weve been able to get rid of it so far has been a CFScript, OTMoveIt2 may work as well but I havnt tried yet.

Plus its never good to disable system restore when doing a fix, especially if your going to be messing about with the registry.
 
Mbam appears to get a part of the infection, Combofix catches the majority of it without CFScript, then the CFScript finishes off the last 2 or 3 entries.

This is way easier than following that guide, plus the guide is incorrect because the names are random and they are unique to each infection. the guide will work for some but not others
 
As many users here that are complaining of this infections, I thought this would be helpful. I don't agree on the System Restore shut down-however I realize there are 2 schools of thought on that: 1. shut down as beginning or 2. shut down to drop old points when clean.

My reasoning is that many will use the SR feature and reinfect themselves! I was also hoping that an updated virus scan would be able to remove this beast. The removal seems fairly simple to me. Note that I did make it clear it may not remove other malware. But since Abebot lowers the security settings, wouldn't it be better to try and get it off ASAP?
 
I can remove it with 1 MBAM scan and 1 CFscript, so I am going to start doing that then let's refer them to the preliminary removal instructions

The removal may seem simple to you, but the fact is that every infection on here has different named files and different registry entries that aren't listed on the symantec site. A lot of users may have trouble identifying it. I dont think it is a bad idea to use this first then show us logs, but I don't want people to just do symantec removal then think they are clean

***The other problem-> 'read somebodies combofix log after they run it, there a load of files that it removes, same files on each one, so I am positive they are associated.
 
Have some pop up crap...

says a warning about "Abebot" and leads you to a website where there are multiple PC tools. Pops up and stays on top no matter what. I've found their location, but when I try to delete it says "don't have permission".

Can a guy just have panda scan it and pay the damn price and fix this crap? I really don't have time to do this as a doctor on call.

Thanks

And, as I type, another blue box that says "Trojandownloader.xs" and to remove click here...

So much for Norton 360... waste of money.
 
Please start a thread in our security section, this can be removed in your spare time fairly easily with the help of one of our helpers.

What do I want to see when helping with this infection.

A Hijackthis log, that is it. Then we will suggest what additional programs you need to remove the infection.

Highjackthis Instructions
  • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
  • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
  • After installing, the program launches automatically, select Scan now and save a log
  • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.
 
Status
Not open for further replies.

Similar threads

Bob O'Donnell
Dell's "hardware as a service" Apex expands to include analytics and data recovery
Replies
0
Views
682
Bob O'Donnell
Bob O'Donnell
midian182
Could these airtight pods be part of the post-coronavirus office?
Replies
10
Views
2K
Damocles
D
midian182
Popular VPN site cloned to spread malware
Replies
7
Views
1K
slamscaper
slamscaper

Latest posts

Back