Same problem as many

Status
Not open for further replies.

kituli

Posts: 7   +0
Abebot / TroganDownloader.XS/ Windows.wml.exe

Please help!

Looking at the forum a number of people have had a similar problem with this 'Abebot' threat. I keep getting pop's up warning me of a TroganDownloader.XS and threat from windows.wml.exe and from Abebot, also a small yellow trinangle in the taskbar keeps appearing linking to a site about PC spyware. Also pop up keeps appearing about critical errors to the registery (called system integrity scan)

I have run scans of my with Norton, Windows Defender, Spysweeper and even purchased Noadware within the last three days. Their customer support is taking way to long to respond to the problems I am still having with abebot, trojanxs, and security system warning. They had me do a diagnostics log, but when they finally got back to me, over 24 hours later, with a list of the items I needed to check to fix, the "program encountered a problem and stopped working correctly". I am definitely learning lots about my computer, but I urgently need to get this issue taken care of since my e-mail is getting swamped with e-mails from sites that have tracking of similar sites I have been to.

Anyone know how reputable or efficient noadware is? Anyone have any experience with this product/company?
 
disabling real time protection

does anyone else feel uncomfortable with the 1st step in removing spyware "disabling real time protection"? i would think it would make you more vulnerable to spyware.
 
Typing wml.exe in TechSpots Search yields over 100 posts.

Here is one of the helpful replies: https://www.techspot.com/vb/post603705-14.html

Please also try searching these, similar posts, for other tools (scanning tools) that were used

Regarding your 2nd post:
This is ok, do as required
Stopping the real time protection is to avoid your security programs conflicting with the proceedures
 
does the diagnostic tool matter?

Kim, My diagnostics log is through noadware, would these same procedures described in the link in the previous post apply to my situation if I have not used highjackthis?
 
Actually I'm a bit confused to what you are asking.

Yes all your real time protection programs should be off
Don't worry about HiJackThis anything, until the end

By the way, I have mountains of experience, but I am not a Spyware specialist.
I am helping you and others, because our two Spyware Specialists are presently not available.
 
kituli said:
does anyone else feel uncomfortable with the 1st step in removing spyware "disabling real time protection"? i would think it would make you more vulnerable to spyware.
I'm on a laptop and the "real time protection" ate me alive, ie: kept the HD so busy
I couldn't get anything done. Scanning the HD at every boot is excessive (IMO)
especially where the laptop needs to conserve battery power a some hotspot.

ergo, I've disable 'real time protection' and run a scan when I choose to.

With a home environment of a router, good firewall and anti-virus products, the
laptop has (thus far in 2+ years) been immune from infections. By controlling the
firewall settings for hotspot connections, I've managed to still keep them out.

There are 'real time scanners' that scan files as they are being opened --
this is (again imo) the right way to implement RTS.
 
Thanks for your encouragement Joe.

I think I have actually cleared up my infections by following the steps listed on this site (makes me sound so nasty..hehe). I have gone almost 24 hours without any pop ups for abebot, trojan xs, and a security warning!

However, I am not sure why I can no longer access craiglist from my computer. Does anyone here know if there a specific security control or something that I need to disable?
 
post the actual URL you are using so we can work with it.

the basic test is this
  1. take a given url http://[B]some.domain.com[/B]/somelocation/somepage.html
  2. copy the some.domain.com portion
  3. now get a command prompt (run->cmd)
  4. test TCP for access to that domain (nslookup some.domain.com)
the name some.domain.com should return an IP address and furthermore,
you should be able to access the host of some.domain.com using
ping some.domain.com
and see timing information. if all this works, then it's a browser issue, otherwise,
we need to investigate TCP, DNS and your hosts file
 
kim, thanks for the link to ccleaner. my laptop is not as slow now, and i am able to connect to sites i was having issues with. the problems i was having have been remedies through this forum, and would have otherwise cost me between $120-160/ hour to fix (i priced out local computer techs). i am glad to be at this forum.
 
Nobody has cleaned the actual infection yet, and it will come back. There is a difference between removing malware and removing symptoms. We need to see logs of what is on your computer.

Malwarebytes' Anti-Malware

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt



Combofix
  • Download Combofix to your desktop.
  • Double click combofix.exe & follow the prompts.
  • A window will open with a warning.
  • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt



Highjackthis Instructions
  • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
  • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
  • After installing, the program launches automatically, select Scan now and save a log
  • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.


ATTACH THE 3 LOGS FROM THE ABOVE HERE
 
i was actually working with the customer support from the company i bought my anti-spyware from. i was in communication with them from the get -go, but they were slow to respond, which is why i sought help & confidence from this forum. finally, i was able to send them my logs, they responded with instructions, (and knock on wood) the infection has not been back. if you think i should still take precautions and download the programs you recommend, i will if they don't cost anything, and you think it won't take up too much memory. please advise.
 
The choice is yours, I am sure they know what they are doing. But just for your reference all of the programs I suggest are free and are able to be removed afterwards automatically.
 
Status
Not open for further replies.
Back