Trojandownloader.xs and abebot

[miz_ii_die_iv]

Hi there,
Im new to this forum. Jusat wondering if anyone could help me.
Recently my pc has been infected with spyware or something...

My case is just like the others on here....
-Triangle with asterisk
-Pop-Up stating i have been infectd with spyware... (abebot)
-Trojandownloader.xs

I have read a couple of post and it seems there are a couple of methods to fix this, tho i am not quiet sure how to do this.... I have downloaded the following programs:

-SDFix
-SmitFraudFix
-ComboFix
HiJackThis

I have made a HJT log. below are the report.. please help.
I have only did the HJT log... also what else do i need to do

 

[miz_ii_die_iv]

BTW, i am using internet explorere not firefox...

 

[kritius]

Start using FireFox, only use Internet Explorer if you absolutely have to,

Create an uninstall list

• Launch Hijackthis
• Click the Open the Misc Tools section button
• Click the Open Uninstall Manager button.
• Click the Save list button.
• Attach this log into your next reply

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please attach the log into your next reply.
• If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Download and Install SuperAntiSpyware Free

• Launch SuperAntiSpyware
• Click Check for Updates and update to the latest definitions.
• Click Scan your Computer
  • Check all boxes in the Scan Location box.
  • Check the Complete Scan radio button.
  • Click Scanning Preferences/Control Centre button.
    • Uncheck Ignore files larger than 4MB (recommended)
    • Check Scan Alternate Data Streams.
    • Click Close.
  • Click Next
• SuperAntiSpyware will now scan your computer for infection. (This could take in excess of an hour depending on the number of files scanned)
• When finished it will present you with a summary of its findings.
• Click OK.
• The Removal Screen will open.
  • Check the items in the list to mark them for Quarantine.
  • Click Next and SAS will Quarantine them.

Please send me the log.

• Click the Preferences button.
  • Click the Statistics/Logs tab.
    • Logs are listed by date and time, click on the latest one to highlight it (at the top).
    • Click View log.
  • This will open a log page.
  • Attach the log in your next post please.

CAUTION: SuperAntiSpyware comes with a programme called Bootsafe, do not for any reason use this programme, if used on an infected computer it could render it UNBOOTABLE.

Run ComboFix and produce a log

Post all the logs back in your next reply.

 

[miz_ii_die_iv]

hi... logs are below:

what else do i need to do?


thanks in advance seems as tho im actually getting somewhere

 

[kritius]

P2P Warning!

• IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
  
  BitLord 1.1, uTorrent and LimeWire
  
  Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
  Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation
  
  I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  
  References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/community/columns/protection.mspx
  http://www.techweb.com/wire/160500554
  http://www.internetworldstats.com/articles/art053.htm
  See Clean/Infected P2P Programs here
  
  I would recommend that you uninstall LimeWire,BitLord, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
  
  If you wish to keep it, please do not use it until your computer is cleaned.

Delete bad programs

• Click Start
• Go to Control Panel
• Go to Add/Remove Programs
• Find and click Remove for the following (if present):
  
  LiveUpdate (Symantec Corporation)
  LiveUpdate (Symantec Corporation)
  Symantec AntiVirus
  

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Fix entries using HiJackThis

• Launch HiJackThis
• Click the Do a system scan only button
• Put a check next to the entries listed below

O2 - BHO: (no name) - {2D97AD74-0CBD-443C-82E7-74093471B3B7} - (no file)
O2 - BHO: (no name) - {A692062A-11A1-461B-BE98-B520F01F96FC} - C:\PROGRA~1\ADVANC~1\aKiller.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

• IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
• Click the Fix checked button and close HiJackThis
• Reboot HijackThis if necessary

COMBOFIX-Script

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  

  File::
  C:\WINDOWS\system32\xenqfepa.exe
  
  Folder::
  C:\Documents and Settings\All Users\Application Data\hglgfgni
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "bjrkhaps"=-

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

[miz_ii_die_iv]

hi there, i have remove symantec and the liveupdate i have gone to the next step to do the hijack this... but when i do a scan only it doesnt show up the files that u stated therefore i cannot check the,... this is the log... please help? do i go on with the combofix or what should i do now?

 

[kritius]

What is this?
NudgeMania.exe

Ok if you want to Norton can go back on now, or if you want an alternative,

download ONE of the following antivirus programs and install it.

• Avast:
• AVG:
• AntiVir:

Once installed, Update it, run full system scan with it and allow it to fix up what it wants.
Reboot if it fixed anything.

You should get a firewall as well, either, these firewalls are all free,

• Comodo
• Kerio
• Online Armor
• Zonealarm

Fix entries using HiJackThis

• Launch HiJackThis
• Click the Do a system scan only button
• Put a check next to the entries listed below

O4 - HKCU\..\Run: [bjrkhaps] C:\WINDOWS\system32\xenqfepa.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)

• IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
• Click the Fix checked button and close HiJackThis
• Reboot HijackThis if necessary

Then go ahead and do the combofix bit. How is the computer running?