what is AB221BD2.exe ??

Status
Not open for further replies.

Dayus

Posts: 28   +0
Hi, dose anyone heard of this file ? It first showed up after the system crashed, due to heavy workload. It's apparently in C:\WINDOWS\System32\AB221BD2.exe, but when i search the system32 folder, it's no where to be found, so i can't even do a direct scan on it. (yes i have show hidden file allowed)

It shows up as a service in msconfig, and in the service control panel too. It has no description/dependencies either. I've also ran various ad-ware sniffers/spyware scanners/anti-virus progs/program pin id checkers/root-kit detectors, and non of them could see it.
 
I can find no info for the AB221BD2.exe file. Therefore, it`s likely to be a trojan/virus of some kind.

Go and read this thread HERE and post a HJT log as an attachment into this thread.

Regards Howard :)

This thread is for the use of Dayus only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Yeah i couldn't find anything on it on google either.

I hope this is correct, first time :)

Edit/ - Since it showed up after a system crash is it possible that it could be something like the windows dumprep, which also appears after system crash ?
 
Whatever that file is, it`s not showing up in your HJT log.

It`s possible you have a rootkit infection.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard :)

This thread is for the use of Dayus only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Sorry there isn't a Combofix log, as i couldn't get it to run, tried turning off firewall, anti-virus, real time monitoring programs etc and booting into safe mode, no luck.

I can't see AB221BD2.exe anywhere in those results, and yet it's still in msconfig & services list. Also i forgot to mention before that AB221BD2.exe doesn't appear in the taskmanager list either.

AVG Anti-rootkit found nothing.

Log Results:
 
All items in your AVG Antispyware log say "No Action Taken". That`s because you haven`t told AVG Antispyware to quarantine it`s results as per the instructions. See this pictorial guide.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

AB221BD2

Close the services window.

Locate and delete the following bold files and/or directories(if there).

AB221BD2.exe<Search your system for this file and delete all instances found.

Reboot into normal mode and rehide your protected OS files.

Post a fresh AVG Antispyware log as well as a fresh HJT log. Let me know how your system is running.

Regards Howard :)

This thread is for the use of Dayus only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Booted into safe mode for following actions, where applicable.*
*Set show all files and folders, including hidden and system on.

Set recommended action to quarantine automatically in AVG Anti-spyware, and turned active protection off before the scan.

Fixed results show in previous scan, new scan now yields now results, nothing found.

*Startup type for: AB221BD2.exe already set to disabled, and service is stopped.

*Did system search for: AB221BD2.exe, only items found were internet shortcut's relating to AB221BD2.exe, but no actual exe file was found.
 
Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll (file missing)

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

Click on the fix checked button.

Close HJT and reboot your system. Other than the above, your HJT log is clean.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of Dayus only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Ran HJT, with no program interference, alot of stuff disappeared from the list, but managed to fix the items you suggested.

One restore point now, others deleted.

Edit/- Forgot to ask, since no results found this AB221BD2.exe, nore anything related to it, even tho it is still in the services/msconfig services list, what could it be ?
 
Like I said earlier, the AB221BD2.exe file is most likely an unidentified trojan/worm. However, since it`s disabled and cannot be found on your system, I wouldn`t worry about.

Regards Howard :)

This thread is for the use of Dayus only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Well it's disabled in services and un-ticked in msconfig. I guess if it is a trojan/worm, and it's sophisticated enough not to show up in the folder/task-list/various scanners, but poor enough to show up in the services list, then it can't be anything that serious.

Anyway, just wanted to say thank you for all your help howard, and taking the time to post, and all the links and stuff, especially for the avg stuff, as i wasn't aware that avg had moved into anti-spyware/rootkit development, they have made a good addition to the arsenal :)

Cheers, Day.
 
Status
Not open for further replies.
Back