Windows XP Security Tool

By AlbertLionheart ยท 5 replies
May 9, 2011
  1. I doubt I am the only one to have found this but I am amazed at the lack of reference to it on the 'net.
    I cleared the system of this threatware by identifying the offending file (called fab.exe) and removing it. No problem - but on restarting the machine I find that no com or exe files will run at all. All I get is the Windows box Open With...
    Some windows files work but not all.
    The problem means that things like restore, msconfig, task manager all refuse to function.
    Any ideas anyone?
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Albert, I left the link for this one your last thread:

    I suspect that in your original attempt to remove this malware, you may have deleted necessary files. Try running the following, then the scans: You will need to download to a flash drive, then run on the problem computer>

    Please download and run the tool below named Rkill (courtesy of which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.scr
    • Rkill.pif
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following>>>>.

    Please download exeHelper by Raktor and save it to your desktop.
    • Double-click on or exeHelper.scr to run the fix tool.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file called exehelperlog.txt will be created and should open at the end of the scan)
    • A copy of that log will also be saved in the directory where you ran
    • Copy and paste the contents of exehelperlog.txt in your next reply.

    Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
    Then run Rkill and the exeHelper following the directions.
    Go ahead and attempt Malwarebytes after these 2 scans:

    Malwarebytes' Anti-Malware
    • Please download Malwarebytes' Anti-Malware from from HERE
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      [o] Update Malwarebytes' Anti-Malware
      [o] and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick scan, then click Scan.
      * When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach this log with your reply
      [o] If you accidentally close it, the log file is saved here and will be named like this:
      [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    We'll see how that goes. Then I'll have you run the other scans in the thread.
  3. AlbertLionheart

    AlbertLionheart TechSpot Chancellor Topic Starter Posts: 2,026

    Thanks Bobbye
    I deleted only the problem file (wab.exe) and the prefetch for it - nothing else, and when I restarted the machine I could not run any .com or .exe files.
    I was wondering if there might be a file association setting that this thing changes so that when the threatware file is remover it takes a link with it which then stops files from being run?
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    I can't do anything until I see the logs. It's like looking for a black shirt in a closet with the light off and the door closed!
  5. AlbertLionheart

    AlbertLionheart TechSpot Chancellor Topic Starter Posts: 2,026

    You won't get any logs as the corrupted system will not let me run them. See my post about this above
    I have dealt with it and I have a procedure to deal with the next one, so we can mark the thread closed.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Thank you for the update.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...