Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wml.exe Abebot Popup And System Integrity Pop Up


  • Please log in to reply
9 replies to this topic

#1 eyshantech

eyshantech

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 16 April 2008 - 06:38 PM

I am currently running Windows XP Professional SP2

I think I have some kind of adware because sometime I would get some pop up about wml.exe about a virus call "abebot" and I did a NAV scan but the virus it found was something with a "main[1].htm" I have no idea what that means but it's quarantined and deleted. Also I sometime get a Popup that would say "system integrity scan wizard" and another pop up with a triangle exclamation mark stating that i have a virus and when i clock it's a link to some anti virus website. can someone please help me?

I just edited and add another pop up that I am getting which state something about a trojandownloader

Thank You,
V

here are some screenshot of the pop ups

Posted Image
Posted Image
Posted Image

Edited by eyshantech, 16 April 2008 - 07:00 PM.


BC AdBot (Login to Remove)

 


m

#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:09:11 AM

Posted 16 April 2008 - 06:52 PM

http://www.symantec.com/security_response/...-99&tabid=2

according to norton's you installed a bad program

Misleading Application


Chewy

No. Try not. Do... or do not. There is no try.

#3 eyshantech

eyshantech
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 16 April 2008 - 07:01 PM

I tried some of symantec removal instructions and it seem to not do the job

#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:09:11 AM

Posted 16 April 2008 - 07:38 PM

did you have an add/remove entry? in control panel
  • Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  • Double click on mbam-setup.exe to install it.
  • Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
    • Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  • Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  • Select the Scanner tab. Click on Perform quick scan, then click on Scan.
  • Leave the default options as it is and click on Start Scan.
  • When done, you will be prompted. Click OK, then click on Show Results.
  • Checked (ticked) all items and click on Remove Selected.
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

Chewy

No. Try not. Do... or do not. There is no try.

#5 eyshantech

eyshantech
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 16 April 2008 - 07:43 PM

I'm sorry but I want some help from a moderator or something because I am just more cautious now due to the fact that I got a virus Sorry.

#6 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:09:11 AM

Posted 16 April 2008 - 08:09 PM

One will be by shortly I am sure
Chewy

No. Try not. Do... or do not. There is no try.

#7 eyshantech

eyshantech
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 16 April 2008 - 08:14 PM

Hey it's okay I went through the MB software anyway because I need to get this fix it's so annoying

here's my log

Malwarebytes' Anti-Malware 1.11
Database version: 636

Scan type: Quick Scan
Objects scanned: 30491
Time elapsed: 4 minute(s), 37 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
C:\WINDOWS\system32\klobipwv.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bvyijakz (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\909\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\klobipwv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lxpkwgvc.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tfthlrvo.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\spnkfwad.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#8 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:09:11 AM

Posted 16 April 2008 - 08:39 PM

I googled some of those, we need to run a couple of other programs, you might still have to wait on an expert but as long as you follow directions exactly and don't reinfect the computer again, the steps should be safe.

Do you have any idea where you got this mess?

http://www.bleepingcomputer.com/forums/ind...st&p=798179

you can skip the first scan with Malwarebytes but run the atf cleaner and superantispyware from safe mode after downloading and updating

Maybe if we are lucky quietman will drop in and look at that scan
Chewy

No. Try not. Do... or do not. There is no try.

#9 eyshantech

eyshantech
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 19 April 2008 - 04:00 AM

yeah hopefully, I don't even know how i got in this mess it was this game I was playing and there was a forum i think the game i play was a Nitto racing game.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:11 AM

Posted 19 April 2008 - 05:18 PM

In many cases, online gaming sites are infested with a smörgåsbord of malware and an increasing source of system infection. They can lead to other sites containing more malware which you can inadvertently download without knowledge or consent. Users visiting such sites may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Gaming sites can put you at risk to fraud, phishing and theft of personal data. Even if the gaming site is a clean site, there is always the potential of some type of malware making its way there and then onto your system. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. In those cases, recovery is not possible and the only option is to reformat/reinstall the OS.

Please print out and follow the instructions for using SDFix in BC's self-help tutorial "How to use SDFix".
-- When using this tool, you must use the Administrator's account or an account with "Administrative rights"
-- Disconnect from the Internet and temporarily disable your anti-virus and any anti-malware real time protection before performing a scan.

When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt. Please copy and paste the contents of Report.txt in your next reply. Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users