Re: Malicious abiloader.exe from internet !?
From: Catamount (Nope_at_notgonnaspam.me)
Date: 02/09/05
- Next message: Catamount: "Re: Microsoft Buy Sybari!"
- Previous message: fellow traveler: "Re: sorry"
- In reply to: Yee Seong: "Re: Malicious abiloader.exe from internet !?"
- Next in thread: Yee Seong: "Re: Malicious abiloader.exe from internet !?"
- Reply: Yee Seong: "Re: Malicious abiloader.exe from internet !?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 09 Feb 2005 12:52:29 -0500
You can only fill so many holes in a hunk of swiss cheese.
Yee Seong wrote:
> Thanks! I will try on it.
> Anyway, I am wondering why it still able to attack my PC even I already
> installed the latest patches from microsoft windows update... ???
>
> "Malke" wrote:
>
>
>>Yee Seong wrote:
>>
>>
>>>Recently, while connected to internet, there are few times where an
>>>unkown program file called abiloader.exe keep silently downloaded into
>>>C:\windows folder and run in memory. It does insert a registery key
>>>into the registry. Does anyone ever know about this program? I suspect
>>>it is trying to download further other adware/spyware/virus from net
>>>as well. I am currently running WinXP sp1 with latest patches (except
>>>.Net Framework sp1).
>>
>>Go through these malware removal steps. It is crucial that you do
>>everything with updated tools in Safe Mode:
>>
>>1) Scan in Safe Mode with current version (not earlier than 2004)
>>antivirus using updated definitions. If you do not have a full-featured
>>av installed (and you must get one), use TrendMicro's Sysclean as
>>follows:
>>
>>TrendMicro's Sysclean is an extensive antivirus tool which has the
>>advantage of not needing to be installed. It requires two parts - the
>>scanning engine and the virus pattern files.
>>
>>1. Create a new folder on your Desktop or the C: drive named something
>>useful like "Sysclean".
>>2. Go here and download the two parts of the program to that folder:
>>
>>http://www.trendmicro.com/download/dcs.asp - Sysclean
>>http://www.trendmicro.com/download/pattern.asp - virus pattern files
>>
>>The pattern files will be zipped - extract them with your unzipper (like
>>WinZip) or if you have XP, you can just open the folder. You need to
>>put the extracted files in the Sysclean folder you made.
>>
>>3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly
>>tapping the F8 key as the computer is starting up to get to the proper
>>menu.
>>4. Go to the Sysclean folder you made and double-click on sysclean.com.
>>Start the scan. After the scan is finished, look at the log. You may
>>need to make a note of where any viruses were found if they were not
>>able to be removed so you can manually delete them.
>>
>>Now get and install a full-featured av, update its definitions, and do a
>>thorough scan in Safe Mode. Once you've done that, continue your
>>cleaning, as follows:
>>
>>Before you remove malware, get LSPFix (or WinSockFix for XP which you
>>can get from MajorGeeks) - see links below.
>>
>>2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
>>programs are free, so use them both since they complement each other.
>>There is a new version of CWShredder from Intermute. I would not
>>install the other Intermute programs, however. Alternately, there are
>>CoolWebSearch malware removal steps at SilentRunners.
>>
>>Be sure to update these programs before running, and it is a good idea
>>to do virus/spyware scans in Safe Mode. Make sure you are able to see
>>all hidden files and extensions (View tab in Folder Options).
>>
>>If the malware remains even after you used Ad-aware and Spybot, you can
>>scan with HijackThis. HijackThis is an excellent tool to discover and
>>disable hijackers, but it requires expert skill. See below for
>>HijackThis links, including sites where you can post your HJT logs. A
>>combination of HijackThis and About:Buster works well in removing the
>>About:Blank homepage hijacker. Again, this is an expert tool and
>>novices should get help with it.
>>
>>3) If you are running Windows ME or XP, you should disable/enable System
>>Restore after the system is clean because malware will be in the
>>Restore Points. With ME, you must disable System Restore completely.
>>With XP, you can delete all but the most recent (presumably clean)
>>System Restore point from the More Options section of Disk Cleanup
>>(Run>cleanmgr).
>>
>>4) Make sure you've visited Windows Update and applied all security
>>patches. Do not install driver updates from Windows Update.
>>
>>5) Run a firewall.
>>
>>Links to help with malware:
>>
>>Software/Methods:
>>http://www.safer-networking.org - Spybot Search & Destroy
>>http://www.lavasoftusa.com - Ad-aware
>>http://www.majorgeeks.com - good download site
>>http://www.intermute.com/spysubtract/cwshredder_download.html
>>http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
>>http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
>>removing spyware
>>http://www.spychecker.com/program/winsockxpfix.html - WinsockXPFix.exe
>>
>>HijackThis:
>>http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
>>Eshelman
>>http://aumha.net - forums
>>http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
>>forum
>>http://www.wilderssecurity.com/
>>http://forums.tomcoyote.org/
>>
>>General:
>>http://aumha.net - look under "Security" for various forums
>>http://rgharper.mvps.org/cleanit.htm
>>http://mvps.org/winhelp2002/unwanted.htm
>>http://www.aumha.org/a/parasite.htm - The Parasite Fight
>>http://www.spywarewarrior.com/rogue_anti-spyware.htm
>>
>>Malke
>>--
>>MS MVP - Windows Shell/User
>>Elephant Boy Computers
>>www.elephantboycomputers.com
>>"Don't Panic!"
>>
- Next message: Catamount: "Re: Microsoft Buy Sybari!"
- Previous message: fellow traveler: "Re: sorry"
- In reply to: Yee Seong: "Re: Malicious abiloader.exe from internet !?"
- Next in thread: Yee Seong: "Re: Malicious abiloader.exe from internet !?"
- Reply: Yee Seong: "Re: Malicious abiloader.exe from internet !?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
