Re: Malicious abiloader.exe from internet !?
From: Yee Seong (YeeSeong_at_discussions.microsoft.com)
Date: 02/10/05
- Next message: Sandy Mann: "Re: Is there a new Virus going around"
- Previous message: Malke: "Re: eTrust Antivirus 7.1"
- In reply to: Catamount: "Re: Malicious abiloader.exe from internet !?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 10 Feb 2005 06:15:03 -0800
I guess so... but by the way, anyone ever face this case before?
I mean this 'abiloader.exe' things, I can't find any report or discussion
regarding this from the net at all... and I don't think it is a friendly exe
file.
"Catamount" wrote:
> You can only fill so many holes in a hunk of swiss cheese.
>
> Yee Seong wrote:
>
> > Thanks! I will try on it.
> > Anyway, I am wondering why it still able to attack my PC even I already
> > installed the latest patches from microsoft windows update... ???
> >
> > "Malke" wrote:
> >
> >
> >>Yee Seong wrote:
> >>
> >>
> >>>Recently, while connected to internet, there are few times where an
> >>>unkown program file called abiloader.exe keep silently downloaded into
> >>>C:\windows folder and run in memory. It does insert a registery key
> >>>into the registry. Does anyone ever know about this program? I suspect
> >>>it is trying to download further other adware/spyware/virus from net
> >>>as well. I am currently running WinXP sp1 with latest patches (except
> >>>.Net Framework sp1).
> >>
> >>Go through these malware removal steps. It is crucial that you do
> >>everything with updated tools in Safe Mode:
> >>
> >>1) Scan in Safe Mode with current version (not earlier than 2004)
> >>antivirus using updated definitions. If you do not have a full-featured
> >>av installed (and you must get one), use TrendMicro's Sysclean as
> >>follows:
> >>
> >>TrendMicro's Sysclean is an extensive antivirus tool which has the
> >>advantage of not needing to be installed. It requires two parts - the
> >>scanning engine and the virus pattern files.
> >>
> >>1. Create a new folder on your Desktop or the C: drive named something
> >>useful like "Sysclean".
> >>2. Go here and download the two parts of the program to that folder:
> >>
> >>http://www.trendmicro.com/download/dcs.asp - Sysclean
> >>http://www.trendmicro.com/download/pattern.asp - virus pattern files
> >>
> >>The pattern files will be zipped - extract them with your unzipper (like
> >>WinZip) or if you have XP, you can just open the folder. You need to
> >>put the extracted files in the Sysclean folder you made.
> >>
> >>3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly
> >>tapping the F8 key as the computer is starting up to get to the proper
> >>menu.
> >>4. Go to the Sysclean folder you made and double-click on sysclean.com.
> >>Start the scan. After the scan is finished, look at the log. You may
> >>need to make a note of where any viruses were found if they were not
> >>able to be removed so you can manually delete them.
> >>
> >>Now get and install a full-featured av, update its definitions, and do a
> >>thorough scan in Safe Mode. Once you've done that, continue your
> >>cleaning, as follows:
> >>
> >>Before you remove malware, get LSPFix (or WinSockFix for XP which you
> >>can get from MajorGeeks) - see links below.
> >>
> >>2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
> >>programs are free, so use them both since they complement each other.
> >>There is a new version of CWShredder from Intermute. I would not
> >>install the other Intermute programs, however. Alternately, there are
> >>CoolWebSearch malware removal steps at SilentRunners.
> >>
> >>Be sure to update these programs before running, and it is a good idea
> >>to do virus/spyware scans in Safe Mode. Make sure you are able to see
> >>all hidden files and extensions (View tab in Folder Options).
> >>
> >>If the malware remains even after you used Ad-aware and Spybot, you can
> >>scan with HijackThis. HijackThis is an excellent tool to discover and
> >>disable hijackers, but it requires expert skill. See below for
> >>HijackThis links, including sites where you can post your HJT logs. A
> >>combination of HijackThis and About:Buster works well in removing the
> >>About:Blank homepage hijacker. Again, this is an expert tool and
> >>novices should get help with it.
> >>
> >>3) If you are running Windows ME or XP, you should disable/enable System
> >>Restore after the system is clean because malware will be in the
> >>Restore Points. With ME, you must disable System Restore completely.
> >>With XP, you can delete all but the most recent (presumably clean)
> >>System Restore point from the More Options section of Disk Cleanup
> >>(Run>cleanmgr).
> >>
> >>4) Make sure you've visited Windows Update and applied all security
> >>patches. Do not install driver updates from Windows Update.
> >>
> >>5) Run a firewall.
> >>
> >>Links to help with malware:
> >>
> >>Software/Methods:
> >>http://www.safer-networking.org - Spybot Search & Destroy
> >>http://www.lavasoftusa.com - Ad-aware
> >>http://www.majorgeeks.com - good download site
> >>http://www.intermute.com/spysubtract/cwshredder_download.html
> >>http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
> >>http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
> >>removing spyware
> >>http://www.spychecker.com/program/winsockxpfix.html - WinsockXPFix.exe
> >>
> >>HijackThis:
> >>http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
> >>Eshelman
> >>http://aumha.net - forums
> >>http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
> >>forum
> >>http://www.wilderssecurity.com/
> >>http://forums.tomcoyote.org/
> >>
> >>General:
> >>http://aumha.net - look under "Security" for various forums
> >>http://rgharper.mvps.org/cleanit.htm
> >>http://mvps.org/winhelp2002/unwanted.htm
> >>http://www.aumha.org/a/parasite.htm - The Parasite Fight
> >>http://www.spywarewarrior.com/rogue_anti-spyware.htm
> >>
> >>Malke
> >>--
> >>MS MVP - Windows Shell/User
> >>Elephant Boy Computers
> >>www.elephantboycomputers.com
> >>"Don't Panic!"
> >>
>
- Next message: Sandy Mann: "Re: Is there a new Virus going around"
- Previous message: Malke: "Re: eTrust Antivirus 7.1"
- In reply to: Catamount: "Re: Malicious abiloader.exe from internet !?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
