Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Suspicious service "ABKR"

04 May 2012   #11
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

I "think" you may have a 'backdoor (password stealer) Trojan' ... Change ALL passwords using a known "clean" computer, not the one that you are using now!

Let's flush the DNS cache , open an 'elevated' Command prompt by right clicking and choose to run as Administrator.
Copy/paste ipconfig /flushdns press 'enter'.

Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Now,

Run a full scan with Malwarebytes' Anti-Malware:
download (free version) Malwarebytes' Anti-Malware to your desktop
Malwarebytes Special Offer!
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.


My System SpecsSystem Spec
.
05 May 2012   #12
Johnny8

MS Windows 7 Ultimate 32-bit
 
 

Quote   Quote: Originally Posted by karlsnooks View Post
Johnny,
When you say you made a scan with windows defender, would you please list the steps you took and when you performed this check/

you did declare the network as Public?

your AV is?
Well, I typed "windows defender" in start, launched the program, under scan I selected the quick scan option. So not the full scan. Yes the network is set as public, and I do not use real-time AV (never liked them), I do have Malwarebytes installed, Hitman Pro, Windows Defender. Always up to date same as everything on my system.
My System SpecsSystem Spec
05 May 2012   #13
Johnny8

MS Windows 7 Ultimate 32-bit
 
 

Quote   Quote: Originally Posted by Jacee View Post
I "think" you may have a 'backdoor (password stealer) Trojan' ... Change ALL passwords using a known "clean" computer, not the one that you are using now!

Let's flush the DNS cache , open an 'elevated' Command prompt by right clicking and choose to run as Administrator.
Copy/paste ipconfig /flushdns press 'enter'.

Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Now,

Run a full scan with Malwarebytes' Anti-Malware:
download (free version) Malwarebytes' Anti-Malware to your desktop
Malwarebytes Special Offer!
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.
I have carefully done precisely as instructed. Except I already had Malwarebytes installed, I hit update twice to make sure I had the latest version (I regularly check anyways). Here is the log mbam-log-2012-05-05 (12-37-44).txt once again everything seems fine. Sorry for the late reply, and I just want to say I really appreciate all the support I've been getting here on the forums. So thank you for your time !

EDIT: I didn't change any of my passwords though. I have never had any issues with them or my accounts, not even a hint at something suspicious. And this service ("ABKR") seems to have been disabled since always. I'm guessing I just noticed it recently but has been there since a while.

EDIT: I looked again in the temp folder to see if it's there. There is no ABKR.exe in that temp folder. Should I be enabling showing of certain files (not sure which) in folder options ?


My System SpecsSystem Spec
.

05 May 2012   #14
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

Johnny,
Do run and to learn how to run Windows Defender Offline:

Click on the WDO, Windows Defender Offline link in my signature. Use ONLY that link.
Run a full scan over all drives using Windows Defender Offline.

At that link,you will not only find the download link for WDO, but you will find instructions.
We also have a tutorial on WDO.

There is this write-up that I use:
HOW TO USE WINDOWS DEFENDER OFFLINE ON A USB STICK
Windows Defender Offline
· is a free standalone, bootable malware and virus remover from Microsoft.
· performs an offline scan of an infected PC to remove viruses, rootkits and other advanced malware.

Download Windows Defender Offline (about 764 kB)

You will have the choice of downloading the 32bit version (x86) or the 64 bit version (x64).
The link will help you determine whether you are running a 32 bit version or 64 bit version of Windows

NOTE!! You can download and prepare a 32 bit version using a 64 bit version of Windows
NOTE!! You can download and prepare a 64 bit version using a 32bit version of Windows.

You run the 32 bit version on a 32 bit version of Windows.
You run the 64 bit version on a 64 bit version of Windows.

The 32 bit download file name is: mssstool32.exe
The 64 bit download file name is: mssstool64.exe

For the curious, this program was originally name Microsoft Standalone System Sweeper.


INSTALLATION:
You will need an Internet Connection.
Insert 512 mB (Microsoft’s 256 mB is no longer accurate) or larger USB stick into a usb port.
Run the downloaded program--mssstool64.exe or mssstool32.exe
NEXT button
Choose the option On a USB flash drive that is not password protected
NEXT button
NEXT button
.
The install program will format the usb stick using the NTFS format.
The install program will download about 210 mB.
The install program will name the USB stick WDO_Media32 or WDO_Media64
The WDO_Media32 usb stick will have used space of 255 mB (268,140,544 bytes)
The WDO_Media64 usb stick will have used space of 282 mB (296,165,376 bytes)
You can expect the number of mB to increase as more malware appears.

UPDATE Windows Defender Offline USB stick:
· reinsert the usb stick
· run the installation program, mssstool64.exe or mssstool32.exe, again.
· the update will download about 66 mB (mssstool32.exe) and 68 mB (mssstool64.exe).

Since the malware database is sometimes updated several times in a day, always update before running.

PERFORM AN OFFLINE SCAN
Bootup your computer from the USB stick
Windows Defender Offline will automatically perform a quick scan.
After the quick scan finishes, Choose Full Scan
Select all of your drives

The initial, full scan can easily take several hours, but
Remember, your computer is being very thoroughly checked for all types of malware.


RESULTS OF THE SCAN
The results will be in:
\Windows\Windows Defender Offline\Support,
file name format is MPLOG- as one or more files with a TXT extension which can be viewed with Notepad.

My System SpecsSystem Spec
05 May 2012   #15
Johnny8

MS Windows 7 Ultimate 32-bit
 
 

I read through everything you said and I'm not sure I know how to fulfill this step: "Bootup your computer from the USB stick" (does it do this automatically or do I have to enter BIOS and change the boot device ? -can't really remember how all that is done). Therefore I don't think I can get started on this whole process. And two question:
1. while this is scanning can I use my computer ? I have some reading and studying to do these days.
2. can I still use the USB stick to transfer data or whatnot after this procedure ?
Thanks

EDIT: oh, and about "You can expect the number of mB to increase as more malware appears." I have a 4GB USB Stick, with probably 3.7GB of available memory, will that be enough in case things get hectic ? I really want to get things straight so I can assign a chunk of time for this whole process seeing how it might take multiple hours.
My System SpecsSystem Spec
05 May 2012   #16
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

Quote   Quote: Originally Posted by Johnny8 View Post
I read through everything you said and I'm not sure I know how to fulfill this step: "Bootup your computer from the USB stick" (does it do this automatically or do I have to enter BIOS and change the boot device ? -can't really remember how all that is done). Therefore I don't think I can get started on this whole process.
Johnny, fill in your system specs and we can advise you how to boot from a usb stick and, of course, you could read the manual for your computer.

And two question:
1. while this is scanning can I use my computer ? NO
I have some reading and studying to do these days.
2. can I still use the USB stick to transfer data or whatnot after this procedure ? YES
Thanks

EDIT: oh, and about "You can expect the number of mB to increase as more malware appears." I have a 4GB USB Stick, with probably 3.7GB of available memory, will that be enough in case things get hectic ? YES
Update your SevenForums System Specs
User CP (located on the top menu bar) |
Your Profile | Edit System Spec
(left-hand column)

To gather info, use Speccy (my favorite) or SIW or System Info

Add the word laptop or desktop or netbook to the
“system manufacturer” block, for example,
Toshiba Satellite L305D notebook.

Provide full windows version info, for example:
MS Windows 7 Ultimate SP1 64-bit

Use the “Other Info” block for Optical Reader,
Mouse, touchpad, wifi adapter, speakers, monitor, etc

Scroll down and click on SAVE CHANGES.
==========================================
My System SpecsSystem Spec
05 May 2012   #17
Johnny8

MS Windows 7 Ultimate 32-bit
 
 

I have updated my specs here on the forum using Speccy as suggested. Hopefully it's all good.
My System SpecsSystem Spec
05 May 2012   #18
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

Quote   Quote: Originally Posted by Johnny8 View Post
I have updated my specs here on the forum using Speccy as suggested. Hopefully it's all good.
Excellent.

Let us know the results of running the full scan with WDO.
My System SpecsSystem Spec
05 May 2012   #19
Johnny8

MS Windows 7 Ultimate 32-bit
 
 

Quote   Quote: Originally Posted by karlsnooks View Post
Excellent.

Let us know the results of running the full scan with WDO.
Actually, I'm still not sure of how to boot from USB Stick, can you give me a hint ? Is it BIOS ? Cause I'll just poke around there I guess, I just need to know if that's the way to do it.

EDIT: I don't have my manual around :-S


EDIT: Scratch that, I went into bios and it was friendly interfaced enough. But now my question is which one of these devices should be 1st ? USB HDD, USB FDD, USB KEY, USB CD/DVD ? These are all the options there (regarding USB).
Another question: should I create a restore point in case anything goes wrong ?
My System SpecsSystem Spec
05 May 2012   #20
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

johnny,
usb key.

Creating a restore point is unnecessary in this case.
My System SpecsSystem Spec
Reply

 Suspicious service "ABKR"




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Changing the "minimize" "maximize" and "close" buttons of a theme
Ok so I'm using a custom visual style made by another user however I don't really like the buttons used that I mentioned above. The creator states it is acceptable to change the theme to however you like as long as you don't redistribute it anywhere. Ok so I opened up the .msstyles file (using...
Customization
Need to add "TASKBARS" (MSese for "Launchpads", "Docks" NOT "Toolbars"
My office just upgraded, and I can no longer use Windows XP. On this system, I was able to add a separate taskbar to facilitate quick access to commonly-browsed folder locations on our vast network, and another one expedited the launching of useful programs and lists. Each task on each taskbar...
General Discussion
"The specified service does not exist as an installed service" problem
Hi. I am having really bad problem on my WIN 7 x32. I would appreciate some help. Here's brief description of the problem: The problem started when my mcafee anti virus removed ZEROACCESS trojans from my system. After the scan was completed, my system rebooted and I lost control of all...
General Discussion
Random "Bad Pool Header" and "System Service Exception" BSODs
I have been getting these "Bad Pool Header" and "System Service Exception" BSODs for about a day now (the "Bad Pool Header" one tends to pop up more often then the other btw). I ran a registry cleaner which didn't work and ran memtest this morning and it showed that my memory was fine. The BSODs...
BSOD Help and Support
MS Security Essentials, "certain patterns of suspicious activity"
In Microsoft Security Essentials, there is an option to "check for certain patterns of suspicious activity". What are these patterns of suspicious activity? How much does this slow down my system? How likely am I to get a false positive?
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 13:49.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App