Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Suspicious service "ABKR"

05 May 2012   #21
Johnny8

MS Windows 7 Ultimate 32-bit
 
 

Quote   Quote: Originally Posted by karlsnooks View Post
johnny,
usb key.

Creating a restore point is unnecessary in this case.
Alright so I've gotten to the point where I set up USB Key as my 1st boot device, yet it doesn't seem to boot from the USB Stick. Everything is on there, and updated. Not really sure what to do now, I mean at one point after that windows 7 logo on boot it did seem to take it's while like it noticed the stick (there was a black screen for a while before the welcome screen) but nothing really happened (here I am back in windows). I must mention that my 2nd boot device was by default my optical drive.

EDIT: I didn't get any sort of prompt or hint that it was trying to boot form anything in particular.

EDIT: I am just now considering that that extended boot time might have been the quick scan ? I really don't know what kind of interface to expect. Should it be just blank doing it's thing ? Or will there be some kind of text ? Also, should I try switching the USB port ? or try another stick ?


My System SpecsSystem Spec
.
05 May 2012   #22
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

johnny,
one possibility is that WDO was not correctly installed on to the usb stick.

do you have another computer handy that you can use to try to boot from the stick?

Does you bios offer the opportunity for a one-time boot from a usb stick?

For example,on my Toshiba, when I power on the bios will show a note in the bottom right hand corner saying to use F12 to select a one-time boot. Then you get a small menu giving you a chance to choose the boot device.
My System SpecsSystem Spec
05 May 2012   #23
Johnny8

MS Windows 7 Ultimate 32-bit
 
 

Quote   Quote: Originally Posted by karlsnooks View Post
johnny,
one possibility is that WDO was not correctly installed on to the usb stick.

do you have another computer handy that you can use to try to boot from the stick?

Does you bios offer the opportunity for a one-time boot from a usb stick?

For example,on my Toshiba, when I power on the bios will show a note in the bottom right hand corner saying to use F12 to select a one-time boot. Then you get a small menu giving you a chance to choose the boot device.
Ok so I went back to bios, and there's no one time boot option, but apparently the device is USB HDD, I'll set that up and hopefully it will boot now. Will post the results whenever it finishes.
My System SpecsSystem Spec
.

05 May 2012   #24
Johnny8

MS Windows 7 Ultimate 32-bit
 
 

The USB Stick booted successfully, ran the quick scan, didn't find anything. Ran the full scan, again, all appears to be clean. I thought I should double check so I looked under the "view detected items" or what it was called (didn't pay much attention) and there was nothing. I can't find any log file though. The folder you mentioned (\Windows\Windows Defender Offline\Support) isn't there, I even ran a search for "windows defender offline" and nothing shows up.

EDIT: Did a search for MPLog and I found some .txt files under C:\Windows\Microsoft Antimalware\Support.
MPDetection-05052012-182611.log

MpCacheStats.log

MPLog-05052012-182611.log

msssWrapper.log

There is another .bin file I could not attach. I'm guessing these are the right files looking at the date.


My System SpecsSystem Spec
05 May 2012   #25
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

Johnny,
Excellent.
MS is still changing WDO on the "log" side. Thanks for the report. Later today, I'll run WDO over my system again and see what logs, if any, show up.

Also glad to hear that WDO gave you a clean bill of health as that eliminates many possibilities.

Since you've carried out all of jaycee's recommendations, then:

Is ABKR still there?
My System SpecsSystem Spec
05 May 2012   #26
Johnny8

MS Windows 7 Ultimate 32-bit
 
 

Quote   Quote: Originally Posted by karlsnooks View Post
Johnny,
Excellent.
MS is still changing WDO on the "log" side. Thanks for the report. Later today, I'll run WDO over my system again and see what logs, if any, show up.

Also glad to hear that WDO gave you a clean bill of health as that eliminates many possibilities.

Since you've carried out all of jaycee's recommendations, then:

Is ABKR still there?
Yes ABKR still there as in the first screenshot. Still disabled. I remember getting some pretty bad malware a couple of months ago, when a room mate borrowed my USB stick without asking me. My best guess is malware remnant, even though I have no idea how these things work, like can the service be displayed there if the corresponding .exe no longer exists ?

EDIT: I just entered it's path to make sure it's not there (not sure how effective this is) into explorer and got "Windows can't find 'C:\Users\...\AppData\Local\Temp\ABKR.exe'. Check the spelling and try again"

EDIT: In any case, to my untrained eye it seems harmless, everything performs the same on my computer. Thank you very much for helping me out, if you think I should try something else, let me know.
My System SpecsSystem Spec
05 May 2012   #27
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

WIN | SERVICES.MSC | ENTER

Navigate to abkr.exe

Double-click, find anything there that you can use to rid your self of this one?

Just occurred to me. If that also references the same location and the file isn't there, then the entry is truly harmless.

did you navigate to that location and then do a DIR to see if anything is there?
My System SpecsSystem Spec
05 May 2012   #28
Johnny8

MS Windows 7 Ultimate 32-bit
 
 

Quote   Quote: Originally Posted by karlsnooks View Post
WIN | SERVICES.MSC | ENTER

Navigate to abkr.exe

Double-click, find anything there that you can use to rid your self of this one?

Just occurred to me. If that also references the same location and the file isn't there, then the entry is truly harmless.

did you navigate to that location and then do a DIR to see if anything is there?
Yes I've navigated to the location C:\Users\...\AppData\Local\Temp\ABKR.exe and there was NO ABKR.exe. It was the very first thing I did. And now after all that scanning I just pasted that path into explorer like I said in my previous reply, and I got "Windows can't find 'C:\Users\...\AppData\Local\Temp\ABKR.exe'. Check the spelling and try again" Also, I ran the temp cleaner Jacee told me about and indeed it cleansed that temp folder (besides whatever else it did).
My System SpecsSystem Spec
05 May 2012   #29
luke127

Windows 7 Home Premium 64 bit at home and Windows 7 professional at school.
 
 

About the USB I was going to say it was USB HDD I know because I boot my old PC from an external drive. Also can't you just END the process in the task manager? And if it's disabled then obviously it whatever it is, is no longer active. Most anti virus programs look for an active virus. That is trying to infect or destroy your PC.
My System SpecsSystem Spec
05 May 2012   #30
Johnny8

MS Windows 7 Ultimate 32-bit
 
 

Quote   Quote: Originally Posted by luke127 View Post
About the USB I was going to say it was USB HDD I know because I boot my old PC from an external drive. Also can't you just END the process in the task manager? And if it's disabled then obviously it whatever it is, is no longer active. Most anti virus programs look for an active virus. That is trying to infect or destroy your PC.
It doesn't appear in task manager as a process (probably doesn't even exist on the hard drive, but then again I know nothing about how malware works) but as a "stopped" service. It is also disabled in services, with no option to start it.
My System SpecsSystem Spec
Reply

 Suspicious service "ABKR"




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Changing the "minimize" "maximize" and "close" buttons of a theme
Ok so I'm using a custom visual style made by another user however I don't really like the buttons used that I mentioned above. The creator states it is acceptable to change the theme to however you like as long as you don't redistribute it anywhere. Ok so I opened up the .msstyles file (using...
Customization
Need to add "TASKBARS" (MSese for "Launchpads", "Docks" NOT "Toolbars"
My office just upgraded, and I can no longer use Windows XP. On this system, I was able to add a separate taskbar to facilitate quick access to commonly-browsed folder locations on our vast network, and another one expedited the launching of useful programs and lists. Each task on each taskbar...
General Discussion
"The specified service does not exist as an installed service" problem
Hi. I am having really bad problem on my WIN 7 x32. I would appreciate some help. Here's brief description of the problem: The problem started when my mcafee anti virus removed ZEROACCESS trojans from my system. After the scan was completed, my system rebooted and I lost control of all...
General Discussion
Random "Bad Pool Header" and "System Service Exception" BSODs
I have been getting these "Bad Pool Header" and "System Service Exception" BSODs for about a day now (the "Bad Pool Header" one tends to pop up more often then the other btw). I ran a registry cleaner which didn't work and ran memtest this morning and it showed that my memory was fine. The BSODs...
BSOD Help and Support
MS Security Essentials, "certain patterns of suspicious activity"
In Microsoft Security Essentials, there is an option to "check for certain patterns of suspicious activity". What are these patterns of suspicious activity? How much does this slow down my system? How likely am I to get a false positive?
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:51.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App