Suspicious service "ABKR"

karlsnooks said:

johnny,
usb key.

Creating a restore point is unnecessary in this case.

Alright so I've gotten to the point where I set up USB Key as my 1st boot device, yet it doesn't seem to boot from the USB Stick. Everything is on there, and updated. Not really sure what to do now, I mean at one point after that windows 7 logo on boot it did seem to take it's while like it noticed the stick (there was a black screen for a while before the welcome screen) but nothing really happened (here I am back in windows). I must mention that my 2nd boot device was by default my optical drive.

EDIT: I didn't get any sort of prompt or hint that it was trying to boot form anything in particular.

EDIT: I am just now considering that that extended boot time might have been the quick scan ? I really don't know what kind of interface to expect. Should it be just blank doing it's thing ? Or will there be some kind of text ? Also, should I try switching the USB port ? or try another stick ?

karlsnooks said:

johnny,
one possibility is that WDO was not correctly installed on to the usb stick.

do you have another computer handy that you can use to try to boot from the stick?

Does you bios offer the opportunity for a one-time boot from a usb stick?

For example,on my Toshiba, when I power on the bios will show a note in the bottom right hand corner saying to use F12 to select a one-time boot. Then you get a small menu giving you a chance to choose the boot device.

Ok so I went back to bios, and there's no one time boot option, but apparently the device is USB HDD, I'll set that up and hopefully it will boot now. Will post the results whenever it finishes.

The USB Stick booted successfully, ran the quick scan, didn't find anything. Ran the full scan, again, all appears to be clean. I thought I should double check so I looked under the "view detected items" or what it was called (didn't pay much attention) and there was nothing. I can't find any log file though. The folder you mentioned (\Windows\Windows Defender Offline\Support) isn't there, I even ran a search for "windows defender offline" and nothing shows up.

EDIT: Did a search for MPLog and I found some .txt files under C:\Windows\Microsoft Antimalware\Support.
MPDetection-05052012-182611.log

MpCacheStats.log

MPLog-05052012-182611.log

msssWrapper.log

There is another .bin file I could not attach. I'm guessing these are the right files looking at the date.

karlsnooks said:

Johnny,
Excellent.
MS is still changing WDO on the "log" side. Thanks for the report. Later today, I'll run WDO over my system again and see what logs, if any, show up.

Also glad to hear that WDO gave you a clean bill of health as that eliminates many possibilities.

Since you've carried out all of jaycee's recommendations, then:

Is ABKR still there?

Yes ABKR still there as in the first screenshot. Still disabled. I remember getting some pretty bad malware a couple of months ago, when a room mate borrowed my USB stick without asking me. My best guess is malware remnant, even though I have no idea how these things work, like can the service be displayed there if the corresponding .exe no longer exists ?

EDIT: I just entered it's path to make sure it's not there (not sure how effective this is) into explorer and got "Windows can't find 'C:\Users\...\AppData\Local\Temp\ABKR.exe'. Check the spelling and try again"

EDIT: In any case, to my untrained eye it seems harmless, everything performs the same on my computer. Thank you very much for helping me out, if you think I should try something else, let me know.

karlsnooks said:

WIN | SERVICES.MSC | ENTER

Navigate to abkr.exe

Double-click, find anything there that you can use to rid your self of this one?

Just occurred to me. If that also references the same location and the file isn't there, then the entry is truly harmless.

did you navigate to that location and then do a DIR to see if anything is there?

Yes I've navigated to the location C:\Users\...\AppData\Local\Temp\ABKR.exe and there was NO ABKR.exe. It was the very first thing I did. And now after all that scanning I just pasted that path into explorer like I said in my previous reply, and I got "Windows can't find 'C:\Users\...\AppData\Local\Temp\ABKR.exe'. Check the spelling and try again" Also, I ran the temp cleaner Jacee told me about and indeed it cleansed that temp folder (besides whatever else it did).

About the USB I was going to say it was USB HDD I know because I boot my old PC from an external drive. Also can't you just END the process in the task manager? And if it's disabled then obviously it whatever it is, is no longer active. Most anti virus programs look for an active virus. That is trying to infect or destroy your PC.