Solved Suspicious service "ABKR"

[Johnny8]

johnny,
usb key.

Creating a restore point is unnecessary in this case.

Alright so I've gotten to the point where I set up USB Key as my 1st boot device, yet it doesn't seem to boot from the USB Stick. Everything is on there, and updated. Not really sure what to do now, I mean at one point after that windows 7 logo on boot it did seem to take it's while like it noticed the stick (there was a black screen for a while before the welcome screen) but nothing really happened (here I am back in windows). I must mention that my 2nd boot device was by default my optical drive.

EDIT: I didn't get any sort of prompt or hint that it was trying to boot form anything in particular.

EDIT: I am just now considering that that extended boot time might have been the quick scan ? I really don't know what kind of interface to expect. Should it be just blank doing it's thing ? Or will there be some kind of text ? Also, should I try switching the USB port ? or try another stick ?

 

[karlsnooks]

johnny,
one possibility is that WDO was not correctly installed on to the usb stick.

do you have another computer handy that you can use to try to boot from the stick?

Does you bios offer the opportunity for a one-time boot from a usb stick?

For example,on my Toshiba, when I power on the bios will show a note in the bottom right hand corner saying to use F12 to select a one-time boot. Then you get a small menu giving you a chance to choose the boot device.

 

[Johnny8]

johnny,
one possibility is that WDO was not correctly installed on to the usb stick.

do you have another computer handy that you can use to try to boot from the stick?

Does you bios offer the opportunity for a one-time boot from a usb stick?

For example,on my Toshiba, when I power on the bios will show a note in the bottom right hand corner saying to use F12 to select a one-time boot. Then you get a small menu giving you a chance to choose the boot device.

Ok so I went back to bios, and there's no one time boot option, but apparently the device is USB HDD, I'll set that up and hopefully it will boot now. Will post the results whenever it finishes.

 

[Johnny8]

The USB Stick booted successfully, ran the quick scan, didn't find anything. Ran the full scan, again, all appears to be clean. I thought I should double check so I looked under the "view detected items" or what it was called (didn't pay much attention) and there was nothing. I can't find any log file though. The folder you mentioned (\Windows\Windows Defender Offline\Support) isn't there, I even ran a search for "windows defender offline" and nothing shows up.

EDIT: Did a search for MPLog and I found some .txt files under C:\Windows\Microsoft Antimalware\Support.
View attachment MPDetection-05052012-182611.log

View attachment MpCacheStats.log

View attachment MPLog-05052012-182611.log

View attachment msssWrapper.log

There is another .bin file I could not attach. I'm guessing these are the right files looking at the date.

 

[karlsnooks]

Johnny,
Excellent.
MS is still changing WDO on the "log" side. Thanks for the report. Later today, I'll run WDO over my system again and see what logs, if any, show up.

Also glad to hear that WDO gave you a clean bill of health as that eliminates many possibilities.

Since you've carried out all of jaycee's recommendations, then:

Is ABKR still there?

 

[Johnny8]

Johnny,
Excellent.
MS is still changing WDO on the "log" side. Thanks for the report. Later today, I'll run WDO over my system again and see what logs, if any, show up.

Also glad to hear that WDO gave you a clean bill of health as that eliminates many possibilities.

Since you've carried out all of jaycee's recommendations, then:

Is ABKR still there?

Yes ABKR still there as in the first screenshot. Still disabled. I remember getting some pretty bad malware a couple of months ago, when a room mate borrowed my USB stick without asking me. My best guess is malware remnant, even though I have no idea how these things work, like can the service be displayed there if the corresponding .exe no longer exists ?

EDIT: I just entered it's path to make sure it's not there (not sure how effective this is) into explorer and got "Windows can't find 'C:\Users\...\AppData\Local\Temp\ABKR.exe'. Check the spelling and try again"

EDIT: In any case, to my untrained eye it seems harmless, everything performs the same on my computer. Thank you very much for helping me out, if you think I should try something else, let me know.

 

[karlsnooks]

WIN | SERVICES.MSC | ENTER

Navigate to abkr.exe

Double-click, find anything there that you can use to rid your self of this one?

Just occurred to me. If that also references the same location and the file isn't there, then the entry is truly harmless.

did you navigate to that location and then do a DIR to see if anything is there?

 

[Johnny8]

WIN | SERVICES.MSC | ENTER

Navigate to abkr.exe

Double-click, find anything there that you can use to rid your self of this one?

Just occurred to me. If that also references the same location and the file isn't there, then the entry is truly harmless.

did you navigate to that location and then do a DIR to see if anything is there?

Yes I've navigated to the location C:\Users\...\AppData\Local\Temp\ABKR.exe and there was NO ABKR.exe. It was the very first thing I did. And now after all that scanning I just pasted that path into explorer like I said in my previous reply, and I got "Windows can't find 'C:\Users\...\AppData\Local\Temp\ABKR.exe'. Check the spelling and try again" Also, I ran the temp cleaner Jacee told me about and indeed it cleansed that temp folder (besides whatever else it did).

 

[luke127]

About the USB I was going to say it was USB HDD I know because I boot my old PC from an external drive. Also can't you just END the process in the task manager? And if it's disabled then obviously it whatever it is, is no longer active. Most anti virus programs look for an active virus. That is trying to infect or destroy your PC.

 

[Johnny8]

About the USB I was going to say it was USB HDD I know because I boot my old PC from an external drive. Also can't you just END the process in the task manager? And if it's disabled then obviously it whatever it is, is no longer active. Most anti virus programs look for an active virus. That is trying to infect or destroy your PC.

It doesn't appear in task manager as a process (probably doesn't even exist on the hard drive, but then again I know nothing about how malware works) but as a "stopped" service. It is also disabled in services, with no option to start it.

 

[luke127]

Well that is interesting. I will do some research and see if I can find it will reply back with the info IF I find any.

 

[Johnny8]

Well, I'm guessing there's not much else to say on this topic (?) The only reason I haven't already marked as solved is that I was hoping maybe I would find out what was up with that service to begin with. In any case, thank you all once again for the assistance, guess my computer is clean. And I have learned a couple of things in the process too. If you do believe I should be trying anything else, please let me know.