PDA

View Full Version : Abwiz and i386p



badgerman
2006-01-24, 05:10
I seem to be having a problem since a few days ago. Each time I scan using spybot, right near the beginning it finds 1 entry called "Abwiz" and pops up with a warning:

Spybot-S&D has detected a system service that has been identified as a threat:
Display name: i386p
Registry key: i386p
It has been shut down. You can check its status on the System Services Control Panel.

When the scan finished and I press "fix selected problems," it says that Abwiz has been fixed. The next scan, however, brought up the exact same warning, and Abwiz. This is not the first time I have been using soybot, and it never has come up with either of these two. Are these two in any way related? And what is i386p? If they are bad, how do I get rid of them? I noticed a while ago (probably since i bought my computer) that there is an "i386" folder on my hard drive, does that have anything to do with it?

Thank You

tashi
2006-01-24, 06:50
Hello badgerman. :)

Open SpyBot, check for and get any updates available.
Close all browsers, check for problems and fix everything found in red
Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except

Uncheck[ ] do not report disabled or known legitimate Items.
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.

Now select (near the top) view report.
Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report please.

If you are not using Spybot-S&D version 1.4 let me know first please.

Cheers.

badgerman
2006-01-24, 10:21
I didnt find any updates when searching for updates, and I checked that I am using version 1.4. Everything described previously happened when I did the scan. Attached is the report.

Thanks again

tashi
2006-01-24, 17:43
Hello.
I will ask Lonny to take a look at the log, meanwhile please see here:
Sun Sun Java (http://forums.spybot.info/showpost.php?p=3062&postcount=4)

You need to go to Add/Remove as instructed there and remove all old versions of Sun Java and download the latest version which is JDK 5.0 Update 6.


Cheers.

LonnyRJones
2006-01-24, 18:13
Hi badgerman,Tashi

Yes please do update that java program


Reboot into safe mode Click here if needed (http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx) For instructions.
Check for and fix any problems found with SpyBot, when thats finished do a full system scan with your antivirus program.

When done Reboot back to normal read this post and post a Hijackthis log in our malware section please., not here..
http://forums.spybot.info/showthread.php?t=288

fanatiguzz
2006-01-25, 21:06
Hello badgerman,

try this... (it's from Symantec)

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.


Disable System Restore (Windows Me/XP).
Update the virus definitions.
Run a full system scan and delete all the files detected.
Delete any values added to the registry.

For specific details on each of these steps, read the following instructions.

1. To disable System Restore (Windows Me/XP)
If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.

Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.

Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.

For instructions on how to turn off System Restore, read your Windows documentation,

Note: When you are completely finished with the removal procedure and are satisfied that the threat has been removed, reenable System Restore by following the instructions in the aforementioned documents.

badgerman
2006-01-26, 02:59
fanatiguzz's suggestions seems to have worked, spybot no longer came up with any problems (I did run it in safe mode to be sure). I posted a hjt log just to make sure there were no problems left. Thanks everyone for your help.

Oh and i just noticed, Abwiz is displayed in the lits of items that I could restore..I assume its been fixed

tashi
2006-01-26, 04:57
Hi there.

I assume its been fixed
Hi badgerman.

Just so you know for the future; :) following another member's advice when you were asked to post a log in the malware removal forum by a helper is not wise.
http://forums.spybot.info/showthread.php?t=2039

One reason Lonny asked you to read here:
Before you post a log (http://forums.spybot.info/showthread.php?t=288)

Turning off System Restore unless asked to by your helper can remove your last safe restore point.

Helpers will need to know the steps you have taken so I will post in your malware topic.

I will also ask Lonny to check your log and see if you have resolved the problem. :)

Cheers.

Graham35
2006-01-26, 16:32
I have the same problem with Abwiz i386p.
I have searched the forum for help and ended up here, I have read the posts and still not sure what I should do.
Please assist me, I am unsure of the correct procedure to follow and would appriciate some help to get rid of this.
Thanks
Regards
Graham

tashi
2006-01-26, 18:01
Hello Graham35.

Please go here and follow instructions.
Before you post a log (http://forums.spybot.info/showthread.php?t=288)

Start a topic here:
Malware Forum (http://forums.spybot.info/forumdisplay.php?f=22[/url)

Someone will then take a look at the system and advise you as soon as available to do so.

Best regards. :)