spybot can't remove win32.tiny.abk...
please help!
spybot can't remove win32.tiny.abk...
please help!
Microsoft MVP Reconnect 2018-
Windows Insider MVP 2016-2018
Microsoft Consumer Security MVP 2006-2016
I'm running into the same problem trying to clean a friend's machine. Spybot (current, stable version) find an instance after every reboot. The files is always located in /windows/system32, but the filename always is difference. It's always *.tmp.
Spybot DOES delete the file, but as I noted, it returns after reboot. So it seems as if Spybot is getting a symptom, but not the actual cause.
This is on XP32. Safe mode doesn't matter, still comes back.
Hello,
Again same question......
Which version of Spybot-S&D are you running?
Do you have the latest updates installed?
Did you tried in safe mode?
Begards
Sandra
Team Spybot
I answered all of those questions in my post.
Q: "Which version of Spybot-S&D are you running?"
Q: "Do you have the latest updates installed?"
A: "Spybot (current, stable version)"
I am running the current (as in most recent, fully up-to-date) version. Do you really DEMAND that I get numbers? I downloaded and installed it on the computer no less than 5 days ago, and have checked for and applied new updates every day before running it. Hence, "current, stable version."
Q: "Did you tried in safe mode?"
A: "Safe mode doesn't matter, still comes back."
As in, I've run it in safe mode. And as I said, Spybot deletes the file. It's not that it won't delete the file. The problem is they Spybot appears to be finding the symptom (the *.tmp file that appears after rebooting) rather than illness (whatever is generating the file).
I've uploaded the current .tmp file. It's 29 bytes, and looks like a binary of some sort.
PHP Code:
http://rapidshare.com/files/86664261/duruudpd.tmp.html
Last edited by tashi; 2008-01-26 at 05:24. Reason: Mod: coded link
I understand your frustration hadji, but getting mad won't help anyone. I am having the same problem and I am desperately in need of help.
I am running Spybot S & D 1.5.1.15 update 1/23/08.
I have tried with earlier versions and I have tried in safe mode.The files are removed by S&D, but then return after a restart, and ONLY after I enable my network connection.
The files identified in the latest version are
C:\Windows\Temp\7CF28762C38CA0D4.tmp
C:\Windows\Temp\AE8AB41F91F72503.tmp
Previous versions of S&D (1.4) also identified the following:
C:\Windows\Temp\3D6627311AA2FDBD.tmp
C:\Windows\Temp\8AF12AB59DCE7145.tmp
but these files are no longer identified by S & D as part of the Win32.tiny.abk threat, even though they appear with the other tmp files on a restart.
I was originally infected by clicking on a link sent to me in a 'spoofed' instant message in Pidgin from one of my contacts. S&D picked up on Win32.BHO.je and fixed that problem. Also, I found and deleted the following files:
C:\windlsvc.exe
C:\ducvb.exe
C:\Program Files\Helper\superfindout.dll
One other thing I have noticed is that there is constant activity on my network connection; sending & receiving, approx 5kb/s.
I received a warning from my ISP for 'unwanted activity',
which led me to believe that my machine is actively searching for other machines to infect, or I am an unwilling participant in a DDoS attack.
Please help! Thanks for any suggestions.
I had the same problem this is what cleared mine. It seems to be a hidden program but try it
Edit: Removed, no malware removal advice in this forum. Please see:
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
NOTE:We do NOT ask Users to run fixes before helpers have analyzed HJT/KAV scans
Good luck if it works pass it on
Last edited by tashi; 2008-02-14 at 17:33. Reason: removed links to tool that should be used under supervision
Ok, for anyone trying to remove this thing, I have found this on a french forum. This website has software that got rid of this, nothing else did.
Removed
Here's the link to the software, it's dos based. You have to run it in safe mode.
Removed
This is the only thing that worked.
Last edited by tashi; 2008-02-14 at 21:23. Reason: removed links
Hello.
Once again, please do not post fixes/tools in the Spybot-S&D support forums.
http://forums.spybot.info/showthread.php?t=1266
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
I have seen numorous users making their machines unstable by running tools willy nilly.
- Until a helper responds, the HJT log has not been analyzed. Please wait to be advised and don't run fixes until asked. This is especially important if your Operating System is Windows Vista!
- Please note that all instructions given are customized for that member's computer only, the tools used may cause damage if run on a computer with different infections. Your symptoms may only appear to be similar.
Best regards.
Microsoft MVP Reconnect 2018-
Windows Insider MVP 2016-2018
Microsoft Consumer Security MVP 2006-2016
[QUOTE=tashi;164504]Once again, please do not post fixes/tools in the Spybot-S&D support forums.
http://forums.spybot.info/showthread.php?t=1266
[URL="http://forums.spybot.info/showthread.php?t=288"]
Unfortunately for me, Im another statistic with this variant of win32.tiny.abk that seems to be a mass mailer. It doesn't have any obvious entry point in HJT logs and Ive exhausted all spyware (counterspy, spybot, spyware doctor) and virus (kapersky, nod32, norton 2008, panda, avg) tools in attempt to eliminate this.
This appears to be a different variant of the one detailed in january's spybot update, from what I've gathered, this variant has only existed since early this month.
Its unfortunate that this site's rules goes against the whole consensus of the internet, freedom of information. If its a legal concern, then maybe add a liability (no warranty) clause and have forum moderators proactively commenting for liability such resolutions rather than removing them.
The purpose of this forum is to identify issues and present resolutions, I think there should be serious look to Safer Networking's approach to moderation of information.
/rant -> Now I got 4 hours to format the machine, reupdate, reinstall 3rd party apps and get some sleep to get my customers machine back to them. hence why im