Abebot
Abebot or Backdoor.Abebot is a backdoor Trojan that is used to promote rogue anti-spyware programs like PC-Antispyware. Abebot lowers Internet security settings and installs Zlob.Trojan. Zlob.Trojan secretly runs on your computer and displays fake warning messages to trick you into purchasing rogue anti-spyware programs.
Abebot fake warning message reads:
"Warning!!!
File: C:\WINDOWS\wml.exe
Threat:Abebot
Click here to visit PC-Antispyware web site."
Once you click on the Abebot fake warning message, you'll be redirected to a rogue website that will convince you to purchase a rogue anti-spyware program. Do not provide any personal information or download any programs Abebot recommends.
File System Modifications
- The following files were created in the system:
# File Name 1 %ProgramFiles%\PC-Antispyware 2 %ProgramFiles%\PC-Antispyware\IeExtension.dll 3 %ProgramFiles%\PC-Antispyware\PC-Antispyware.exe 4 %ProgramFiles%\PC-Antispyware\PopupBlocker.dll 5 %ProgramFiles%\PC-Antispyware\Uninstall.exe 6 %UserProfile%\Application Data\PC-Antispyware 7 %UserProfile%\Application Data\PC-Antispyware\logs 8 %UserProfile%\Application Data\PC-Antispyware\startup
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\SOFTWARE\PC-AntispywareHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10F0C2A9-8E38-43e3-204D-45524C494E20}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}HKEY_LOCAL_MACHINE\SOFTWARE\PC-AntispywareHKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{10F0C2A9-8E38-43e3-204D-45524C494E20}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”PC-Antispyware” = “”C:\Program Files\PC-Antispyware\PC-Antispyware.exe” hide”HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}PC-Antispyware
how do I get the warning messages to stop poping up. I scanned my computer. Nothing found. But the trojan downloader. xs and Abebot messages keep appearing.