Author Topic: ABsunset trojan?  (Read 4307 times)

0 Members and 1 Guest are viewing this topic.

Offline magnus27

  • Newbie
  • *
  • Posts: 5
ABsunset trojan?
« on: October 04, 2018, 07:59:19 PM »
My son's computer seems to be infected with an absunset trojan, but the logs produced from the programs recommended at https://forum.avast.com/index.php?topic=194892.0 appears to be saying otherwise?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36992
Re: ABsunset trojan?
« Reply #1 on: October 04, 2018, 08:35:29 PM »
Is this what you see?



Quote
So i just started up my Acer pc and i got this message that said that Acer Portal services will cease the 30th of September This was all written in swedish and it looked really suspicious since there was only a FAQ link and a green button that said ''I succeeded!''. I decided to google it and only found weird links of either completely unrelated things or some antivirus sites that also looked equally suspicious. Tried looking it up on youtube and found nothing. I went into my taskmanager and found a program called 'aBsunset' that i could shut down, when I pressed shut down the window disappeared and nothing more has happened.

TLDR: My computer has a program called 'aBsunset' which is a popup that occurs everytime i start my pc that states that Acer portal services will cease the 30th of September. Is this a virus or legit?


From Acer
https://in.answers.acer.com/app/answers/detail/a_id/54499/~/byoc-apps-support-will-end-september-30%2C-2018

https://support.cloud.acer.com/ENG/Home/Index/4





Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 827
Re: ABsunset trojan?
« Reply #2 on: October 04, 2018, 10:56:25 PM »
I don't see malware traces in logs. Please rename FRST64.exe to uninstall.exe and run it. That should uninstall FRST.

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5417
  • Spartan Warrior
Re: ABsunset trojan?
« Reply #3 on: October 05, 2018, 08:42:53 AM »
See additional settings for system below:
Windows 10 Home 64-bit 1909 Avast Premier Security version 20.10.2442 (build 20.10.5824.618) UI version 1.0.591.

Offline magnus27

  • Newbie
  • *
  • Posts: 5
Re: ABsunset trojan?
« Reply #4 on: October 06, 2018, 10:12:14 AM »
Yes, this dialogue in badly translated Swedish (usually a telltale sign of scams) kept popping up and wouldn't go away. Checking the activity handler revealed "absunset" thread running, and we couldn't terminate it.

Googling "absunset removal" proved even worse, some sites containing malicious code appeared (didn't go in to them, but my browser warned) all of them stating "it is *very* difficult to remove manually, but downloading and running our SuperDuperMalwareRemover will solve your problem… (Nope, didn't do that either!)

Rather stupid, but after rebooting, we were able to uninstall everything "ab*" using Windows' uninstaller, and it seems there are no problems now.

I'm sorry we wasted your time, but grateful for the replies you supplied. We will now buy the professional Avast version!

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33061
  • malware fighter
Re: ABsunset trojan?
« Reply #5 on: October 06, 2018, 03:02:46 PM »
Witam magnus27,

You could try adwcleaner and see what it stumbles upon and what it resets.

pozdrawiam,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!