Ask Experts Questions for FREE Help!
  Advanced
Register  |  Log in  
   Ask    
 Answer  
  Help  

Ask QuestionsprogressAnswer QuestionsprogressBuild ReputationprogressBecome an Expert
 
Free Answers in 3 Easy Steps

Register Now		 3 Steps

At Ask Me Help Desk you can ask questions in any topic and have them answered for free by our experts. To ask questions or participate in answering them you must register for a free account. By registering you will be able to:
  • Get free answers from experts in any of our 300+ topics.
  • Accept money for answers that you provide.
  • Communicate privately with other members (PM).
  • See fewer ads.

Home > Computers & Technology > Software > Security Software > Antivirus   »   Elitum.elitebar

Answer this Question Ask about Antivirus
 
Thread Tools Display Modes
Question
 
 
#1  
Old Feb 25, 2005, 01:36 AM
boud
New Member
boud is offline 		 
Join Date: Nov 2004
Posts: 4
boud See this member's comment history on his/her Profile page.
Elitum.elitebar
Hai all,

I am one of the fortune people who posess the Elitum.?Elitebar virus/trojan. It drives me nuts. Can someone help me, PLEASE?
Gr. Boud

My log of hijack is:

Logfile of HijackThis v1.99.1
Scan saved at 10:35:28, on 25-2-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\WINDOWS\system32\ANTIVIRUS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\DOCUME~1\BOUDEW~1\LOCALS~1\Temp\Tijdelijke map 3 voor hijackthis.zip\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmiracle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.headstartservice.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitesav32.exe
O4 - HKLM\..\Run: [antivirus32] ANTIVIRUS.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [antivirus32] ANTIVIRUS.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http:\\www.headstartservice.nl
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Reply With Quote
 
     

Answers
 
 
Old Feb 25, 2005, 05:15 AM   #2  
Nez
Senior Member
Nez is offline
 
Nez's Avatar
 
Join Date: Jan 2005
Location: UK
Posts: 567
Nez See this member's comment history on his/her Profile page.
Spyware
Hopefully your anti-virus spyware is up to date.Either go to http://www.download.com or http://www.majorgeeks.com and download adaware SE,Spybot search and destroy,Spyblaster,and CCleaner.Then let them scan your PC.All are freeware.

Once that is complete,let them all scan again in safe mode.Restart your PC,then while it's going through the motions,ie monitor screen goes blank,keep pressing F8 on top row of your keyboard.Look at available options and choose safe mode.Run your anti-virus software and all the others,starting with Adaware SE first,then Spybot search and destroy and finally CCleaner.Reboot PC.

All the best,
Nez.

Also try deleting the temp files in safe mode.Start->my computer.Replace the my computer name in space,and type %temp%.Then press ok.Use CCleaner on recycle bin options.

Comments on this post
SESaskDFC agrees: Good advice Nez !!
  Reply With Quote
 
     
 
 
Old Mar 12, 2005, 11:25 PM   #3  
New Member
apsuresh is offline
 
Join Date: Mar 2005
Posts: 1
apsuresh See this member's comment history on his/her Profile page.
EliteBar
I have the problem of having Elitebar on my PC which is causing a lot of difficulty in working on the PC ..anyone out there who can help ....any info received to help me get out of my present predicament would be appreciated
Regds
  Reply With Quote
 
     
 
 
Old Mar 13, 2005, 05:18 AM   #4  
Computer Expert
ScottGem is online now
 
ScottGem's Avatar
 
Join Date: Jan 2003
Location: LI, NY - USA
Posts: 26,185
ScottGem See this member's comment history on his/her Profile page.ScottGem See this member's comment history on his/her Profile page.ScottGem See this member's comment history on his/her Profile page.ScottGem See this member's comment history on his/her Profile page.ScottGem See this member's comment history on his/her Profile page.ScottGem See this member's comment history on his/her Profile page.ScottGem See this member's comment history on his/her Profile page.ScottGem See this member's comment history on his/her Profile page.ScottGem See this member's comment history on his/her Profile page.ScottGem See this member's comment history on his/her Profile page.ScottGem See this member's comment history on his/her Profile page.
Pay to call ScottGem for advice ($.75/min)
Call ScottGem via Skype™
apsuresh,

Have you run the anti-spyware utilities Nez suggested? Did you try googling the name and see if you can find removal instructions?
  Reply With Quote
 
     
 
 
Old Mar 13, 2005, 06:32 AM   #5  
Ultra Member
fredg is offline
 
Join Date: Jan 2003
Location: SouthWest Virginia
Posts: 4,634
fredg See this member's comment history on his/her Profile page.fredg See this member's comment history on his/her Profile page.fredg See this member's comment history on his/her Profile page.fredg See this member's comment history on his/her Profile page.fredg See this member's comment history on his/her Profile page.fredg See this member's comment history on his/her Profile page.
Trojan
Hi,
Nez's answer is very good. It is a re-make of my standard answer for Spyware/Advertising programs , and Trojans. These programs are available all over the net, as Nez pointed out.

Here it is in full detail:

If you think you already have Spyware/Advertising Ware in your computer, run these as follows:

http://www.security-related.com/download2.htm
Download: SpyBot Search & Destroy; 1.3
(If you use the Spyware Blaster free program, then don't set SpyBot to the Immunization feature)

AdAware at:
http://www.lavasoftusa.com
Download: AdAware_SE

CWShredder at:
http://www.intermute.com/products/cwshredder.html
(CWShredder is intended only for removal of CoolWebSearch files; placed as spyware on the harddrive). It is not a "stand alone" scan, but needs to be run. Download the free version by clicking on "Download stand alone version of CW Shredder".

All 3 of the above programs run better and much faster when run in SafeMode.

To get into SafeMode:
Re-boot the computer, and immediately after starting up, Press and hold down, F8, at top of keypad.
When the options show on the screen, use the up and down arrow keys on the keyboard to select
"Safe Mode".
Press Enter

It's best to run the AdAware scan first; 3 times; then re-boot.
Then, run the AdAware scan again 3 times; then run the SpyBot. Then, run CWShredder.
Re- Boot.
Reason for running so many times:
Some of these trojans' files can be deleted the first time; leaving some others; but on re-boot, they re-write the files that were deleted.
Running multiple times deletes most of it the first
time.

If you wish to have a great program, after you clean out Spyware/Advertising Ware:
SpyWare Blaster 3.

http://www.javacoolsoftware.com/sbdownload.html

The Spyware Blaster is one of the best at stopping Spyware from getting into the computer in the first place. It is not a scan you have to run, but protects on its own.

I seriously doubt that any Expert here has the time to go thru your HiJack This log and determine what you need to do from it.

The above free programs, suggested by Nez and myself, will do the job for you automatically. But, if you wish to analyze the HiJackLog yourself, here is a link with good instructions on how to do it (it takes a lot of time):

http://www.thespykiller.co.uk/hjttut.htm

Just for information:
If you wish to add or subtract from an Experts' reputation, or show appreciation or discontent with an answer, click on the "balance scales" icon by the Experts' name. You can then choose what you wish.

Best wishes,
fredg
Update: The Spyware Blaster now has a new version 3.3; available at the above site.
  Reply With Quote
 
     
 
 
Old Mar 13, 2005, 07:12 AM   #6  
Full Member
SESaskDFC is offline
 
Join Date: Jan 2005
Location: Saskatchewan, Canada
Posts: 214
SESaskDFC See this member's comment history on his/her Profile page.
Howdy:

After running what was suggested above, post another HJT log here.. You have some very obvious nasties on your system that HJT can repair if the others don't clean them..

Murray
  Reply With Quote
 
     
Answer this Question Ask about Antivirus

Bookmarks

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

 
Similar Sponsors




Copyright ©2003 - 2007, Ask Me Help Desk.
All times are GMT -8. The time now is 05:42 PM.