 |
|
| Browse | Ask | Answer | Search | Join/Login |
|
|
||||
|
Elitum.elitebar Virus/Trojan problem
Hai all,
I am one of the unfortunate people who has the Elitum.Elitebar virus/trojan. It drives me nuts. Can someone help me, PLEASE? Gr. Boud My log of hijack is: Logfile of HijackThis v1.99.1 Scan saved at 10:35:28, on 25-2-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Program Files\DeskAd Service\DeskAdServ.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Program Files\DeskAd Service\DeskAdKeep.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\WINDOWS\system32\ANTIVIRUS.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Symantec Shared\NMain.exe C:\DOCUME~1\BOUDEW~1\LOCALS~1\Temp\Tijdelijke map 3 voor hijackthis.zip\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmiracle.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.headstartservice.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll O4 - HKLM\.. \Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\.. \Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\.. \Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\.. \Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\.. \Run: [nwiz] nwiz.exe /install O4 - HKLM\.. \Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\.. \Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\.. \Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\.. \Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\.. \Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe O4 - HKLM\.. \Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\.. \Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\.. \Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\.. \Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\.. \Run: [antiware] C:\windows\system32\elitesav32.exe O4 - HKLM\.. \Run: [antivirus32] ANTIVIRUS.EXE O4 - HKCU\.. \Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\.. \RunOnce: [antivirus32] ANTIVIRUS.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http:\\www.headstartservice.nl O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
||||
|
||||
|
Spyware
Hopefully your anti-virus spyware is up to date. Either go to http://www.download.com or http://www.majorgeeks.com and download Adaware SE, Spybot Search and Destroy, Spyblaster, and CCleaner. Then let them scan your PC. (All are freeware).
Once that is complete, let them all scan again in safe mode. Restart your PC, then while it's going through the motions, i.e. monitor screen goes blank, keep pressing F8 on top row of your keyboard. Look at available options and choose safe mode. Run your anti-virus software and all the others, starting with Adaware SE first,then Spybot search and destroy and finally CCleaner. Reboot PC. All the best, Nez. P.S. You can also try deleting the temp files in safe mode. Start->my computer.Replace the my computer name in space, and type %temp%. Then press OK. Use CCleaner on recycle bin options. |
||||
|
||||
|
Trojan
Hi,
Nez's answer is very good. It is a re-make of my standard answer for Spyware/Advertising programs , and Trojans. These programs are available all over the net, as Nez pointed out. Here it is in full detail: If you think you already have Spyware/Advertising Ware in your computer, run these as follows: http://www.security-related.com/download2.htm Download: SpyBot Search & Destroy; 1.3 (If you use the Spyware Blaster free program, then don't set SpyBot to the Immunization feature) AdAware at: http://www.lavasoftusa.com Download: AdAware_SE CWShredder at: http://www.intermute.com/products/cwshredder.html (CWShredder is intended only for removal of CoolWebSearch files; placed as spyware on the harddrive). It is not a "stand alone" scan, but needs to be run. Download the free version by clicking on "Download stand alone version of CW Shredder". All 3 of the above programs run better and much faster when run in SafeMode. To get into SafeMode: Re-boot the computer, and immediately after starting up, Press and hold down, F8, at top of keypad. When the options show on the screen, use the up and down arrow keys on the keyboard to select "Safe Mode". Press Enter It's best to run the AdAware scan first; 3 times; then re-boot. Then, run the AdAware scan again 3 times; then run the SpyBot. Then, run CWShredder. Re- Boot. Reason for running so many times: Some of these trojans' files can be deleted the first time; leaving some others; but on re-boot, they re-write the files that were deleted. Running multiple times deletes most of it the first Time. If you wish to have a great program, after you clean out Spyware/Advertising Ware: SpyWare Blaster 3. http://www.javacoolsoftware.com/sbdownload.html The Spyware Blaster is one of the best at stopping Spyware from getting into the computer in the first place. It is not a scan you have to run, but protects on its own. I seriously doubt that any Expert here has the time to go through your HiJack This log and determine what you need to do from it. The above free programs, suggested by Nez and myself, will do the job for you automatically. But, if you wish to analyze the HiJackLog yourself, here is a link with good instructions on how to do it (it takes a lot of time): http://www.thespykiller.co.uk/hjttut.htm Just for information: If you wish to add or subtract from an Experts' reputation, or show appreciation or discontent with an answer, click on the "balance scales" icon by the Experts' name. You can then choose what you wish. Best wishes, fredg Update: The Spyware Blaster now has a new version 3.3; available at the above site. |
||||
Not your question?
Ask your question
View similar questions
| Question Tools | Search this Question |
Add your answer here.
Check out some similar questions!
Trojan Virus?
[ 1 Answers ]
My computer has dealt with many viruses. Including Trojan, once or twice. Right now, its experiencing yet another Trojan and its acting differently this time. Its going to Ask.com w/o cause, almost like Ask.com is the root of this virus,, which actually makes sense... because the last Trojan...
Trojan Virus
[ 2 Answers ]
How do I remove the virus W.32 Silly FDC from my hard drive? I run XP Professional and Symantec. My antivirus has quarantined the virus and says that the system is safe. But every time I run a jump drive, it appears that the virus is activated and I get an autorun message. Many thanks desali
Trojan virus
[ 1 Answers ]
I have 2 trojan.byteverify and I can't get them off. I have vista home premium if anyone could help me I would really be thankful
Trojan virus
[ 2 Answers ]
I have had my computer for 3 weeks and am just learning, I have now got a trojan virus is there any simple way to get rid of this, please help,
Virus/trojan problem
[ 10 Answers ]
Hi , Got a problem getting rid of Elitum.EliteBar I've got the removal tool ran it in safe turned of system restore Ran ccleaner and window washer but it keeps regenarating itself Spybot s&d found it I saw the manual removal instructions but they aren't very clear Any ideas how to purge...
View more questions Search
|
