Tech Support Forum - View Single Post

sUBs · 07-06-2005, 04:25 AM

Hi and Welcome to TSF!

Please subscribe to this thread so you'll be notified as soon as we post your fix. To do this, please click here. On the proceeding page, make sure Instant notification by email is selected, then click Add subscription.

Enable the viewing of Hidden files

Click [Start].
Open 'My Computer'.
Select the [Tools] menu and click [Folder Options].
Select the [View] tab.
Select[/color] the [Show hidden files and folders] option.
DeSelect the [Hide file extensions for known types] option.
DeSelect the [Hide protected operating system files] option.
Click [Yes] to confirm.
Click [OK].

~~~~~~~~~~~~~~~

We require some additional files/programs for this fix. Please download the following files :-
Do not run any of the files unless instructed to do so

CleanUp! - Install

Download ETRemover_v130.zip - Unzip to a new folder on Desktop.

From that folder, click on ETRemover_v130.exe
Click "About" >> "check for updates".
After it has updated itself, close that program. We'll run it later

Unplug your computer from the Internet when you have finished downloading.

~~~~~~~~~~~~~~~

Some Anti-Spyware Programmes are known to intefere with HJT fixes. If you have these programmes, please disable them by doing so ...

Search & Destroy Spybot's TeaTimer

Go to Tools>Resident - Deselect TeaTimer.

Microsoft AntiSpyware

Click on Options>Settings.
In the left pane, click on Real-time Protection.
Under Startup Options, Deselect Enable the Microsoft AntiSpyware Security Agents on startup.
Under Real-time spyware threat protection, Deselect Enable real-time spyware threat protection.
After you've done these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

Webroot SpySweeper

Go to the Options>Program Options.
Deselect Load at Windows Startup.
Click Shields and Deselect all items there.
Deselect Home page shield.
Deselect Automaticly restore default without notifiction.

Ad-aware's Ad-Watch

Right-click on the Ad-Watch icon in the system tray
At the bottom of the screen you will see 2 options Active and Automatic.
Deselect Active
Deselect Automatic
Go to "Tools & Preferences">Options
Deselectt "Load Ad-Watch at Windows startup"

~~~~~~~~~~~~~~~

Uninstall the following programs, if present, using [Control Panel]>[Add/Remove Programs] :

Elite ToolBar

~~~~~~~~~~~~~~~

Reboot to SafeMode

Shut Windows down, and then turn off the computer.
Restart the computer. The computer begins processing a set of instructions known as the Basic Input/Output System (BIOS). What is displayed depends on the BIOS manufacturer. Some computers display a progress bar that refers to the word BIOS, while others may not display any indication that this process is happening.
As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the
[Windows Advanced Options] menu appears.
Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.

~~~~~~~~~~~~~~~

Run ETRemover_v130.exe, then click the "Kill Elite Toolbar" button and wait until it finishes its work.

* Occasionally a DOS box may appear asking your permission to delete some files in temporary Windows directories. You must accept the deletion of these to be sure of properly removing the malware!

~~~~~~~~~~~~~~~

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:

Click [Options...]
Move the arrow down to [Custom CleanUp!]
Put a check next to the following:
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files
- [X]Scan local drives for temporary files (Please uncheck this option)
- Cleanup! All Users
Click [OK]
Press the [CleanUp!] button to start the program. Reboot/logoff when prompted.

* CleanUp! will delete all the files in your temp folders

~~~~~~~~~~~~~~~

Reboot to NormalMode.

I still have one question... Do you have spybot S&d installed? If not, are you aware that you have restrictions in you IE? This could be set by spybot S&d or by yourself.
If you're not aware of that, I suggest you check and fix next also in hijackthis:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Run a scan with HiJackThis & select(tick) the following & click [Fix checked] :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitehmu32.exe
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

~~~~~~~~~~~~~~~

Do an online scan at one of the following sites:

Take note the names and locations of any file it detects but fails to clean.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Reboot Again & Run a new scan with HiJackThis. Save the log file and post the contents in your next reply.

In your next post, please include:

Copy of HiJackThis log
List of files that online scans failed to disinfect

Please provide details of any problems you encountered whilst performing the above steps.

Tell me how your computer behaves now

07-06-2005, 04:25 AM	#3 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,353 OS: N/A	Hi and Welcome to TSF! Please subscribe to this thread so you'll be notified as soon as we post your fix. To do this, please click here. On the proceeding page, make sure Instant notification by email is selected, then click Add subscription. Enable the viewing of Hidden files Click [Start]. Open 'My Computer'. Select the [Tools] menu and click [Folder Options]. Select the [View] tab. Select[/color] the [Show hidden files and folders] option. DeSelect the [Hide file extensions for known types] option. DeSelect the [Hide protected operating system files] option. Click [Yes] to confirm. Click [OK]. ~~~~~~~~~~~~~~~ We require some additional files/programs for this fix. Please download the following files :- Do not run any of the files unless instructed to do so CleanUp! - Install Download ETRemover_v130.zip - Unzip to a new folder on Desktop. From that folder, click on ETRemover_v130.exe Click *"About"* >> *"check for updates". After it has updated itself, close that program. We'll run it later Unplug your computer from the Internet when you have finished downloading.* ~~~~~~~~~~~~~~~ Some Anti-Spyware Programmes are known to intefere with HJT fixes. If you have these programmes, please disable them by doing so ... Search & Destroy Spybot's TeaTimer Go to Tools>Resident - Deselect TeaTimer. Microsoft AntiSpyware Click on Options>Settings. In the left pane, click on Real-time Protection. Under Startup Options, Deselect Enable the Microsoft AntiSpyware Security Agents on startup. Under Real-time spyware threat protection, Deselect Enable real-time spyware threat protection. After you've done these, click on the Save button and close Microsoft AntiSpyware. Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware. Webroot SpySweeper Go to the Options>Program Options. Deselect Load at Windows Startup. Click Shields and Deselect all items there. Deselect Home page shield. Deselect Automaticly restore default without notifiction. Ad-aware's Ad-Watch Right-click on the Ad-Watch icon in the system tray At the bottom of the screen you will see 2 options Active and Automatic. Deselect Active Deselect Automatic Go to "Tools & Preferences">Options Deselectt "Load Ad-Watch at Windows startup" ~~~~~~~~~~~~~~~ Uninstall the following programs, if present, using [Control Panel]>[Add/Remove Programs] : Elite ToolBar ~~~~~~~~~~~~~~~ Reboot to SafeMode Shut Windows down, and then turn off the computer. Restart the computer. The computer begins processing a set of instructions known as the Basic Input/Output System (BIOS). What is displayed depends on the BIOS manufacturer. Some computers display a progress bar that refers to the word BIOS, while others may not display any indication that this process is happening. As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the [Windows Advanced Options] menu appears. Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter. ~~~~~~~~~~~~~~~ Run ETRemover_v130.exe, then click the "Kill Elite Toolbar" button and wait until it finishes its work. * Occasionally a DOS box may appear asking your permission to delete some files in temporary Windows directories. You must accept the deletion of these to be sure of properly removing the malware! ~~~~~~~~~~~~~~~ Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click [Options...] Move the arrow down to [Custom CleanUp!] Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files [X]Scan local drives for temporary files (Please uncheck this option) Cleanup! All Users Click [OK] Press the [CleanUp!] button to start the program. Reboot/logoff when prompted. * CleanUp! will delete all the files in your temp folders ~~~~~~~~~~~~~~~ Reboot to NormalMode. I still have one question... Do you have spybot S&d installed? If not, are you aware that you have restrictions in you IE? This could be set by spybot S&d or by yourself. If you're not aware of that, I suggest you check and fix next also in hijackthis: O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Run a scan with HiJackThis & select(tick) the following & click [Fix checked] : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitehmu32.exe O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - ~~~~~~~~~~~~~~~ Do an online scan at one of the following sites: Panda BitDefender Trend Micro Take note the names and locations of any file it detects but fails to clean. * Turn off the real time scanner of any existing antivirus program while performing the online scan Reboot Again & Run a new scan with HiJackThis. Save the log file and post the contents in your next reply. In your next post, please include: Copy of HiJackThis log List of files that online scans failed to disinfect Please provide details of any problems you encountered whilst performing the above steps. Tell me how your computer behaves now __________________ Question - what have you done for the community today?