Tech Support Forum - View Single Post

**Omerr** · 07-11-2005, 11:24 AM

Hello and welcome to TSF

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option. Please do NOT change any of those settings until we finish the fixing process.

Download ETRemover. Do NOT use it now.

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (If they still exist)(You must kill them one at a time).

C:\WINDOWS\System32\sysmon32.exe

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe sysmon32.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitevju32.exe

Please remember to close all other windows, including browsers then click Fix checked.

Delete the following Files indicated in RED if they still exist:

C:\WINDOWS\System32\sysmon32.exe
C:\windows\system32\elitevju32.exe

Reboot your system in Normal Mode.

Please use Panda ActiveScan at http://www.pandasoftware.com/products/activescan. Give us the scan’s log.

Please scan again with HijackThis to get a new log.
Get HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in 'y' if you agree. The 'result.txt' file will open up in Notepad. Copy the whole result.txt log and post it in the forum. You don't need to post the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless.

Now give us a new HijackThis Analyzer log so we can make sure your system is clean.

07-11-2005, 11:24 AM	#3 (permalink)
Omerr TSF Enthusiast Join Date: Feb 2005 Location: Israel Posts: 1,032 OS: XP Proffesional	Hello and welcome to TSF Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option. Please do NOT change any of those settings until we finish the fixing process. Download ETRemover. Do NOT use it now. Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears). Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (If they still exist)(You must kill them one at a time). C:\WINDOWS\System32\sysmon32.exe Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = F2 - REG:system.ini: Shell=Explorer.exe sysmon32.exe O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitevju32.exe *Please remember to close all other windows, including browsers then click Fix checked.* Delete the following Files indicated in RED if they still exist: C:\WINDOWS\System32\sysmon32.exe C:\windows\system32\elitevju32.exe Reboot your system in Normal Mode. Please use Panda ActiveScan at http://www.pandasoftware.com/products/activescan. Give us the scan’s log. Please scan again with HijackThis to get a new log. Get HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in 'y' if you agree. The 'result.txt' file will open up in Notepad. Copy the whole result.txt log and post it in the forum. You don't need to post the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless. Now give us a new HijackThis Analyzer log so we can make sure your system is clean. __________________ I am here in order to help you.