Elitum DyFuca n-Case

[A]

pc is running very slow, and acts up...
I've followed all the previous threads advice and I still cannot get rid of
these spywares.
spybot says it will remove them at next start up but they seem to slow the
spybot down and will not remove when spybot eventually stops.
I have no experience of hijack this so if any further advise appreciated the
pc is just about unuseable I believe the spywares will slow everything down
but my pc is just about unuseable.

 

[David H. Lipman]

From: "A" <[email protected]>

| pc is running very slow, and acts up...
| I've followed all the previous threads advice and I still cannot get rid of
| these spywares.
| spybot says it will remove them at next start up but they seem to slow the
| spybot down and will not remove when spybot eventually stops.
| I have no experience of hijack this so if any further advise appreciated the
| pc is just about unuseable I believe the spywares will slow everything down
| but my pc is just about unuseable.
|


Dump the contents of the IE Temporary Internet Folder cache (TIF)

start --> settings --> control panel --> internet options --> delete files

1) Download the following four items...

McAfee Stinger
http://vil.nai.com/vil/stinger/

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt488.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM .

2) Update Ad-aware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode [F8 key during boot]
and shutdown as many applications as possible.
5) Using Trend Sysclean, Stinger and Ad-aware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using the three
utilities; Trend Sysclean, Stinger and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point

* * Please report your results ! * *

 

[A]

I'll try this today and let you know how I get on. The only problem I can
see is that the pc is running so slow that I might not be able to connect to
the net and download the items mentioned.

 

[A]

is there a way to connect to the internet (dial up) when in safe mode?

 

[Malke]

is there a way to connect to the internet (dial up) when in safe mode?

Although XP offers Safe Mode with Networking, I don't think this
includes dialup. You would be much better off getting the necessary
tools from a different known-clean computer with a fast Internet
connection and a cd burner. If you don't have a friend with a computer
like that, take the machine to a good local professional (not a BestBuy
or CompUSA type of store) and have them do it for you. It will take far
less time and be less painful. It is also important to keep infected
machines off the Internet.

Good luck,

Malke

 

[A]

Still stuck with this, I can get online with firefox but it takes an age to
download anything, it would take hours to download the trend sysclean,
unable to connect with dial up from safe mode, safe mode won't let me run
stinger either. I have stopped windows firewall and microsofts beta
antispyware running all the time in the background but still the pc runs
slow. I am thinking along the lines of service pack 2 being, if not the
problem, then part of the problem so I am in the process of removing it.

 

[Malke]

Still stuck with this, I can get online with firefox but it takes an
age to download anything, it would take hours to download the trend
sysclean, unable to connect with dial up from safe mode, safe mode
won't let me run stinger either. I have stopped windows firewall and
microsofts beta antispyware running all the time in the background but
still the pc runs slow. I am thinking along the lines of service pack
2 being, if not the problem, then part of the problem so I am in the
process of removing it.

Service Pack 2 has nothing to do with why you have this malware on your
computer. Unless you installed Service Pack 2 onto an improperly
prepared machine - i.e., one that was already infested with malware -
SP2 isn't causing your difficulties. The malware is. Removing SP2 will
not remove the malware.

Since you cannot download the removal tools you need, do as I suggested
in my last post: get the tools from a friend's machine or take your
computer to a local professional for repair.

Good luck,

Malke

 

[A]

I uninstalled SP2 and the machine is running back to speed..I did the
downloads as previous post,,, trend and stinger...the malwares elitum DyFuCa
and n-Case are still there (as reported by spybot s&d) adaware reports 30+
problems...pop ups are still there too, at least with sp2 removed I can use
the pc and connect to the net with firefox... . I will check out the pop ups
and let you know who they are (payforpoups and adsforyou or something along
those lines), I have allready tried their website addresses as part of this
clean up but suprise surprise they don't exist anymore. As the machine is
running and able to connect I will be able to run a hijackthis prog, never
done it before so it will be interesting....I don't want to reformat as that
is 'giving up' ,
I don't want to take the machine to a profesional ...could you explain what
you wanted him to do?

 

[David H. Lipman]

From: "A" <[email protected]>

| I uninstalled SP2 and the machine is running back to speed..I did the
| downloads as previous post,,, trend and stinger...the malwares elitum DyFuCa
| and n-Case are still there (as reported by spybot s&d) adaware reports 30+
| problems...pop ups are still there too, at least with sp2 removed I can use
| the pc and connect to the net with firefox... . I will check out the pop ups
| and let you know who they are (payforpoups and adsforyou or something along
| those lines), I have allready tried their website addresses as part of this
| clean up but suprise surprise they don't exist anymore. As the machine is
| running and able to connect I will be able to run a hijackthis prog, never
| done it before so it will be interesting....I don't want to reformat as that
| is 'giving up' ,
| I don't want to take the machine to a profesional ...could you explain what
| you wanted him to do?

Nowhere do I see you downloaded, installed and updated Ad-aware SE v1.05.

1) Download the following item...

Adaware SE
http://www.lavasoftusa.com/

2) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode
4) Using Adaware SE, perform a Full Scan of your platform and clean/delete
any parasites found.
5) Restart your PC and perform a "final" Full Scan of your platform using Adaware
6) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) Create a new Restore point


* * * Please report back your results ! * * *

 

[A]

yes I have run an updated ad-aware...I downloaded and ran
1.05 ...btw each scan run takes a few hours...trend sysclean spybot stinger

 

[David H. Lipman]

From: "A" <[email protected]>

| yes I have run an updated ad-aware...I downloaded and ran
| 1.05 ...btw each scan run takes a few hours...trend sysclean spybot stinger
|
An ounce of prevention is worth a pound of cure !

Both of the subject matter infectors are covered by Ad-aware SE and/or Trend Sysclean. I
think Ad-aware covers both. If you are scanning in Safe Mode with updated definitions with
these applications, they should be catching them !

 

[A]

sysclean and Ad-aware don't detect these on my machine, Spybot S&D reports
them but cannot clean them off. Ran sysclean adaware and spybot at least 4
times in safe mode now so I am close to giving up and reformating, I wonder
if a regedit would work?

 

[David H. Lipman]

From: "A" <[email protected]>

| sysclean and Ad-aware don't detect these on my machine, Spybot S&D reports
| them but cannot clean them off. Ran sysclean adaware and spybot at least 4
| times in safe mode now so I am close to giving up and reformating, I wonder
| if a regedit would work?
|
Please read the folowing URL...
"How to perform a clean boot in Windows XP" -- http://support.microsoft.com/kb/310353

Then perform a scan using SpyBot S&D

 

[A]

done ... spybot still reports the three probs...the popups are from
paypopups.com whose website no longer exists and search miracle , I went to
search miracles site and managed to get the uninstaller to run, I managed to
run trend online scan and it removed successsfully 50cent, still getting
popups from ie though....and spybot reporting elitum dyfuca and ncase.

 

[David H. Lipman]

From: "A" <[email protected]>

| done ... spybot still reports the three probs...the popups are from
| paypopups.com whose website no longer exists and search miracle , I went to
| search miracles site and managed to get the uninstaller to run, I managed to
| run trend online scan and it removed successsfully 50cent, still getting
| popups from ie though....and spybot reporting elitum dyfuca and ncase.
|
|
|
If SpyBot S&D is finding them but you are not removing them, it is becuase they are runnibg
in the background. The files can't be removed if their respective File Handles are being
held open.

Have you tried BHODemon ?
http://www.definitivesolutions.com/bhodemon.htm

It will be a combination of Clean Booting WinXP, executing SpyBot S&D in Safe Mode and
shutting down as many running applications as possible pror to running a scanner that will
increase the effectiveness of the scanner(s).

 

[A]

, still there...Paypopups are gone and search miracle, I can't stop ie with
no tool bar pop ups with search reults for drugs of variuos types, they
appear about four or five times when I first connect to the net, btw I only
use firefox now ..spybot still reports the three malwares...

 

[David H. Lipman]

From: "A" <[email protected]>

| , still there...Paypopups are gone and search miracle, I can't stop ie with
| no tool bar pop ups with search reults for drugs of variuos types, they
| appear about four or five times when I first connect to the net, btw I only
| use firefox now ..spybot still reports the three malwares...
|

I suggest moving this problem off Microsoft's News Server and re-posting @
alt.privacy.spyware

Explain all the software you used and their respective versions, the methods in which you
applied them and EXACTLY what is still found in SpyBot S&D.

 

[A]

okay, thanks for all your help

 

[David H. Lipman]

From: "A" <[email protected]>

| okay, thanks for all your help
|
|
Saw the post. You could have spent a little more time to explain the problem and you didn't
post the versions of the anti malware applications.

I'll be monitoring the post.

Good Luck !

 

[A]

more info --- these are the programs, all the most up to date versions, I
have ran over the last week to try and remove the malwares ...
Spybot s&d - reports
Elitum.Elitebar
Settings
HKEY_USERS\S-1-5-18\Software\LQ
HKEY_USERS\DEFAULT\Software\LQ

DyFuCa.InternetOptimizer
Settings
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\AmeOp
t
HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\AmeOpt

n-Case
Settings
HKEY_USERS\S-1-5-18\Software\salm
HKEY_USERS\Default\Software\salm

Ad-Aware
Elitetoolbar remover
BHO Demon
Microsoft Antisppyware
CW Shredder
Stinger
Trend online and sysclean
ETRemover
SpywareDoctor
all above show a clean system except spybot...
this has been trying my patience all week,any ideas?