Help! IE Hijacked with malware

G

Grey

XP Pro Sp1. My IE has been hijacked with Elitum Elitebar. I am being
bombarded with popups and assorted rubbish. I keep deleting the Elitetoolbar
directory, but it keeps coming back. It was identified with Spybot, but not
with AdAware-6. Norton's Antivirus does not see any virus. All these progs
have latest updates.

This is driving me crazy!!! Please help!!

Graham
 
D

David H. Lipman

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (personal free version)
http://www.lavasoftusa.com/

Create a directory...
On drive "C:\"
(e.g., "C:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download sysclean.com and place it in that directory.
Dowload the signature files (pattern files) by obtaining the ZIP file.
For example; lpt194.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point
10) Please report back your results

Dave




| XP Pro Sp1. My IE has been hijacked with Elitum Elitebar. I am being
| bombarded with popups and assorted rubbish. I keep deleting the Elitetoolbar
| directory, but it keeps coming back. It was identified with Spybot, but not
| with AdAware-6. Norton's Antivirus does not see any virus. All these progs
| have latest updates.
|
| This is driving me crazy!!! Please help!!
|
| Graham
|
|
 
P

PA Bear

Dealing with Trojans & Hijackware

A. Trojans

1. Check in at Windows Update and install all critical updates & reboot.

2. Download and run Stinger (http://vil.nai.com/vil/stinger/); then...

3. Update your virus definitions, enable Show Hidden Files
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
and then run a full system scan in Safe Mode
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
with nothing else running in background. Note the files identified and
removed then find the corresponding page for the file at your AV maker's
online support pages (e.g.,
http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html)
and follow *all* Removal steps, including editing the Registry if directed.

WinXP Only (WinME similar): If this scan finds anything, create a new
Restore Point then:

Disk Cleanup > More options > Delete all but the most recent Restore
Point.

B. Hijackware

Help with Hijackware (MS MVP sites all)
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
http://www.mvps.org/sramesh2k/Malware_Defence.htm

CoolWebSearch Chronicles
http://www.spywareinfo.com/~merijn/cwschronicles.html

Run these tools in the following order with nothing else running in
background:

1. CWShredder v1.59.1 (no updates available currently; fix all found)

2. Ad-Aware SE (reconfigure per Post #2 in
http://aumha.org/forum/viewtopic.php?t=5877; fix all found)

3. Spybot (RTFM but generally fix everything in red)

Important: You must seek updates for Ad-Aware, Spybot, etc., before each and
every use, even "right out of the box". But even they can't catch
everything, 24/7. When all else fails, HijackThis
(http://forum.aumha.org/downloads/hijackthis.zip) is the preferred tool to
use. It will help you to both identify and remove any hijackware/spyware.
**Post your files to http://forums.spywareinfo.com/ or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.**

[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]

So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957

--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP

WinXP SP2: What's New for Internet Explorer and Outlook Express
http://www.microsoft.com/windowsxp/sp2/ieoeoverview.mspx

What You Should Know About Spyware
http://www.microsoft.com/athome/security/spyware/devioussoftware.mspx

"There is no 'silver bullet' solution."
http://go.microsoft.com/fwlink/?LinkId=33131
 
D

David H. Lipman

P A Bear:

Please change your set of instructions in reference to McAfee Stinger. Stinger is NOT and
investigational tool. Stinger only targets ~45 infectors and their variants. Unless you
know the infector is indeed targeted by Stinger, it is contraindicated to suggest it.

It is far better to suggest Trend Sysclean. Sysclean is a broad-spectrum virus, worm and
Trojan removal tool that uses standard Trend Pattern files. Sysclean is like Stinger in
that no installation routine is required. Sysclean is a Command Line Scanner and is more
suited to investigational uses. It has no licensing issues and it targets everything
Stinger does and *way more*. It is also suggested to run Sysclean in Safe Mode to increase
its efficacy.

I suggest you try it for yourself !

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Dave




<snip>
| 2. Download and run Stinger (http://vil.nai.com/vil/stinger/); then...
<snip>
 
P

PA Bear

Please change your set of instructions in reference to McAfee Stinger.
Stinger is NOT and [sic] investigational tool. Stinger only targets ~45
infectors and their variants. Unless you know the infector is indeed
targeted by Stinger, it is contraindicated to suggest it.
Click to expand...

No, I suggest running Stinger as an, er..., /eliminatory/ tool: Running
Stringer eliminates the possibility that the problem, however remote, is
being caused by one of Stinger's targets. If we knew what the infector was,
we could of course eliminate Stinger from the list...but we don't know what
it is so dealing with it is a process of elimination using all available
tools, including Stinger.

I appreciate your comments.
 
D

David H. Lipman

The point is Sysclean does what Stinger does and way more !

Therefore Sysclean blows Stinger away. I highly suggest you try it and use it in your set
of instructions. As stated --
"Sysclean is a broad-spectrum virus, worm and Trojan removal tool that uses standard Trend
Pattern files....and is more suited to investigational uses."

Dave




| > Please change your set of instructions in reference to McAfee Stinger.
| > Stinger is NOT and [sic] investigational tool. Stinger only targets ~45
| > infectors and their variants. Unless you know the infector is indeed
| > targeted by Stinger, it is contraindicated to suggest it.
|
| No, I suggest running Stinger as an, er..., /eliminatory/ tool: Running
| Stringer eliminates the possibility that the problem, however remote, is
| being caused by one of Stinger's targets. If we knew what the infector was,
| we could of course eliminate Stinger from the list...but we don't know what
| it is so dealing with it is a process of elimination using all available
| tools, including Stinger.
|
| I appreciate your comments.
| --
| ~PA Bear
 
G

Guest

Hi Dave
I don't know if you're still watching this, but I had the same problem as
Grey and tried everything you suggested and I am having no luck. Any
suggestions?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Help! IE Hijacked with malware - sorted! 4
browser hijack 4
Hijacked homepage-MSITStore 1
Hijacked home page- MSITStore 1
help with hijacked browser, please. 4
My IE Seems To Be Out Of My Control 1
Spyware on IE 4
Spyware in IE 4

Top