Elitum DyFuca n-Case

Toggle sidebar Toggle sidebar
A

a

Distinguished
Apr 3, 2004
159
0
18,680
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

pc is running very slow, and acts up...
I've followed all the previous threads advice and I still cannot get rid of
these spywares.
spybot says it will remove them at next start up but they seem to slow the
spybot down and will not remove when spybot eventually stops.
I have no experience of hijack this so if any further advise appreciated the
pc is just about unuseable I believe the spywares will slow everything down
but my pc is just about unuseable.
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "A" <aaa@aol.com>

| pc is running very slow, and acts up...
| I've followed all the previous threads advice and I still cannot get rid of
| these spywares.
| spybot says it will remove them at next start up but they seem to slow the
| spybot down and will not remove when spybot eventually stops.
| I have no experience of hijack this so if any further advise appreciated the
| pc is just about unuseable I believe the spywares will slow everything down
| but my pc is just about unuseable.
|


Dump the contents of the IE Temporary Internet Folder cache (TIF)

start --> settings --> control panel --> internet options --> delete files

1) Download the following four items...

McAfee Stinger
http://vil.nai.com/vil/stinger/

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt488.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM .

2) Update Ad-aware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode [F8 key during boot]
and shutdown as many applications as possible.
5) Using Trend Sysclean, Stinger and Ad-aware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using the three
utilities; Trend Sysclean, Stinger and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point

* * Please report your results ! * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html
 
A

a

Distinguished
Apr 3, 2004
159
0
18,680
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I'll try this today and let you know how I get on. The only problem I can
see is that the pc is running so slow that I might not be able to connect to
the net and download the items mentioned.
 
A

a

Distinguished
Apr 3, 2004
159
0
18,680
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

is there a way to connect to the internet (dial up) when in safe mode?

"A" <aaa@aol.com> wrote in message news:39l3s2F5uag1oU1@individual.net...
> I'll try this today and let you know how I get on. The only problem I can
> see is that the pc is running so slow that I might not be able to connect
to
> the net and download the items mentioned.
>
>
 
M

Malke

Distinguished
Apr 6, 2004
3,000
0
20,780
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

A wrote:

> is there a way to connect to the internet (dial up) when in safe mode?
>
> "A" <aaa@aol.com> wrote in message
> news:39l3s2F5uag1oU1@individual.net...
>> I'll try this today and let you know how I get on. The only problem I
>> can see is that the pc is running so slow that I might not be able to
>> connect
> to
>> the net and download the items mentioned.
>>
>>

Although XP offers Safe Mode with Networking, I don't think this
includes dialup. You would be much better off getting the necessary
tools from a different known-clean computer with a fast Internet
connection and a cd burner. If you don't have a friend with a computer
like that, take the machine to a good local professional (not a BestBuy
or CompUSA type of store) and have them do it for you. It will take far
less time and be less painful. It is also important to keep infected
machines off the Internet.

Good luck,

Malke
--
MS MVP - Windows Shell/User
www.elephantboycomputers.com
In Memoriam - MVP Alex Nichol
The world is diminished without him.
 
A

a

Distinguished
Apr 3, 2004
159
0
18,680
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Still stuck with this, I can get online with firefox but it takes an age to
download anything, it would take hours to download the trend sysclean,
unable to connect with dial up from safe mode, safe mode won't let me run
stinger either. I have stopped windows firewall and microsofts beta
antispyware running all the time in the background but still the pc runs
slow. I am thinking along the lines of service pack 2 being, if not the
problem, then part of the problem so I am in the process of removing it.
 
M

Malke

Distinguished
Apr 6, 2004
3,000
0
20,780
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

A wrote:

> Still stuck with this, I can get online with firefox but it takes an
> age to download anything, it would take hours to download the trend
> sysclean, unable to connect with dial up from safe mode, safe mode
> won't let me run stinger either. I have stopped windows firewall and
> microsofts beta antispyware running all the time in the background but
> still the pc runs slow. I am thinking along the lines of service pack
> 2 being, if not the problem, then part of the problem so I am in the
> process of removing it.

Service Pack 2 has nothing to do with why you have this malware on your
computer. Unless you installed Service Pack 2 onto an improperly
prepared machine - i.e., one that was already infested with malware -
SP2 isn't causing your difficulties. The malware is. Removing SP2 will
not remove the malware.

Since you cannot download the removal tools you need, do as I suggested
in my last post: get the tools from a friend's machine or take your
computer to a local professional for repair.

Good luck,

Malke
--
MS MVP - Windows Shell/User
www.elephantboycomputers.com
In Memoriam - MVP Alex Nichol
The world is diminished without him.
 
A

a

Distinguished
Apr 3, 2004
159
0
18,680
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I uninstalled SP2 and the machine is running back to speed..I did the
downloads as previous post,,, trend and stinger...the malwares elitum DyFuCa
and n-Case are still there (as reported by spybot s&d) adaware reports 30+
problems...pop ups are still there too, at least with sp2 removed I can use
the pc and connect to the net with firefox... . I will check out the pop ups
and let you know who they are (payforpoups and adsforyou or something along
those lines), I have allready tried their website addresses as part of this
clean up but suprise surprise they don't exist anymore. As the machine is
running and able to connect I will be able to run a hijackthis prog, never
done it before so it will be interesting....I don't want to reformat as that
is 'giving up' ,
I don't want to take the machine to a profesional ...could you explain what
you wanted him to do?

"Malke" <noreply@invalid.com> wrote in message
news:eQNMVbWKFHA.3064@TK2MSFTNGP12.phx.gbl...
> A wrote:
>
> > Still stuck with this, I can get online with firefox but it takes an
> > age to download anything, it would take hours to download the trend
> > sysclean, unable to connect with dial up from safe mode, safe mode
> > won't let me run stinger either. I have stopped windows firewall and
> > microsofts beta antispyware running all the time in the background but
> > still the pc runs slow. I am thinking along the lines of service pack
> > 2 being, if not the problem, then part of the problem so I am in the
> > process of removing it.
>
> Service Pack 2 has nothing to do with why you have this malware on your
> computer. Unless you installed Service Pack 2 onto an improperly
> prepared machine - i.e., one that was already infested with malware -
> SP2 isn't causing your difficulties. The malware is. Removing SP2 will
> not remove the malware.
>
> Since you cannot download the removal tools you need, do as I suggested
> in my last post: get the tools from a friend's machine or take your
> computer to a local professional for repair.
>
> Good luck,
>
> Malke
> --
> MS MVP - Windows Shell/User
> www.elephantboycomputers.com
> In Memoriam - MVP Alex Nichol
> The world is diminished without him.
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "A" <aaa@aol.com>

| I uninstalled SP2 and the machine is running back to speed..I did the
| downloads as previous post,,, trend and stinger...the malwares elitum DyFuCa
| and n-Case are still there (as reported by spybot s&d) adaware reports 30+
| problems...pop ups are still there too, at least with sp2 removed I can use
| the pc and connect to the net with firefox... . I will check out the pop ups
| and let you know who they are (payforpoups and adsforyou or something along
| those lines), I have allready tried their website addresses as part of this
| clean up but suprise surprise they don't exist anymore. As the machine is
| running and able to connect I will be able to run a hijackthis prog, never
| done it before so it will be interesting....I don't want to reformat as that
| is 'giving up' ,
| I don't want to take the machine to a profesional ...could you explain what
| you wanted him to do?
| | "Malke" <noreply@invalid.com> wrote in message

Nowhere do I see you downloaded, installed and updated Ad-aware SE v1.05.

1) Download the following item...

Adaware SE
http://www.lavasoftusa.com/

2) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode
4) Using Adaware SE, perform a Full Scan of your platform and clean/delete
any parasites found.
5) Restart your PC and perform a "final" Full Scan of your platform using Adaware
6) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) Create a new Restore point


* * * Please report back your results ! * * *

--
Dave
 
A

a

Distinguished
Apr 3, 2004
159
0
18,680
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

yes I have run an updated ad-aware...I downloaded and ran
1.05 ...btw each scan run takes a few hours...trend sysclean spybot stinger
adaware..."David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:OM07AWcKFHA.3064@TK2MSFTNGP12.phx.gbl...
> From: "A" <aaa@aol.com>
>
> | I uninstalled SP2 and the machine is running back to speed..I did the
> | downloads as previous post,,, trend and stinger...the malwares elitum
DyFuCa
> | and n-Case are still there (as reported by spybot s&d) adaware reports
30+
> | problems...pop ups are still there too, at least with sp2 removed I can
use
> | the pc and connect to the net with firefox... . I will check out the pop
ups
> | and let you know who they are (payforpoups and adsforyou or something
along
> | those lines), I have allready tried their website addresses as part of
this
> | clean up but suprise surprise they don't exist anymore. As the machine
is
> | running and able to connect I will be able to run a hijackthis prog,
never
> | done it before so it will be interesting....I don't want to reformat as
that
> | is 'giving up' ,
> | I don't want to take the machine to a profesional ...could you explain
what
> | you wanted him to do?
> | | "Malke" <noreply@invalid.com> wrote in message
>
> Nowhere do I see you downloaded, installed and updated Ad-aware SE v1.05.
>
> 1) Download the following item...
>
> Adaware SE
> http://www.lavasoftusa.com/
>
> 2) Disable System Restore
> http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
> 3) Reboot your PC into Safe Mode
> 4) Using Adaware SE, perform a Full Scan of your platform and
clean/delete
> any parasites found.
> 5) Restart your PC and perform a "final" Full Scan of your platform
using Adaware
> 6) Re-enable System Restore and re-apply any System Restore
preferences,
> (e.g. HD space to use suggested 400 ~ 600MB),
> 7) Reboot your PC.
> 8) Create a new Restore point
>
>
> * * * Please report back your results ! * * *
>
> --
> Dave
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "A" <aaa@aol.com>

| yes I have run an updated ad-aware...I downloaded and ran
| 1.05 ...btw each scan run takes a few hours...trend sysclean spybot stinger
| adaware..."David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
| news:OM07AWcKFHA.3064@TK2MSFTNGP12.phx.gbl...

An ounce of prevention is worth a pound of cure !

Both of the subject matter infectors are covered by Ad-aware SE and/or Trend Sysclean. I
think Ad-aware covers both. If you are scanning in Safe Mode with updated definitions with
these applications, they should be catching them !

--
Dave
 
A

a

Distinguished
Apr 3, 2004
159
0
18,680
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

sysclean and Ad-aware don't detect these on my machine, Spybot S&D reports
them but cannot clean them off. Ran sysclean adaware and spybot at least 4
times in safe mode now so I am close to giving up and reformating, I wonder
if a regedit would work?

> Both of the subject matter infectors are covered by Ad-aware SE and/or
Trend Sysclean. I
> think Ad-aware covers both. If you are scanning in Safe Mode with updated
definitions with
> these applications, they should be catching them !
>
> --
> Dave
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "A" <aaa@aol.com>

| sysclean and Ad-aware don't detect these on my machine, Spybot S&D reports
| them but cannot clean them off. Ran sysclean adaware and spybot at least 4
| times in safe mode now so I am close to giving up and reformating, I wonder
| if a regedit would work?
|
>> Both of the subject matter infectors are covered by Ad-aware SE and/or
| Trend Sysclean. I
>> think Ad-aware covers both. If you are scanning in Safe Mode with updated
| definitions with
>> these applications, they should be catching them !
>>
>> --
>> Dave
>>

Please read the folowing URL...
"How to perform a clean boot in Windows XP" -- http://support.microsoft.com/kb/310353

Then perform a scan using SpyBot S&D

--
Dave
 
A

a

Distinguished
Apr 3, 2004
159
0
18,680
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

done ... spybot still reports the three probs...the popups are from
paypopups.com whose website no longer exists and search miracle , I went to
search miracles site and managed to get the uninstaller to run, I managed to
run trend online scan and it removed successsfully 50cent, still getting
popups from ie though....and spybot reporting elitum dyfuca and ncase.


"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:OVCiyAjKFHA.3340@TK2MSFTNGP14.phx.gbl...
> From: "A" <aaa@aol.com>
>
> | sysclean and Ad-aware don't detect these on my machine, Spybot S&D
reports
> | them but cannot clean them off. Ran sysclean adaware and spybot at least
4
> | times in safe mode now so I am close to giving up and reformating, I
wonder
> | if a regedit would work?
> |
> >> Both of the subject matter infectors are covered by Ad-aware SE and/or
> | Trend Sysclean. I
> >> think Ad-aware covers both. If you are scanning in Safe Mode with
updated
> | definitions with
> >> these applications, they should be catching them !
> >>
> >> --
> >> Dave
> >>
>
> Please read the folowing URL...
> "How to perform a clean boot in Windows XP" --
http://support.microsoft.com/kb/310353
>
> Then perform a scan using SpyBot S&D
>
> --
> Dave
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "A" <aaa@aol.com>

| done ... spybot still reports the three probs...the popups are from
| paypopups.com whose website no longer exists and search miracle , I went to
| search miracles site and managed to get the uninstaller to run, I managed to
| run trend online scan and it removed successsfully 50cent, still getting
| popups from ie though....and spybot reporting elitum dyfuca and ncase.
|
|
| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
| news:OVCiyAjKFHA.3340@TK2MSFTNGP14.phx.gbl...

If SpyBot S&D is finding them but you are not removing them, it is becuase they are runnibg
in the background. The files can't be removed if their respective File Handles are being
held open.

Have you tried BHODemon ?
http://www.definitivesolutions.com/bhodemon.htm

It will be a combination of Clean Booting WinXP, executing SpyBot S&D in Safe Mode and
shutting down as many running applications as possible pror to running a scanner that will
increase the effectiveness of the scanner(s).

--
Dave
 
A

a

Distinguished
Apr 3, 2004
159
0
18,680
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

, still there...Paypopups are gone and search miracle, I can't stop ie with
no tool bar pop ups with search reults for drugs of variuos types, they
appear about four or five times when I first connect to the net, btw I only
use firefox now ..spybot still reports the three malwares...

> |
> |
> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> | news:OVCiyAjKFHA.3340@TK2MSFTNGP14.phx.gbl...
>
> If SpyBot S&D is finding them but you are not removing them, it is becuase
they are runnibg
> in the background. The files can't be removed if their respective File
Handles are being
> held open.
>
> Have you tried BHODemon ?
> http://www.definitivesolutions.com/bhodemon.htm
>
> It will be a combination of Clean Booting WinXP, executing SpyBot S&D in
Safe Mode and
> shutting down as many running applications as possible pror to running a
scanner that will
> increase the effectiveness of the scanner(s).
>
> --
> Dave
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "A" <aaa@aol.com>

| , still there...Paypopups are gone and search miracle, I can't stop ie with
| no tool bar pop ups with search reults for drugs of variuos types, they
| appear about four or five times when I first connect to the net, btw I only
| use firefox now ..spybot still reports the three malwares...
|

I suggest moving this problem off Microsoft's News Server and re-posting @
alt.privacy.spyware

Explain all the software you used and their respective versions, the methods in which you
applied them and EXACTLY what is still found in SpyBot S&D.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
 
A

a

Distinguished
Apr 3, 2004
159
0
18,680
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

okay, thanks for all your help

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:uzXtS00KFHA.1136@TK2MSFTNGP10.phx.gbl...
> From: "A" <aaa@aol.com>
>
> | , still there...Paypopups are gone and search miracle, I can't stop ie
with
> | no tool bar pop ups with search reults for drugs of variuos types, they
> | appear about four or five times when I first connect to the net, btw I
only
> | use firefox now ..spybot still reports the three malwares...
> |
>
> I suggest moving this problem off Microsoft's News Server and re-posting @
> alt.privacy.spyware
>
> Explain all the software you used and their respective versions, the
methods in which you
> applied them and EXACTLY what is still found in SpyBot S&D.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "A" <aaa@aol.com>

| okay, thanks for all your help
|
| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
| news:uzXtS00KFHA.1136@TK2MSFTNGP10.phx.gbl...

Saw the post. You could have spent a little more time to explain the problem and you didn't
post the versions of the anti malware applications.

I'll be monitoring the post.

Good Luck !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
 
A

a

Distinguished
Apr 3, 2004
159
0
18,680
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

more info --- these are the programs, all the most up to date versions, I
have ran over the last week to try and remove the malwares ...
Spybot s&d - reports
Elitum.Elitebar
Settings
HKEY_USERS\S-1-5-18\Software\LQ
HKEY_USERS\DEFAULT\Software\LQ

DyFuCa.InternetOptimizer
Settings
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\AmeOp
t
HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\AmeOpt

n-Case
Settings
HKEY_USERS\S-1-5-18\Software\salm
HKEY_USERS\Default\Software\salm

Ad-Aware
Elitetoolbar remover
BHO Demon
Microsoft Antisppyware
CW Shredder
Stinger
Trend online and sysclean
ETRemover
SpywareDoctor
all above show a clean system except spybot...
this has been trying my patience all week,any ideas?
 
A

a

Distinguished
Apr 3, 2004
159
0
18,680
Archived from groups: alt.comp.anti-virus,alt.privacy.spyware,microsoft.public.windowsxp.basics,microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.security_admin (More info?)

I just ran all the scans, removed all the offending progs and then
reinstalled spybot and now have a clean system...

"A" <aaa@aol.com> wrote in message news:3a0u2qF61duojU1@individual.net...
> more info --- these are the programs, all the most up to date versions, I
> have ran over the last week to try and remove the malwares ...
> Spybot s&d - reports
> Elitum.Elitebar
> Settings
> HKEY_USERS\S-1-5-18\Software\LQ
> HKEY_USERS\DEFAULT\Software\LQ
>
> DyFuCa.InternetOptimizer
> Settings
>
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\AmeOp
> t
>
HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\AmeOpt
>
> n-Case
> Settings
> HKEY_USERS\S-1-5-18\Software\salm
> HKEY_USERS\Default\Software\salm
>
> Ad-Aware
> Elitetoolbar remover
> BHO Demon
> Microsoft Antisppyware
> CW Shredder
> Stinger
> Trend online and sysclean
> ETRemover
> SpywareDoctor
> all above show a clean system except spybot...
> this has been trying my patience all week,any ideas?
>
>
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom