spybot 1.4

Guest · Jul 12, 2005

Archived from groups: microsoft.public.windowsxp.general (More info?)

I scan my system and IT giveS me Elitum.Elitebar which the "Fix Selected
problem "dont seems to fix it in the sense that when you rescan (even without
log-in to the internet) the spyware will appear again in the search result.

It is located in HKey _USERS\s-1-5-21-.................\software\LQ

and when I go to the registry on the left pan its listed as
Local-AppWizard-Generated Applications(LAGA) and LQ is a folder under (LAGA)
When the LQ is high lighted, on the right pane, I have

default reg_SZ (value not set)
TM reg_SZ 10

My question is how do I get rid of this so that when I do the spybot scan,
Elitum.EliteBar does not crop up,

TIA

Guest · Jul 12, 2005

Archived from groups: microsoft.public.windowsxp.general (More info?)

Under safe mode or normal mode, in my msconfig/startup, the closest I get is
elitemoj32 c:\windows\system32 ....(cant see the rest)
and location
HKLM\SOFTWARE\Microsoft\Windows\CurrentVer... (cant see the rest)
I tried to double click it or move the cursor to the right, still ynable to
read the whole location of the 'file'. I must be missing something here.

320820-for backing up the whole registry?

start/all prog/accessories/system tools, there is no backup wizard and my pc
is PBell and does not come with any cd, so what shall I do next, thanks

"Li'l Roberto" wrote:

>
> "su su" <susu@discussions.microsoft.com> wrote in message news:2BAED261-7824-4777-A175-C080848B734B@microsoft.com...
> >I scan my system and IT giveS me Elitum.Elitebar which the "Fix Selected
> > problem "dont seems to fix it in the sense that when you rescan (even without
> > log-in to the internet) the spyware will appear again in the search result.
> >
> > It is located in HKey _USERS\s-1-5-21-.................\software\LQ
> >
> > and when I go to the registry on the left pan its listed as
> > Local-AppWizard-Generated Applications(LAGA) and LQ is a folder under (LAGA)
> > When the LQ is high lighted, on the right pane, I have
> >
> > default reg_SZ (value not set)
> > TM reg_SZ 10
> >
> > My question is how do I get rid of this so that when I do the spybot scan,
> > Elitum.EliteBar does not crop up,
> >
> > TIA
>
> Start in Safe Mode, goto Run > msconfig, look for the elitum *.exe file in the startup tab, you should be able to see it's name and in which registry key it is loading from, next run regedit and goto
> HKEY_CURRENT _USER\Software\Microsoft\Windows\CurrentVersion\Run & HKEY_LOCAL_MACHINE ~, delete any references found there.
> As always backup those keys before deleting anything, just in case...
> Finally delete the exe file mentioned, it will most likely be in the C:\windows\system32 folder.
>
> rgds
> Li'l Roberto
>

Malke · Jul 12, 2005

Archived from groups: microsoft.public.windowsxp.general (More info?)

su su wrote:

> Under safe mode or normal mode, in my msconfig/startup, the closest I
> get is
> elitemoj32 c:\windows\system32 ....(cant see the rest)
> and location
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVer... (cant see the rest)
> I tried to double click it or move the cursor to the right, still
> ynable to read the whole location of the 'file'. I must be missing
> something here.
>
> 320820-for backing up the whole registry?
>
> start/all prog/accessories/system tools, there is no backup wizard and
> my pc is PBell and does not come with any cd, so what shall I do next,
> thanks
>
>
> "Li'l Roberto" wrote:
>
>>
>> "su su" <susu@discussions.microsoft.com> wrote in message
>> news:2BAED261-7824-4777-A175-C080848B734B@microsoft.com...
>> >I scan my system and IT giveS me Elitum.Elitebar which the "Fix
>> >Selected
>> > problem "dont seems to fix it in the sense that when you rescan
>> > (even without
>> > log-in to the internet) the spyware will appear again in the
>> > search result.
>> >
>> > It is located in HKey
>> > _USERS\s-1-5-21-.................\software\LQ
>> >
>> > and when I go to the registry on the left pan its listed as
>> > Local-AppWizard-Generated Applications(LAGA) and LQ is a folder
>> > under (LAGA) When the LQ is high lighted, on the right pane, I have
>> >
>> > default reg_SZ (value not set)
>> > TM reg_SZ 10
>> >
>> > My question is how do I get rid of this so that when I do the
>> > spybot scan, Elitum.EliteBar does not crop up,
>> >
>> > TIA
>>
>> Start in Safe Mode, goto Run > msconfig, look for the elitum *.exe
>> file in the startup tab, you should be able to see it's name and
>> in which registry key it is loading from, next run regedit and
>> goto
>> HKEY_CURRENT _USER\Software\Microsoft\Windows\CurrentVersion\Run &
>> HKEY_LOCAL_MACHINE ~, delete any references found there.
>> As always backup those keys before deleting anything, just in
>> case...
>> Finally delete the exe file mentioned, it will most likely be
>> in the C:\windows\system32 folder.
>>
>> rgds
>> Li'l Roberto
>>

Su su - Your system is infected with the Elite Toolbar garbage. It can
be very hard to remove. Since you obviously aren't familiar with
working in the Registry, it would be safer for you to get some help
with removing the malware. Get and run HijackThis and then post your
log to *one* of the following forums (not here, please). Make sure you
read their posting FAQ first. You will get the expert help you need
there.

http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
another tutorial
http://castlecops.com/forum67.html
http://aumha.net/viewforum.php?f=30
http://spywarewarrior.com/viewforum.php?f=5
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Guest · Jul 12, 2005

Archived from groups: microsoft.public.windowsxp.general (More info?)

help please...
I did a search for files n folders, either for Elitum.exe or Ellite.Bar and
both search says no result to display (there is only 1 drive)
Its seems rather strange as why its shows the pc infected with
Elitum.EliteBar when using the spybot (have scan at least 7 times). Also,
this pc is parkardbell and does not come with the cd. so what can I do next
to resolve the issue, TIA

"su su" wrote:

> Under safe mode or normal mode, in my msconfig/startup, the closest I get is
> elitemoj32 c:\windows\system32 ....(cant see the rest)
> and location
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVer... (cant see the rest)
> I tried to double click it or move the cursor to the right, still ynable to
> read the whole location of the 'file'. I must be missing something here.
>
> 320820-for backing up the whole registry?
>
> start/all prog/accessories/system tools, there is no backup wizard and my pc
> is PBell and does not come with any cd, so what shall I do next, thanks
>
>
> "Li'l Roberto" wrote:
>
> >
> > "su su" <susu@discussions.microsoft.com> wrote in message news:2BAED261-7824-4777-A175-C080848B734B@microsoft.com...
> > >I scan my system and IT giveS me Elitum.Elitebar which the "Fix Selected
> > > problem "dont seems to fix it in the sense that when you rescan (even without
> > > log-in to the internet) the spyware will appear again in the search result.
> > >
> > > It is located in HKey _USERS\s-1-5-21-.................\software\LQ
> > >
> > > and when I go to the registry on the left pan its listed as
> > > Local-AppWizard-Generated Applications(LAGA) and LQ is a folder under (LAGA)
> > > When the LQ is high lighted, on the right pane, I have
> > >
> > > default reg_SZ (value not set)
> > > TM reg_SZ 10
> > >
> > > My question is how do I get rid of this so that when I do the spybot scan,
> > > Elitum.EliteBar does not crop up,
> > >
> > > TIA
> >
> > Start in Safe Mode, goto Run > msconfig, look for the elitum *.exe file in the startup tab, you should be able to see it's name and in which registry key it is loading from, next run regedit and goto
> > HKEY_CURRENT _USER\Software\Microsoft\Windows\CurrentVersion\Run & HKEY_LOCAL_MACHINE ~, delete any references found there.
> > As always backup those keys before deleting anything, just in case...
> > Finally delete the exe file mentioned, it will most likely be in the C:\windows\system32 folder.
> >
> > rgds
> > Li'l Roberto
> >

Malke · Jul 12, 2005

Archived from groups: microsoft.public.windowsxp.general (More info?)

su su wrote:

> help please...
> I did a search for files n folders, either for Elitum.exe or
> Ellite.Bar and both search says no result to display (there is only 1
> drive) Its seems rather strange as why its shows the pc infected with
> Elitum.EliteBar when using the spybot (have scan at least 7 times).
> Also, this pc is parkardbell and does not come with the cd. so what
> can I do next to resolve the issue, TIA

Read my previous response to you. Run HijackThis and post in one of the
logs to which I gave you the links.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Guest · Jul 13, 2005

Archived from groups: microsoft.public.windowsxp.general (More info?)

Malke,
sori did not read your earlier post. How do I post after the
registeration/activation at Aumha forum. rather silly cannot find the place
to post.
pls help, thanks

"Malke" wrote:

> su su wrote:
>
> > help please...
> > I did a search for files n folders, either for Elitum.exe or
> > Ellite.Bar and both search says no result to display (there is only 1
> > drive) Its seems rather strange as why its shows the pc infected with
> > Elitum.EliteBar when using the spybot (have scan at least 7 times).
> > Also, this pc is parkardbell and does not come with the cd. so what
> > can I do next to resolve the issue, TIA
>
> Read my previous response to you. Run HijackThis and post in one of the
> logs to which I gave you the links.
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
>

Search

spybot 1.4

Guest

Guest

Guest

Guest

Malke

Distinguished

Guest

Guest

Malke

Distinguished

Guest

Guest

TRENDING THREADS

Latest posts

Moderators online

Share this page