Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Panda Activescan finds elitebar and windowenhancer [RESOLVED]


  • This topic is locked This topic is locked

#1
Neonate

Neonate

    Member

  • Member
  • PipPip
  • 16 posts
Hi. Thanks for all the great work that the GeeksToGo volunteers are performing! I regularly scan my Windows ME system with "Ad Aware" and "Spybot Search and Destroy". Both of these tools say that my computer is currently clean. AVG antivirus also says my system is clean. However, I recently performed an online scan with Panda Software and some problems were found. I include the Panda Activescan report below. Below that is my HijackThis log. I also ran the Trendmicro online scanner. Trendmicro apparently finds the same problems that Panda found but it could not repair them. Thanks for any help that you can provide:

(Material below was edited and reposted without wordwrap)

Incident Status Location

Adware:adware/windowenhancer Not disinfected C:\WINDOWS\SYSTEM\SBUtils
Adware:adware/elitebar Not disinfected Windows Registry
Spyware:Cookie/Falkag Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5urqdw1w.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Zedo Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5urqdw1w.default\cookies.txt[.zedo.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5urqdw1w.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5urqdw1w.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/NewMedia Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5urqdw1w.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/Serving-sys Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5urqdw1w.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Falkag Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5urqdw1w.default\cookies.txt[]


Logfile of HijackThis v1.99.1
Scan saved at 12:16:42 PM, on 3/2/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\NECSSFW\WSWPD.EXE
C:\NECSSFW\WSTIMEB.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
F1 - win.ini: run=C:\NECSSFW\WSWPD.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {656FAD09-4DE3-4C34-9600-0928C855FD7A} (AxTaskList Class) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab

Edited by Neonate, 02 March 2006 - 03:29 PM.

  • 0

Advertisements


#2
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
The only thing the scan found was a few tracking cookies.

* Click here to download ATF Cleaner by Atribune and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
  • If you use Firefox:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
[*]Click Exit on the Main menu to close the program.
[/list]
* Run Kaspersky online virus scan here.

When given the option, choose the "Extended database" for the scan.

When the scan is finished, Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan
  • 0

#3
Neonate

Neonate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thanks for your help Flrman1. I used ATF Cleaner as requested and then performed a Kaspersky online virus scan. The results of the Kaspersky scan are attached. The HijackThis log is at the end of this message. I appreciate your help.

The Panda scan that I peformed originally motivated me to ask for help. That scan found mostly tracking cookies as you mentioned. But I could not figure out what the first two lines of the Panda scan meant: "Adware:adware/windowenhancer Not disinfected C:\WINDOWS\SYSTEM\SBUtils" and "Adware:adware/elitebar Not disinfected Windows Registry".

Below is the current Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 4:36:43 PM, on 3/3/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\NECSSFW\WSWPD.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\WUAUBOOT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
F1 - win.ini: run=C:\NECSSFW\WSWPD.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {656FAD09-4DE3-4C34-9600-0928C855FD7A} (AxTaskList Class) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...ebscan_ansi.cab

Attached Files


  • 0

#4
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
I apologize for not replying sooner. I wasn't feeling well yesterday.


* Click Here and download Killbox and save it to your desktop.

* Double-click on Killbox.exe to run it.
  • Put a tick by Delete on Reboot.
  • In the "Full Path of File to Delete" box, copy and paste the following line:

    C:\WINDOWS\SYSTEM\SBUtils

  • Click on the button that has the red circle with the X in the middle.
  • It will ask for confimation to delete the file on next reboot and ask you if you want to reboot now.
  • Click Yes and let the computer reboot.
How is everything now?
  • 0

#5
Neonate

Neonate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Sorry to hear that you were not feeling well. Hope that your are feeling better now, and thank you for your efforts.
I downloaded killbox and tried to use it on C:\WINDOWS\SYSTEM\SBUtils. However, it appears that C:\WINDOWS\SYSTEM\SBUtils is a directory and not a file. I did not want to delete everything in the directory without further guidance. The directory contains 51 files. I do not know why Panda scan is flagging it. Below is a partial list of the files in the directory to give you a sense of what it contains:

akn.dun
ARG.dun
BTS.dun
CPS.dun
DPC.dun
DXJ.dun
EasyInet.ico
EIR.dun
EQN.dun
EQT.dun
FEN.dun
FPD.dun
FPF.dun
FPG.dun
FPI.dun
FPJ.dun
FPN.dun
FPS.dun
FPU.dun
FTE.dun
... more file names....
launch.gif
Launch.ico
mco.dun
MCU.dun
NTO.dun
Register.ico
SBDun.dll
SBReg.pbk
SBRepo.dll
sbwatchdog.exe
sbwatchdog.ico
SBWebHost.exe
SBWebCtl.dll
SBWebHost.exe
SBWebTools.dll
SBWinet.dll
SEV.dun
spn.dun
spu.dun
...more file names....
vnz.dun
UUN.dun

I used google to search on some of these file names and on SBUtils. There is conflicting information. Thanks for your help.
  • 0

#6
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Go ahead and delete the folder.

* Go here and do the BitDefender online virus scan.
  • Click "I Agree" to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click "Click here to scan" to begin the scan.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on "Click here to export the scan results"
  • Save the report to your desktop then come back here and attach it to your next reply.

  • 0

#7
Neonate

Neonate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I deleted the SBUtils directory and the Panda scan no longer complains about it. Excellent! Thank you. I have not had a chance to run the BitDefender scan yet. The computer under analysis belongs to a relative, and there will be a delay until I can visit and access it again. I hope to run the scan within two or three days. Thanks for your help.
  • 0

#8
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
:tazz:
  • 0

#9
Neonate

Neonate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
The results of the BitDefender Online Scanner are attached as requested. It found one suspicious file associated with Temporary files for IE5 and it deleted the file. Currently, I use Firefox 1.5.0.1 and IE6 (Internet Explorer 6). Thanks for your help.

Attached Files


  • 0

#10
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
How is everything now?

Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.
  • 0

#11
Neonate

Neonate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi. Panda Activescan still complains as follows:
Adware:adware/elitebar Not disinfected Windows Registry

Perhaps it is a false positive report? Maybe it is some non-functional leftover from a previous infection. It seems that most of the scanners do not detect it or complain about it. No scanner has offered to remove the registry entry.

Here is the uninstall list from hijackthis that you requested. Thanks!

Adaptec DirectCD
Adaptec Easy CD Creator 4
Adaptec UDF Reader
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat and Reader 6.0.3 Update
Adobe Download Manager 1.2 (Remove Only)
Adobe Reader 6.0.1
ArcSoft Software Suite
BackWeb
BroadJump Client Foundation
DivX4Windows Codec 4.0 Alpha 50
eHelp
HijackThis 1.99.1
Hijackthis 1.99.1
HP Internet Center
Internet Explorer Q903235
Internet Explorer Q905915
J2SE Runtime Environment 5.0 Update 5
Kaspersky On-line Scanner
Macromedia Flash Player 8
Microsoft Data Access Components KB870669
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Money 2001
Microsoft Outlook Express 6
Microsoft PowerPoint Viewer 97
Microsoft VGX Q833989
Microsoft Works 6.0
Microsoft Works and Money 2001 Setup Launcher
Mozilla Firefox (1.5.0.1)
MSN Money Investment Toolbox
MusicMatch Jukebox
My Photo Center
Nikon View 6
Outlook Express Q887797
Panda ActiveScan
PC-Doctor for Windows
QuickLink III
QuickTime
Scrabble v2.0
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
The Playa 0.5.0 (remove only)
Trellix Web
Winamp (remove only)
Windows Millennium Edition KB891711 Update
Windows Millennium Edition Q823559 Update
ZoneAlarm
  • 0

#12
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts

Hi. Panda Activescan still complains as follows:
Adware:adware/elitebar Not disinfected Windows Registry..................... Maybe it is some non-functional leftover from a previous infection

That's exactly what it is so I wouldn't worry about it. We can do a reg search to find it and remove it if you wish.

* Go to Add/Remove programs and uninstall this old version of Java:

J2SE Runtime Environment 5.0 Update 5

* Now go here and install the latest version of Java.


* Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.


* Go to Windows update and install all "High Priority Updates".


* Now turn off System Restore:

Click Start, Settings, and then click Control Panel.
Double-click the System icon. The System Properties dialog box appears.

NOTE: If the System icon is not visible, click "View all Control Panel options" to display it.

Click the Performance tab, and then click File System.
Click the Troubleshooting tab, and then check Disable System Restore.
Click Apply then OK.
Click Yes, when you are prompted to restart Windows.

Now reenable System Restore by following these directions

To enable Windows Me System Restore:

Click Start, point to Settings, and then click Control Panel.
Double-click System, and then click the Performance tab.
Click File System, and then click the Troubleshooting tab.
Uncheck Disable System Restore.
Click OK. Click Yes, when you are prompted to restart Windows.
  • 0

#13
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP