I'm under attack!

[arch0nmyc0n]

LOL talk about a way to end the year... I'm under attack from something... I was doing some new installs that all of a sudden had popups on it. Before I could check what was going on, my boss reformatted the systems. However, I've just noticed it happening on two other systems, from what I can tell it's some spyware I've never seen before, when I do a scan (adaware) I find an Elitum.ElitebarBHO

Anyone know if this thing transmits itself over a network or something? Cause my new installs were infected before I did much of anything. There is a firewall protecting me from the internet... a linux box that I don't maintain... the admin said he noticed a lot of connections in the last few days. I dunno, it seems to be calming down now, but I just found it weird how it seemed to jump computers through the internal network... ah well... maybe it's the drinks I've been having since this morning... man... it's a lot of fun to fix computers while you can barely walk... it's a good thing I can stumble home from work :P

[TechZ]

READ:

I had the same problem with Elitebar. Hopefully, my experience may help you.

After running the above online scans - pandasoft and housecall:

http://www.pandasoftware.com/activescan/co...n_principal.htm
http://housecall.antivirus.com/housecall/start_corp.asp

I rebooted into safe mode (restart your computer and tap the F8 key as it is booting up)

Rin regedit (Start>Run, then type in regedit) and removed all references to the Elitum.Elitebar as recorded in your lavasoft log

From the Start bar>Run, type in %Temp%, Edit>Select All>Delete
Delete all Offline content from the explorer winow by Start>Settings>Control Panel>Internet Options>Delete Files>Delete all Offline content.

Empty the contents of the Temp folder under C:\Windows\Temp

Empty your recycle bin

Turn off the Systems Restore Feature by Right clicking the My computer icon, slect Properties and then "Turn off System Restore"

Now, Reboot your machine and run adaware again.

If you find any other references to Elitum.Elitebar, record the exact location and file names, reboot into safe mode, run regedit, do a search for the entries that adaware noted and then delete them - sometimes, it may not let you delete the file because of permission issues - Simply right mouse click and check "all permissions" and then go back and delete the registry key that contains the offending entry.


Now, rerun Adaware, making sure that you have loaded the latest definition files (16/12/2004)

You can reset the Systems Resore feature in Windows and name it something meaningful to you as "After Elitebar Clean Up"

Source: http://www.lavasoftsupport.com/index...howtopic=54019

Main Source: http://www.google.com/search?sourcei...%2EElitebarBHO

[arch0nmyc0n]

Well it doesn't seem to difficult to remove after having played with it for a bit. I scanned with adaware removed all the poop then restarted the computer in safe mode and used hijackthis and removed all the entries that were otherwise "returning" everytime in normal mode. When I got back to noprmal mode adaware didn't find anything and the startup entries were gone still. Double checked with hijackthis and it was clean.

The thing that freaked me out is the fact it appeared on a brand new install where all I did was do windows update; coupled with the report of the strange connection attempts I wasn't sure what to figure it as. Very strange... ah well it's all cleared now...

[geeksRus]

lot of people forget about Spyware Blaster...it keeps a lot of this crap from installing in the first place. i know i forget when i run Spybot or Ad Aware to then run it on a clean machine.

[TechZ]

Spybot S&D has that Immunize, good feature.