Member Avatar for tfonseca

Hello, everyone.

I having some problems in my computer and I hope you can help me.

Everytime I connect the Internet, a lot of I.E. windows with adversitments start to open non stop. And when this problem started, a green icon named "Click Me" appeared in the desktop.

I tried a lot of Anti-Adware softwares and Antvirus but although they locate and delete some bugged files - such as Brazil.exe, DialupServer.exe and EliteToolBar - it doesn´t work at all. All the files come back everytime I reboot the computer.

Below there is the HiJackThis LOG. Please, help me to erradicate this thing from my computer...!

Logfile of HijackThis v1.99.1
Scan saved at 14:18:24, on 13/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\mysql\bin\mysqld-nt.exe
C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe
C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\SymWSC.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitegss32.exe
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\system32\temp532.exe -N
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

  • 3 Contributors
  • 2 Replies
  • 91 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by crunchie

Recommended Answers

All 2 Replies

Member Avatar for buddylee614

whoooooa!! you got it bad!!
if you want the ad-wares and spywares to be removed and never come back try;

- spybot http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10401314.html?tag=lst-0-1,
run a check, get rid of all the baddies, then use the immunize feature to stop them from coming back, also if you can tell the difference between bad and good start-up programs switch to advance mode and block all the bad start-up programs

and alternative method is the microsoft antispyware
get it from here http://www.download.com/Microsoft-Windows-AntiSpyware/3000-8022_4-10353596.html?tag=lst-0-4 and you'll have to keep that program running in the background to give you some real-time protection

for other ways to protect your system read this;
http://www.daniweb.com/techtalkforums/thread25557.html

buddylee614, viz ex
happy websurfing :mrgreen:

Member Avatar for crunchie

You have some entries there that need removing.

===============

Before we begin, let's move <b>HiJackThis</b> to it's own folder; like <b>c:\HJT</b>.

Also move the "<b><i>Backups</i></b>" folder, for <b>HiJackThis</b>, if present.

===============

Go to Add/Remove programs and remove(uninstall) the following, if present:

Elite Toolbar

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Runn HiJackThis, click "Scan", then check(tick) the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll

O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitegss32.exe
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\system32\temp532.exe -N


Now, with all windows closed (including Internet Explorer) except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

folders...

C:\WINDOWS\EliteToolBar

files...

C:\windows\system32\elitegss32.exe
C:\WINDOWS\system32\temp532.exe

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Let me know how everything goes.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.