Please help deadline to meet ahhhh!!!

Hi there

got a nasty malware on my pc at work and have a major dealine to meet for a £15million job so it would be quite good to get rid of the bugger!

ok so here goes 1st post so i hope it makes sence

gone through the basic spyware, trojan and virus removal in safe mode and normal mode on major geeks. But everytime i delete the following files in adaware they just self replicate.

heres the log file from adaware

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.3

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.4

Its the lq bits in the registry that replicate everytime tried hijack software too but that didnt work and all the virus checks say nothing is there.

any ideas i could do with a hand.

cheers

 

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

cheers for the help on this much appreciated

here is the log file

thanks

drunkenbear

 

Is this log from Safe Mode? Its looks to me like it is, please attach another log from normal mode.

 

oh sorry didnt realise here you go

 

Are you familiar with Autodesk?


Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteohv32.exe

Are these entries part of your ISP?

Again, make sure All Browser Windows are Closed when you Click FIX. '


NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\windows\system32\eliteohv32.exe

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

ok done all that

the 017's are the office server and i am familiar with autodesk we run some of their products here, why'd u ask?

seems like the elite thing is back from the log grrrr

 

....although lavasoft adaware no longer finds the annoying files in the reigstry
so fingers crossed?

 

Scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteohv32.exe

NOW:

Download EliteToolbar Remover 1.1.B

Run this and move to the next step!

NOW:
Download Pocket KillBox

Copy and paste C:\windows\system32\eliteohv32.exe into the space provided. Make sure the option "Delete on reboot" is checked!

Now, Reboot and attach a new HJT log!

 

heres the new logfile

thanks again

 

Log looks ok to me!

FINAL STEP

Reset Web Settings & Default Security Settings:


To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK


To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.


Are you experiencing any further problems?

 

wow!

Thanks so much thats such a great help, really appreciate it

atleast i'll know for next time

which there wont be if i can help it lol

thanks again

 

Good Job!

You should see this article on How to Protect yourself from malware!

Browse Safely!