PDA

View Full Version : Elitebar Pokapoka


Lancelot
2007-11-26, 15:11
Hi.

Spybot reported Elitum.Elitebar.Pokapoka on a scan some days ago. The item that was found:
Documents and Settings\name\Local Settings\Temp\~setuptmp0\irsetup.exe.

Spybot removed irsetup.exe. After the next bootup, I had a look in the temp folder. The removed file was back! Now it had a slightly different location:
Documents and Settings\name\Local Settings\Temp\irsetup.exe.
The file was signed Indogo Rose Corporation, and "Setup Factory 6.0 Runtime Module" was mentioned in its properties.

I deleted it.


I experienced something else recently which I find strange: A shortcut to Skype was created on the desktop. No one else had physically access to this pc... :blink:
tashi
2007-11-26, 17:04
Hello.


Open SpyBot.
Check for problems.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Paste (Ctrl+V) those results into a new post in this topic.

Regards. :)
Lancelot
2007-11-27, 01:05
Thank your for answering.

This time Spybot found nothing. But I wonder.. if this file could re-create itself one time, there must be something more that Spybot did not detect? And this thing can re-create that file later? Should I disable System Restore and run HijackThis?

Also, I suspect someone from the outside have penetrated my firewall and paid a visit. I read this Firewall Leak Test (http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php), and it seems getting past my Symantec firewall is easy as cake. I don't know how to confirm my suspicion. Maybe creating a shortcut on the desktop was a practical joke, some kind of "I was here" message.
tashi
2007-11-27, 06:28
Hi there.

Should I disable System Restore and run HijackThis?
If you wish to produce a HJT log please see our procedure: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Please do NOT turn off System Restore trying to remove an infection. Doing so would only serve to destroy a known restore point (not good) and won't remove the malware. Let your helper advise you as to when a System Restore flush is called for.
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) A helper would advise you when available.

Cheers.