Results 1 to 4 of 4

Thread: Elitebar Pokapoka

  1. #1
    Member Lancelot's Avatar
    Join Date
    Nov 2006
    Posts
    57

    Default Elitebar Pokapoka

    Hi.

    Spybot reported Elitum.Elitebar.Pokapoka on a scan some days ago. The item that was found:
    Documents and Settings\name\Local Settings\Temp\~setuptmp0\irsetup.exe.

    Spybot removed irsetup.exe. After the next bootup, I had a look in the temp folder. The removed file was back! Now it had a slightly different location:
    Documents and Settings\name\Local Settings\Temp\irsetup.exe.
    The file was signed Indogo Rose Corporation, and "Setup Factory 6.0 Runtime Module" was mentioned in its properties.

    I deleted it.


    I experienced something else recently which I find strange: A shortcut to Skype was created on the desktop. No one else had physically access to this pc...

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello.

    • Open SpyBot.
    • Check for problems.
    • When the scan completes, right click on the results list, select "Copy results to clipboard".
    • Paste (Ctrl+V) those results into a new post in this topic.


    Regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Member Lancelot's Avatar
    Join Date
    Nov 2006
    Posts
    57

    Default

    Thank your for answering.

    This time Spybot found nothing. But I wonder.. if this file could re-create itself one time, there must be something more that Spybot did not detect? And this thing can re-create that file later? Should I disable System Restore and run HijackThis?

    Also, I suspect someone from the outside have penetrated my firewall and paid a visit. I read this Firewall Leak Test, and it seems getting past my Symantec firewall is easy as cake. I don't know how to confirm my suspicion. Maybe creating a shortcut on the desktop was a practical joke, some kind of "I was here" message.

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hi there.
    Quote Originally Posted by Lancelot View Post
    Should I disable System Restore and run HijackThis?
    If you wish to produce a HJT log please see our procedure: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
    Please do NOT turn off System Restore trying to remove an infection. Doing so would only serve to destroy a known restore point (not good) and won't remove the malware. Let your helper advise you as to when a System Restore flush is called for.
    Then start your own thread in the Malware Removal Forum A helper would advise you when available.

    Cheers.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •