elitehzd32.exe??

Discussion in 'malware problems & news' started by Pellegrini, May 22, 2005.

Thread Status:
Not open for further replies.
  1. Pellegrini

    Pellegrini Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    9
    Ok, i have a weird spyware problem that originated when i wasnt home (a relative was on my comp, and some how spyware got past spyware blaster) and i cant seem to get rid of it. I am getting pop-ups (1 or 2 every minute now) and RegProtect is constantly (4-8 times a minute) informing me of a registry value added to run called elitehzd.exe (which i searched for at the given path, it wasnt there, or at least not visible). I ran spoybot S&D (which i just updated) and Ad-Aware, both found files, i deleted the files, but somehow this elitehzd.exe manages to regenerate itself. Its rather annoying and i would greatly appreciate any help. thanks.
     
    Last edited: May 22, 2005
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Wilders does not allow HijackThis logs anymore but it might be wise to visit one of the sites listed at this link,

    https://www.wilderssecurity.com/showthread.php?t=42148

    follow the instructions there, post a log and let the experts help u clean out this malware.


    snowbound
     
  3. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    What was the name of the malware detected by Spybot and Ad-Aware?
     
  4. Pellegrini

    Pellegrini Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    9
    The first time it found Fizzlebar, Apropos Media,Back Web lite, Funweb, MyWay.MyBar, PeopleOnPage, and the thing that keeps regenerating is Elitum.Elitebar.
     
  5. Pellegrini

    Pellegrini Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    9
    I just restarted my comp in safe mode, and still got pop-ups, is that possibleo_Oo_O Im starting to sense that I may have to reformate :'(
     
Loading...
Thread Status:
Not open for further replies.