SearchMiracle.EliteBar Browser Plug-in not removed by tool

[jg]

The Microsoft beta antispyware tool detects the
SearchMiracle.EliteBar Browser Plug-in and claims to remove
the bug. But if you switch users or reboot, the bug comes
back and is re-detected by the MS beta1 antispyware tool
(downloaded newest version this morning).

I have turned off system restore.
I disabled all non-critical events in the startup menu of
regedit.
I have emptied the cache and temp files and cleaned out the
cookies, did a disk clean and a defrag.
I have run the tool in safe mode.
I have run the tool in normal mode.

System is running Windows XP Home.

Why does the antispyware tool re-discover the infection
with every user change or reboot?

I have also ran the following:
AVG anti virus
CWShredder
Ad Aware
Trend Micro Housecall
Spybot
Regclean
HijackThis
SpySweeper

 

[Engel]

Steps to take if you have spyware that is not removed by
Microsoft Windows
AntiSpyware (beta)
1) Open up AntiSpyware
2) Click Tools at the top
3) Click "Submit a Suspected Spyware Report"
4) Fill out the form with as much detail so they can
anªlyze quickly


1) Update both Microsoft Antispyware and your antivirus
application.

2A)Have you tried Mcrosoft Antispyware, preferably while
running in safe mode?
2B)Shut down the computer and turn off the power. Wait for
at least 30 seconds, and then restart the computer in Safe
mode or VGA mode.

3) Do full deep scans with Microsoft Antispyware. Repeat
scanning until a complete scan comes through clean. Ditto
with the antivirus.

This isn't guaranteed, but it works for a great many items
that at first appear not to be cleaned in normal mºde.


This is fron Andy, please try his method, if no possible
clean up your system, please post back wiht mention to
this procedure.(some time the fix is out of date).
================ by Andy Manchesta ====================

Usually its not that hard to remove Elite bar, try them in
safe mode as well as the other scanners you have,If this
dont kill it then it may take programs such as startdreck
& hijackthis to reveal whats going on. (Copy this to
notepad so you can still view it in safe mode if needed )



Download Ccleaner (remove temp & unused files)
http://download.ccleaner.com/download119bin.asp

Download the elite bar remover
http://www.simplytech.it/ETRemover/ETRemover_v130.zip

(This needs to be run in safe mode-reboot and tap F8
untill you see the option page then choose safe mode)

Run the above remover in safe mode, then Ccleaner on all
3 settings(windows,apps & issues) and clear anything found
reboot and see if it still exists.


Plan B

If the problems are still there use this batch file & reg
fix Elite Bar Removal Batch File.

This attempts to remove all Elite Tool Bar entries .

Download from:
http://andymanchesta.com/Downloads/eliteremover.bat

Also download this regfix to remove all the reg values
related to elitebar

REGFIX DOWNLOAD

Right click this link and save the file to your desktop.
http://andymanchesta.com/Downloads/eliteremove.reg

Restart the PC in Safe Mode and then double click the .bat
file then run the reg fix.

Run the fix by double clicking on the eliteremove.reg file.

You will receive a message "Are you sure you want to add
information to the registry".

Click "Yes".
===================================================

Please post back the results. (positives or negative)

Engel

 

[plun]

Hi

Try this tool

http://www.simplytech.it/ETRemover/

 

[AndyManchesta]

If needed here's a great fix for Elite thanks to Merijn's
new 'Brute Force Uninstaller'

Download LQfix.exe and place it on your desktop.

http://andymanchesta.com/Downloads/LQfix.exe

Doubleclick LQfix.exe and click install.

This will create a new folder called LQfix on your
desktop.

Open the folder and doubleclick ClickThis.bat

Follow the prompts on the screen.
Your system will reboot afterwards.

Please be patient after reboot, because there is a script
running in the background.

Then its fixed

Andy

 

[AndyManchesta]

Hey Engel

Hope your well

That fix is out of date so not much use with the new
Elite variants,

The simplytech remover has moved on alot since I posted
that fix, the link Plun post would be a better one as you
get the latest fix tool then but not sure how well it
performs with the latest Elite.

With the batch and reg file I made Ive not updated them
for along time as Ive made other batches for Elite since
then. Merijns new 'BFU' program opens up alot of easier
options now to deal with this scum, The fix Ive posted
above doesnt even need to be run in safe mode as its all
done on reboot so It does make things easier.

Most real time protection should be disabled when dealing
with malware as they can protect the registry from
changes and we need to make changes to uninstall the
malware but I forgot to add this to the above post and
will add that if they have any problems with MSAS
blocking the script or not letting the changes be made
but it would be the same for Spybot's teatimer and
Adaware's Adwatch usually they are great to protect the
system but when dealing with malware these protection
programs can also protect the malware from being removed
so its worth disabling the real time protections rather
than having to do the same fix over and over again, Safe
mode would be another option as the real time protection
isnt active in safe mode so it gives another option.

Regards Andy