elite bar removal AND cannot update definitions

[J.]

I have updated Nortin AV, Ad-Aware, Spybot S&D, and now
the MS Beta AnitSpyware but none of it is able to remove
this ELITE BAR that keeps bringing pop ups and who knows
else. Every time I run AdAware or Spybot, they find ELITE
BAR files to remove, but that never fully removes it.
ALSO, my recently downloaded MS AntiSpyware will not
download updates. The error message is that it cannot
find an internet connection even though I am connected
via a wireless Linksys via cable modem?
Please, can anyone help?
Thanks.
j

 

[Andre Da Costa]

From Andy:
Hi have you tried the elite bar remover you can get it
from here:

http://www.simplytech.it/ETRemover/ETRemover_V123.zip


Developer: SimplyTech

License: Freeware

Price: FREE

OS: Windows All

Size: 356 KB

Last Updated: April 28th, 2005 13:14



Heres the write up:

This freeware utility helps people to delete the new
infestions caused by the EliteToolbar variants that are
circulating on the Net nowadays...

The main problem is that the malware creates a lot of
registry entries and it goes in execution at the start of
the pc widing itself in RAM and deleting its own *.exe
from the C:WindowsSystem32 directory.

When the ordinary tools try to remove it, they only clean
the registry calls, the C:WindowsEliteToolbar directory
and the cabinets files where it has been originated the
first time, but they don't take any actions against the
malware itself that is currently running in RAM memory
and is waiting for the pc O.S. to be shut down to repeat
the infestation from the back!

This tool should be run from safe mode. It will not be
able to delete files in use by Windows, so running it
from a regular windows session is useless.

Good Luck

Andy

 

[AndyManchesta]

Hi im not sure about the updating problem but for elite
bar try this,Its a pain to remove because if they change
any of the systemfile names it makes it difficult for
scanners or fixes to work,Using Hijack this would help as
a last resort show what files are involved but try this
and see how you go:

Download Ccleaner (remove temp & unused files)

http://download.ccleaner.com/download119bin.asp


Download the elite bar remover

http://www.simplytech.it/ETRemover/ETRemover_v130.zip

(This needs to be run in safe mode-reboot and tap F8
untill you see the option page then choose safe mode)



If the problems are still there use this batch file


Elite Bar Removal Batch File.

This attempts to remove all Elite Tool Bar entries .

Download from:

http://xsorbit26.com/users5/andymanchesta/index.php?
action=dlattach;topic=3206.0;id=296

Save to desktop,Restart the PC in Safe Mode and then
double click the .bat file.


If the problems are still there download this reghack to
remove all the reg values related to elitebar

Use this registry hack which removes registry entries
related to Elite Toolbar automatically.

REGHACK DOWNLOAD: Right click this link and save the file
to your desktop.

http://xsorbit26.com/users5/andymanchesta/index.php?
action=dlattach;topic=3206.0;id=297


Run the fix by double clicking on the eliteremove.reg
file.

You will receive a message "Are you sure you want to add
information to the registry".

Click "Yes".

Alternatively, if you prefer to do it manually, delete
all of the following registry entries found:

[-HKEY_LOCAL_MACHINE\Software\Elitum]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\DownloadMana ger]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Toolbar]
[-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
on\Uninstall\EliteBar Internet Explorer Toolbar]
[-HKEY_CLASSES_ROOT\CLSID\{0A1D22C3-37BE-470C-9C29-
E3074EE0574B}]
[-HKEY_CLASSES_ROOT\CLSID\{28CAEFF3-0F18-4036-B504-
51D73BD81ABC}]
[-HKEY_CLASSES_ROOT\CLSID\{28CAEFF3-0F18-4036-B504-
51D73BD81C3A}]
[-HKEY_CLASSES_ROOT\CLSID\{825CF5BD-8862-4430-B771-
0C15C5CA880F}]
[-HKEY_CLASSES_ROOT\CLSID\{825CF5BD-8862-4430-B771-
0C15C5CA8DEF}]
[-HKEY_CLASSES_ROOT\CLSID\{BE8D0059-D24D-4919-B76F-
99F4A2203647}]
[-HKEY_CLASSES_ROOT\CLSID\{ED103D9F-3070-4580-AB1E-
E5C179C1AE41}]
[-HKEY_CLASSES_ROOT\Interface\{A9B28EF6-ABF3-463B-A3D8-
4D0D0BADFADC}]
[-HKEY_CLASSES_ROOT\TypeLib\{CA9FC31A-6F35-4493-B629-
E64BD6170A17}]
[-HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{28CAEFF 3-
0F18-4036-B504-51D73BD81ABC}]
[-HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{825CF5B D-
8862-4430-B771-0C15C5CA8DEF}]
[-HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{BE8D005 9-
D24D-4919-B76F-99F4A2203647}]
[-HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{ED103D9 F-
3070-4580-AB1E-E5C179C1AE41}]
[-HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{0A1D22C 3-
37BE-470C-9C29-E3074EE0574B}]
[-HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{825CF5B D-
8862-4430-B771-0C15C5CA880F}]
[-HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{28CAEFF 3-
0F18-4036-B504-51D73BD81C3A}]
[-HKEY_LOCAL_MACHINE\Software\CLASSES\Interface\{A9B
28EF6-ABF3-463B-A3D8-4D0D0BADFADC}]
[-HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{CA9FC 31A-
6F35-4493-B629-E64BD6170A17}\1.0]
[-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
on\explorer\Browser Helper Objects\{28CAEFF3-0F18-4036-
B504-51D73BD81ABC}]
[-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
on\explorer\Browser Helper Objects\{825CF5BD-8862-4430-
B771-0C15C5CA8DEF}]
[-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
on\explorer\Browser Helper Objects\{BE8D0059-D24D-4919-
B76F-99F4A2203647}]
[-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
on\explorer\Browser Helper Objects\{ED103D9F-3070-4580-
AB1E-E5C179C1AE41}]
[-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
on\explorer\Browser Helper Objects\{0A1D22C3-37BE-470C-
9C29-E3074EE0574B}]
[-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
on\explorer\Browser Helper Objects\{825CF5BD-8862-4430-
B771-0C15C5CA880F}]
[-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
on\explorer\Browser Helper Objects\{28CAEFF3-0F18-4036-
B504-51D73BD81C3A}]

And delete the following registy key values.

[HKEY_CURRENT_USER\Software\LQ] "ohb_ie_plugin"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVers
ion\Run] "antiware"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVers
ion\Run] "kalvsys"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVers
ion\Run] "msnmsgq32"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVers
ion\Run] "SheduIer"=-


You may need to enable hidden files and folders,Goto
start then search and goto the top bar and press tools,go
to folder options then view and check the box that says
show hidden files and folders,plus below this uncheck the
box that says hide extentions for known types,press apply
then exit.



Open Explorer, by clicking Start Menu, then Run. Type in
explorer, then click OK.

If any of the following directories exist, delete them.

C:\WINDOWS\EliteToolBar\*.*
C:\WINDOWS\EliteSideBar\*.*
C:\WINDOWS\EliteBar\*.*
C:\WINDOWS\System32\EliteToolBar\*.*
C:\WINDOWS\System32\EliteSideBar\*.*
C:\WINDOWS\System32\EliteBar\*.*


Using the Start Menu Find / Search facilty, search for
the following filenames. If any are found deleted them.

- dl
- dl.exe
- suicidetb.exe
- kal*sys.exe
- elite*32.exe
- silent_install.exe
- protection.exe
- protection_update.exe

Open Internet Explorer, from the main menu select Tools,
then Internet Options.

From the section marked Temporary Internet Files,delete
cookies, press the Delete Files button Ensure that the
check box, Delete all offline content is ticked, then
click the OK button.

Plus go to the programs tab and choose reset web settings


The elite bar is sometimes installed by trojan
downloaders
(Trojan.Win32.StartPage.nk,Trojan/Startpage.KS,
Adclicker.Ba,Trojan_Small.ZO,
TrojanDownloader:Win32/Plirt.A, Trojan-
Downloader.Win32.Small.vv, Win32.Startpage.KR!downloader)

Using this damage clean up tool from trend micro will
remove all these if any are on your system

http://www.trendmicro.com/ftp/products/tsc/tsc.zip


Then run Ccleaner to remove any temp or unused files.Use
Ccleaner on all 3 settings(windows,applications and
issues)


Regards Andy

 

[AndyManc]

Hi Andre,The ET remover was updated 3 days ago so
hopefully the new version will remove this,

I went abit overkill though just incase it doesnt and
included some other removal instructions.

There is a uninstaller for this on searchmiracles site
but with it coming from the people who put the elitebar
crap in i really wouldnt advise people use it.I did test
it on mine a couple of hours ago and it seems genuine
enough it didnt add any extra files or try to make any
changes but users should be cautious about using it.I
suppose if you are infected with this then theres not
much to lose by trying the uninstaller but you should try
the genuine programs first.


Hopefully they will be able to kill this using the ET
remover or the batch/reg file to save alot of time

Regards Andy

 

[Andre Da Costa]

Ok, thanks Andy.