or How to Remove SearchMiracle/EliteBar (Alt. 1, Rev. 3)
Giancarlo Calo, over at SimplyTech.it, remains aggressive with his freeware Elite Toolbar Remover. Among the infections it claims its version V.2.0.0 can remove "every trace" of are the following. The items highlighted in red are linked to Virtual Grub Streets's "How to Remove/Detailed Information" pages:
This is now well known to be a trick that the newer adware and malware products are widely copying. Perhaps this is the reason that the Elitebar Removal Tool has added so many products to the list of infections it removes. It is certainly the reason that most HijackThis and manual removal instructions direct the user to do file deletions while in Safe Mode.
EliteBar; EliteToolbar; EliteSidebar; BargainBuddy; Browser Aid; CashToolbar; FreshBar; GameSpy; MoneyTree; Nail.exe; NaviSearch; navpsrvc.exe (also known as: W32/Forbot-EF, worm); SearchMeUp; SideStep; Spybot - Randex; SupportSoft; SurfSideKick; Win32.RBot; Winmon.exe (also known as: W32/Agobot-KA, trojan); WinMoviePlugIn; and [InternetExplorer Plugin].
The "How to Remove" detail pages for SearchMiracle/EliteBar consist of the articles regularly posted at VGS. The file information for EliteBar is located on the Adware & Malware Indentifier Index itself. Further detail pages will be added on a continuing basis.
Simply Tech's description of the reason why SearchMiracle/EliteBar is so difficult to remove verifies the information in the various Virtual Grub Street articles over the past months:
Actually some software like [SpyBot S&D] v.1.3, CWShredder v.2.12, Noadware, [Ad-Aware] v.6, SpyNuker 2004 and SBC Yahoo! Anti-spy have no success in deleting this very frustrating malware. These programs find and delete it, but it keeps coming back since this new variant is very difficult to remove from the operating system.
The main problem is that the malware creates a lot of registry entries and executes at PC startup, winding itself into RAM and deletes its own *.exe from the C:\Windows\System32 directory.
When ordinary tools try to remove it, they only clean the registry calls, the C:\Windows\EliteToolbar directory and the cabinets files where it originated from, but they don't take any action against the malware itself that is currently running in RAM and waiting for the PC OS to be shut down only to repeat the infestation once again!
This is now well known to be a trick that the newer adware and malware products are widely copying. Perhaps this is the reason that the Elitebar Removal Tool has added so many products to the list of infections it removes. It is certainly the reason that most HijackThis and manual removal instructions direct the user to do file deletions while in Safe Mode.
Giancarlo describes the new feature specific to Version 2.0.0 as follows:
An [h]euristhic search done with commercial antivirus programs (like Norton AntiVirus and McAfee Virus Scan) gave some FALSE POSITIVE messages when they opened the ETRemover_V130.exe and ETRemover_V131.exe files....The new version 2.0.1 (and the previous beta V.2.0.0) overcomes to this problem by using an external ETRDEF.DAT file wich contains the definitions of all the malwares, virus, trojans and the Registry keys scanned by the program to clean the infected pc.
The new version has also added InternetExplorer Plugin to the list of infections it claims to remove. Otherwise, the removal tool would seem to be unchanged.
Also see:
- LQfix Information Page (October 15, 2005) There's a new tool in town!
- How to Remove PokaPoka. (October 12, 2005) Does your EliteBar variant include PokaPoka.exe?
- EliteBar Removal Tool Updates to 2.0.1. (September 21, 2005) The EliteBar Removal Tool now comes in two flavors and two generations!
- SearchMiracle.EliteBar Then and Now (September 20, 2005).
- More on Variant ADW_ELITEBAR.D. (May 27, 2005). "It is a standard XP with two top-end commercial anti-virus programs. Moreover, one of the anti-virus programs -- Trend Micro's PC-Cillin -- we already know..."
- Diabolical new EliteBar variant Strikes the Web!!!! or the one the EliteBar Removal Tool can't remove (May 22, 2005).
- EliteBar Removal Tool Updates to 1.3.0!!!!!or How to Remove SearchMiracle/EliteBar (Alt. 1, Rev. 2)
- Key File Index (May 18, 2005).
- Adware & Malware Identifier Index (May 9, 2005). "The following is an in-progress index of some of the more common malware toolbars/browser helper objects at large on the Internet."
- Is Google Associated with a SearchMiracle Knock-Off? (April 27, 2005). "A question begs the asking: How does NetNucleus generate revenue from its Mirar Toolbar search directory if it enters search terms in the Google Search Engine?"
- HijackThis vs. the Elitebar Removal Tool (April 23, 2005). "While this approach may provide some limited, and temporary, relief, SearchMiracle will soon be back in full force."
- EliteBar Removal Tool Alert: Update V.1.2.2.!!! (April 18, 2005). "The new variants of the malware also completely conceal the presence of the EliteToolbarRemoverV10.exe, so that if you are opening the archive you can only see the readme.doc file that is attached to that and you cannot see the *.exe even if though it is really there!"
- HijackThis vs. SearchMiracle/EliteBar (April 11, 2005).
- How to Remove SearchMiracle/ EliteBar (February 27, 2005).
- Online Bibliography (Regularly updated). A bibliography of Gilbert Wesley Purdy's work on the Web and elsewhere including computer topics.
[re: SearchMiracle.EliteBar Search Miracle Elite Bar EliteToolBar Elitum Elite Toolbar Elite Tool Bar ETBrun YupSearch Yup Search.]
No comments:
Post a Comment