|
EliteBar
Overview
EliteBar, also called Adware.EliteBar, Adware.EliteBar.B, ADW_ELITBAR.A,
ADW_ELITEBAR.B, ADW_ELITEBAR.F and SearchMiracle.EliteBar, is a
toolbar that shows links to other web sites. The vendors
description:
"When the components are installed, a circumspect Enternet Media Toolbar will appear
on the pinnacle of your Internet Explorer browser that will exhibit links to free
websites, as well as enhance your browsing experience; it provides you access to
various type of websites."
EliteBar assigns a unique id to each software installation and
collect and store information about your internet usage, such as the full
URL for each web page you use. EliteBar will also collect
information on how you respond to advertising and the search terms you enter in
the toolbar.
EliteBar can update itself automatically and download
new applications, without user interaction.
Several users has reported that their Search Bar, Search Page, SearchAssistant,
SearchURL and Start Page has been changed to "http://searchmiracle.com/sp.php"
or "http://www.searchmiracle.com/", identfied by the following registry keys:
HKCU\Software\Microsoft\Internet Explorer\Main\Search Bar
HKCU\Software\Microsoft\Internet Explorer\Main\Search Page
HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant
HKCU\Software\Microsoft\Internet Explorer\SearchURL
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
The anti-virus vendors states that there are other software components
that modify Internet Explorer's zone settings for searchmiracle.com
and that EliteBar has been download on the end users'
systems by a Trojan horse
[1]
[2]
[3]
[4]
[5].
EliteBar version 60 uses uses sophisticated hiding of the
%SystemDir%\eliteiit32.exe (the name of this files may be different on your computer) and
%WinDir%\EliteToolBar\EliteToolBar version 60.dll files, making them
almost invisible in Explorer. The .exe file will not show up in
the Task Manager's process list.
Note: %WinDir% is a variable (?). By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\WINNT (Windows NT/2000).
Note: %SystemDir% is a variable (?). By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
Classification
Downloader
Adware
Internet Explorer Toolbar
Files
eliteiit32.exe, EliteBar.dll, EliteBar version 34.dll, EliteBar version 35.dll, EliteBar version 32.dll, EliteBar version 38.dll, EliteBar version 37.dll, EliteBar version 39.dll, EliteBar version 48.dll, EliteBar version 51.dll, EliteBar version 50.dll, EliteBar version 46.dll, EliteBar version 49.dll , EliteBar version 40.dll, EliteToolBar version 58.dll, EliteToolBar version 60.dll
If you have any of the files related to EliteBar on your system,
please send them
for additional analysis. Generally, I have only analysed a
few versions for each software component listed at this web site. With your help I
will be able to look at both old and more recent versions of the EliteBar software.
Thank you very much for your time!
Log references
Log 1099
Log 1122
Log 1232
Vendor
searchmiracle.com
Detection
Bazooka Adware and Spyware Scanner detects EliteBar.
Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and
other potentially unwanted applications.
Read more »
Uninstall procedure
Uninstall EliteBar from "Add/Remove Programs" in the Windows® Control Panel. Look for an entry called "EliteBar Internet Explorer Toolbar".
The vendor offers an installer at http://searchmiracle.com/uninstall.exe.
Uninstall EliteBar with FreeFixer
I'm working on a general purpose tool for removing unwanted software.
The tool is called FreeFixer
and can help you remove unwanted Browser Helper Objects, Internet Explorer toolbars
and software that starts automatically when you reboot your computer, so it can offer some
assistance while uninstalling EliteBar. The manual removal instructions
listed below will help you to identify what to delete with
FreeFixer.
Read more about FreeFixer.
Manual removal
Please follow the instructions below if you would like to remove EliteBar manually. Please
notice that you must follow the instructions very carefully and delete everything that is mentioned. In most
cases the removal will fail if one single item is not deleted. If EliteBar remains on your system
after stepping through the removal instructions, please double-check by stepping through them again.
-
Start your computer in safe mode.
-
Start the registry editor. This is done by clicking Start then Run.
(The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)
- Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ {28CAEFF3-0F18-4036-B504-51D73BD81ABC}', if it exists.
- Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ {28CAEFF3-0F18-4036-B504-51D73BD81C3A}', if it exists.
- Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ {825CF5BD-8862-4430-B771-0C15C5CA880F}', if it exists.
- Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ {825CF5BD-8862-4430-B771-0C15C5CA8DEF}', if it exists.
- Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ {ED103D9F-3070-4580-AB1E-E5C179C1AE41}', if it exists.
- Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ {FA6548E9-78F5-4025-9D7B-FC1367789C38}', if it exists.
- Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {28CAEFF3-0F18-4036-B504-51D73BD81ABC}', if it exists.
- Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {28CAEFF3-0F18-4036-B504-51D73BD81C3A}', if it exists.
- Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {825CF5BD-8862-4430-B771-0C15C5CA880F}', if it exists.
- Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {ED103D9F-3070-4580-AB1E-E5C179C1AE41}', if it exists.
- Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {FA6548E9-78F5-4025-9D7B-FC1367789C38}', if it exists.
- Browse to the key:
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Toolbar'
- In the right pane, delete {825CF5BD-8862-4430-B771-0C15C5CA8DEF}, if it exists.
- Browse to the key:
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
- In the right pane, delete the values called 'checkrun', 'etbrun', 'Sys29' and 'SysA', if they exists.
- Exit the registry editor.
-
Start Windows Explorer and delete:
%SystemDir%\eliteyel32.exe
%WinDir%\elitebar\
EliteBar.dll
EliteBar version 32.dll
EliteBar version 34.dll
EliteBar version 35.dll
EliteBar version 37.dll
EliteBar version 38.dll
EliteBar version 39.dll
EliteBar version 40.dll
EliteBar version 46.dll
EliteBar version 48.dll
EliteBar version 49.dll
EliteBar version 50.dll
EliteBar version 51.dll
EliteToolBar version 58.dll
EliteToolBar version 60.dll
Note: %WinDir% is a variable (?). By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\WINNT (Windows NT/2000).
Note: %SystemDir% is a variable (?). By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- Start Microsoft Internet Explorer.
- In Internet Explorer, click Tools -> Internet Options.
- Click the Programs tab -> Reset Web Settings.
Problems uninstalling? Click here.
I'm looking for your help!
Thank you for using my site, I hope you find it useful. I'm looking
for help from all users, please read more.
Contact information for EliteBar's vendor
In order to provide correct, accurate and updated information about EliteBar
I encourage the vendor to contact me if any part of this write-up
needs a revision.
Related links |
|
Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!
The File Database - Search the file database for more information. Free!
PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!
Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.
|
|
|