EliteToolbar
Remover V.2.1.2 |
Freeware
anti-malware (Updated: 16 Oct. 2005) |
The new EliteToolbar Remover deletes
any traces of the following persistent malwares:
EliteBar
(adware toolbar)
EliteToolbar (adware toolbar)
EliteSidebar (adware toolbar)
BargainBuddy
(Adware)
Browser Aid (adware
toolbar)
CashToolbar (adware toolbar)
FreshBar
(also known as: ADW_FRESHBAR.B, adware)
GameSpy
(adware)
InternetExplorer
Plugin (adware)
MoneyTree
(adware)
Nail.exe
(Trojan)
NaviSearch (Adware)
navpsrvc.exe
(also known as: W32/Forbot-EF, worm)
SearchMeUp
(adware toolbar)
SideStep
(spyware)
Spybot
- Randex (Worm)
SupportSoft
(spyware)
SurfSideKick
(malware)
Win32.RBot
(Worm)
winmon.exe
(also known as: W32/Agobot-KA, trojan)
WinMoviePlugIn
(adware)
...
and many others! Too much to list!
Last
update: 16th October 2005
Technical Summary of the EliteToolbar malware
(now known as PokaPoka):
Name: EliteBar IE Toolbar
Company:
Search Miracle (www.searchmiracle.com)
Description
: EliteBar (ELITETOOLBAR VERSION xx.DLL) IE toolbar.
Component of SearchMiracle.
Adware applications, toolbars and browser extensions
may serve advertisements even while you are not surfing
the Internet.
This application may serve various types of advertising,
not limited to pop-up ads. It may result in blocking
the activity of a PC user since this malware consumes
a lot of memory because it constantly monitors if someone
is deleting it from the registry or is trying to kill
it in some way. It may also block anti-virus programs
and contains a list of *.exe program names in memory
to block them if it detects they are running in the
task manager.
Summary of the EliteToolbar Remover v.2.1.x:
A lot of people around Internet are having problems
with one of the latest Elitetoolbar malware variants,
the new variants are called PokaPoka but this pest used
a lot of other names in the past.
Actually
some software like Spybot v.1.3, CWShredder
v.2.12, Noadware, Adaware
v.6, SpyNuker 2004 and SBC
Yahoo! Anti-spy have no success in deleting
this very frustrating malware. These programs find and
delete it, but it keeps coming back since this new variant
is very difficult to remove from the operating system.
The main problem is that the malware creates a lot of
registry entries and executes at PC startup, winding
itself into RAM and deletes its own *.exe from the C:\Windows\System32
directory.
When ordinary tools try to remove it, they only clean
the registry calls, the C:\Windows\EliteToolbar directory
and the cabinets files where it originated from, but
they don't take any action against the malware itself
that is currently running in RAM and waiting for the
PC OS to be shut down only to repeat the infestation
once again!
This new version of the EliteToolbar has all the previous
disadvantages of the CoolWebSearch malware and some
new ones including pop-up windows every 2 minutes, a
permanent block of the Google Toolbar (if present),
redirecting of any instances of Google and Yahoo web-browsing,
and so on...
This is a very tricky situation that keeps frustrating
people who experience it!
We,
at SimplyTech.it,
in early January 2005, released a freeware utility that
helped you restore your OS functionality by killing
this malware. Since this version 1.0 of our EliteToolbar
Remover, the silly guys at EliteToolbar have released
some new variants of their malware. The variants in
circulation from the end of January 2005, in fact, do
a cache detect of the words: "EliteToolbarRemoverV10.zip"
which was the old name of our previous version 1.0.
If
you are trying to download it from a mirror site you
will receive the following error:
''Cannot
copy file, Cannot read from file source or disk''
This is not a message from your operating system, but
a stupid message from the malware that is actually running
in your PC.
The
new variants of the malware also completely conceal
the presence of the EliteToolbarRemoverV10.exe, so that
if you are opening the archive you can only see the
readme.doc file that is attached to that and you cannot
see the *.exe even if though it is really there! After
all, these are very clever programmers, aren't they?
Anyway,
it is sure that these people will also blacklist the
new name of the zip we are using now, so if this occurs
and some new variants will circulate the Internet from
today we suggest you to download the software to another
PC and take it on a diskette or a USB pendrive and run
it on the infected PC in Safe Mode, as usual.
Look
carefully at what you have to do:
The
only thing you have to do is to reboot your machine
in Safe Mode (just click the F8 key as the PC is starting,
just before the MS Windows flag screen appears) and
run the EliteToolbar Remover, then click the "Kill
Elite Toolbar" button and wait until it finishes
its work.
Occasionally a DOS box may appear asking your permission
to delete some files in temporary Windows directories.
You must accept the deletion of these to be sure of
properly removing the malware!
What's
new in Version 2.1.x?
This
version solve some minor bug of the v.2.1.0 wich has
been released the 02nd of October and follows a two
months Beta V.2.0.1 release wich was distributed in
the http://www.simplytech.it/forum/.
This version take care of the new and very hard “PokaPoka”
variants of the EliteToolbar malware. The PokaPoka series
uses some new skill to attack your pc without leaving
a sign. It uses a dll wich the people behind the malware
have called Nt_HideXX.dll wich makes “trasparent”
the presence of the PokaPoka process and inject it in
any running task. So, that’s why killing this
malware in Normal Mode is virtually impossible but we
did a little miracle by using some new attack to this
malware. This time onward, when ETRemover finds a PokaPoka
infestation, it will split its work in two steps and
will complete the second step after a Re-Boot in Normal
Mode. So, from the current version ETRemover could be
run just in Normal Mode if you want to kill the PokaPoka
malware and will do its work in two sessions (the present
boot and the further boot). If you want to remove the
infestation in just one session you can simply go in
Safe Mode and run the program from there. You’ll
be sure to remove this and other infestations in that
way.
The ETRDFN.DAT file is the file wich contains the malware
definitions.
What was new in the previous versions?
The previous programs inducted features like:
- a complete real-time processes-manager
- the automatic detection of the EliteToolbar malware
even if the system is running in Normal Mode, even though
it is strictly suggested to run the program in Sade
Mode!
- it is possible to dump a process while it is running
to save it in a *.dmp file that can be useful when a
new variant of the malware is in circulation and you
want to send it to us to check for it
- the program generates a Registry Log file by clicking
on the button: "Save Reg. Log".
This file shows a list of the auto-run keys, subkeys
and values from your System Registry.
From
the version 1.1.B, the program defeats also some variants
of the BrowserAid and the CashToolbar
malwares.
From the version 1.2.2, the program defeats also the
following malwares: SearchMeUp, FreshBar
and the navpsrvc.exe infestation. This
last is a NEW persistant worm wich steals informations
from the pc and acts as a key-logger put your privacy
and security unders a serious risk!
EliteToolbar Remover Live Update:
The EliteToolbar Remover has automatic live update function:
by using the command "Check for updates..."
in the menu of the program it will search if a new version
is available in our site, and will let you download
it if necessary.
Downloads:
To download the *new* version 2.1.2
of the program click here!
The program has also permanent mirrors here
at Softpedia.com, here
at MajorGeeks.com and here
at BetaNews.com
Do you have an error message-box that says you need
the Msinet.ocx or Comctl32.ocx?
You can download the DLLs.zip from here
and register the 2 ocx it via Regsvr32 (by following
the instructions in the file ReadMe.txt), or you can
download the EliteToolbar Remover Setup Kit
from here! (This
last will be easiest ;) )
Note:
since it is a freeware the program may be redistribuited
everywhere!
To
support us and to keep some new freeware coming soon
or later, we would appreciate a donation from our users.
Any amount would be greatly appreciated... YES! Also
one single dollar... why not? :)
By clicking the donation link below, you will be able
to make a donation to us using PayPal.
It's fast, easy and secure.
If
you want to do a donation but you have not a PayPal account,
you can copy my address from the following picture and
send me a donation via mail if you want :)
Thank
You for your support!! :-)
For
any question or problem, or if you want to advise us
of the presence of some new variant of the malware,
you can contact us by writing a mail to giancarlo@simplytech.it
or you can put a message in the EliteToolbar Remover
section of our forum here.
You will have a reply in the shortest time.
The
program has been awarded with 5 stars
and won a SoftPedia
Pick Award.
Programa Recomendado en
UpToDown.com
|