The Holder of this blog uses no cookies and collects no data whatsoever. He is only a guest on the Blogger platform. He has made no agreements concerning third party data collection and is not provided the opportunity to know the data collection policies of any of the standard blogging applications associated with the host platform. For information regarding the data collection policies of Facebook applications used on this blog contact Facebook. For information about the practices regarding data collection on the part of the owner of the Blogger platform contact Google Blogger.

Friday, February 18, 2005

Elite Bar Adventures

The following story is, unfortunately, true. What is even more unfortunate is that there is considerably more to the story. I, too, decided to end a long day of site maintenance (etc.) by browsing the Blogspot "Recently Updated" rolling index which dovetails into the "Next Blog" button. I'll let Mr. Alvin Borromeo , of Blogspots MT Law Blog, tell his story and will follow it with further vitally important information concerning our shared experiences and the astonishing results of my subsequent investigation:
CAUTION: Mallory & Tsibouris Co., LPA does not endorse the use of the "Next Blog" icon at the upper right hand corner of this blog. Please see this post for further information. Monday, January 24, 2005



Spyware on Blogspot?
If you look to the upper right hand corner of this webpage, you will see an icon to go to the "next blog." Clicking on this icon will take you to a randomly selected Blogger blog. Yesterday I was surfing the web on my home computer and hit the "next blog" icon a few times to see what's out there. One of the hits was nana***.blogspot.com (the actual name has numbers in place of the astisks). Pop-ups immediately appeared on my computer immediately after I visited the nana blog, even though I have a pop-up blocker installed. I started getting messages about system resources, etc. I immediately closed all of my browsers, but it was too late. When I re-opened my browser it went to a different home page. My computer was hijacked! Sure enough, Ad-aware (from lavasoft) indicated that my computer had been infected with the Search Miracle/Elite Bar virus.I sent Blogger an e-mail to investigate. I will post their response. In the meantime, I will not be clicking on the "next blog" icon in the near future.

The blog I was directed to, at the time my computer was attacked, was called "Cut Me Deep". But far more happened than the simple download of the SearchMiracle/EliteBar adware. Realizing that the destruction of my Yahoo Pop-Up blocker, and a flood of pop-up ads, at the rate of some dozens per minute, the considerable majority advertising Microsoft Anti-spyware/adware, indicated a possibly serious attack, I brought out the full bag of tricks and went to work. Norton is my first line of information/defense but it, too, was disabled after a few preliminary scans.

I needed information from an uncorrupted source and logged back online and went to the Symantec Free Virus Scan page and spent an hour and more getting the Active-X scan files to download. Another hour was required in order to complete the search. Symantec informed me that I had about ten files infected with EliteBarB adware and nearly
1500 files infected with some generic form of the adware called simply: "adware.elitebar". But one detail of the scan report was shocking: the majority of the infected files were Norton/Symantec program and data files. There were perhaps 10 other infected files, most of them infected with the "B" version of EliteBar adware. Something was clearly out of place.



After a day of chasing down the the parasite files and digging out the Windows registry entries inserted by EliteBarB, my computer worked considerably better with the exception that pop-up ads continued at a much faster rate than normal. This lasted for another couple of hours, as I managed to do a Windows program integrity scan (no errors) and tried to disrupt any lingering remnants of the adware by doing repeated defrags and registry optimizations. Soon the Norton package was again inoperable: clearly attacked by the EliteBar adware! I was furious. This "adware" was a sophisticated and voracious virus. Surely, a criminal act. Why wasn't anyone going after these guys?

The next day again, I decided that the Norton/Symantec data file corruption was something I had to get around somehow. I decided to try another Free Virus Scan site and to see how the results compared. As luck would have it, I choose
Panda Software's Scan (a company nominally headquartered out of Bilboa, Spain). Panda's Active X files downloaded reasonably quickly. The scan was reasonably quick as well. But the results were very different. Like Norton/Symantec, Panda informed me that I had some files infected with EliteBarB, but only 5 rather than 10. Panda also told me that I had some 1500 infected files all tolled... But the files, it informed me, were not infected with some generic form of EliteBar adware. It identified them as a "startpage.sj" trojan!!!!!! This trojan, it informed me, had been detected for the first time two days before it attacked my computer. No further information, of any substance, was available.

While Norton/Symantec only gives free scans, Panda also gives free decontamination of all detected worms and viruses (but not of any spyware or adware -- you must buy their software for that). I decided to take the decon. Sure enough, once the trojan was removed the pop-ups were reduced to a normal level and my computer ran normally again. Only the EliteBarB remained and I had manually removed its brain.

But now I notice that shortly after pages are loaded up in my browser they begin to display dozens of links to a search engine with the address
www.searchmiracle.com/. Numerous web searches inform me that this is the sign of SearchMiracle/EliteBar adware. Not only that, but they inform me that startpage.sj (there is also an ".sk" version) appears nowhere on Yahoo and in only a few listings on Google almost all of which are sites of Panda or its subsidiaries. Because Panda clearly operates under a number of subsidiary names in various parts of the world, it is possible that only Panda lists an advisory for startpage.sj and only it has the software to remove it. As for the search engine www.searchmiracle.com/ , it provides no information about its owner and none is available via any major search engine.



Moreover, when a "HTTP Error 404 - File or directory not found" message would normally be the result of a search for a URL that did not exist, or link that was broken, my browser sent me to http://www.yupsearch.com/search.php. This is the same advertising search engine as www.searchmiracle.com/. It simply enters via a different front URL.


The only thing that can be said, with any degree of certainty about startpage.sj, is that it may not be a trojan, per se, but may enter the host computer, install the searchmiracle/elitebar adware tool bar in place of the traditional Microsoft Elite Toolbar, and, then, protect itself and/or SearchMiracle/EliteBar from removal by corrupting the program and data files of at least Norton, and perhaps other major anti-virus competitors, so that they indicate simply, generic EliteBar adware. Somehow, Panda is the only Anti-Virus company that has yet detected it. In a matter of hours after it detected the trojan it had developed a program to remove it.
Also see:

[re: SearchMiracle.EliteBar Search Miracle Elite Bar EliteToolBar Elite Toolbar Elite Tool Bar Elitum ETBrun YupSearch Yup Search.]

48 comments:

me said...

Gilbert,

Wow. I'm sorry you had to deal with the same problem I did. Luckily I was able to remove the virus after 3 long hours of work. My problems with the "next blog" button prompted me to move my blog to our firm's server. It's now located at www.mt-law.com/blog and you will note that the "next blog" icon is no longer there.

The response from Blogger was utterly useless and did not address the real issue at hand.

Thanks for spreading the word.

teece said...

Bummer about that. Two points: from looking at the source for the web-page in question, and downloading the Javascripts it downloads with wget and reading them, this is both specific to Windows AND Internet Explorer. If you have the option, Firefox or Mozilla is not able to be infected with this exploit (as far as I can tell -- I don't use Windows). Neither is a Mac or a Linux machine, but that is probably impractical. But, from a general computer security standpoint, don't use Internet Explorer unless you absolutely must.

Second, the author of the blog in question may not even realize their page is doing this. IOW, they may not be malicious. It appears that the "cover" action is a bit of Javascript to play music. The author of the blog MAY have just cut-and-pasted that bit of code, hoping to snaz up their blog with sound. Or not.

Anonymous said...

It's really sad you struggled with all those other, wierd, programs, when the two best ones, hijackthis and spybot are free, small, and easily downloaded. Also, 'defragging' and 'registry cleanups' do absoloutely nothing to remove adware or virus infestations. Don't waste your time next time 8)

Mick Flynn Images said...

I seccond Timothy (above)...get Firefox.

Anonymous said...

1) Norton is almost always a hindrance not a help. At times, it can be more malign than any virus. I know of at least one individual who had his hard drive wiped clean by Norton. You too have discovered this the hard way. Dump this shitty product before it fucks you again.

2) I concur with what someone else already said: defragging and "registry cleanup" (whatever that may mean to you) will probably do nothing for a virus, and your reference to this makes it obvious you are pretending to knowledge you do not possess. This is the kind of thing con-men love to see. If this is a personality trait of yours, you might want to rethink. Just sayin'.

3) You got screwed by one website you knew nothing about and went knowingly to another (in Spain, no less) and guess what? Got screwed agin, apparently. Not too bright, and I'm shedding no tears for you.

4) Ad-aware and Spybot are both good products. To clean up any infections these guys don't find or can't touch there's only one sure way (short of re-formatting, of course), and that's to CTRL-ALT-DEL into Windows Manager, go to Processes, and one-by-one check them out. Google's a good source. Kill the bad executables, find them on your hard drive, and get rid of them.

I have young kids who have infected my computers a few times--what I have recommended works for me. I have no pop-ups or ads. Ever.

Anonymous said...

Just finished reading your account of "next-blog" icon button - What a Nightmare! I currently use Panda AV and have had very favorable results. I have a couple of recomendations for Adware/Spyware control that I have also had favorable results with. Three I like are (Webroot)SpySweeper, (Sunbelt Software)CounterSpy, and of course the free version of (Lavasoft)Adaware, is a favorite standby. I own a computer repair business here locally and am constanly on the lookout for the next best software to help knock down this creeping crud spyware, virus's etc. Wish you the best... Al

Anonymous said...

I tell you, some people are so technical. Trying to insult others and prop others on podiums. The technical definition of a virus is any program that runs itself upon a system against the user's will. Therefore spyware/adware can be a virus. Therefore if editing the registry can disable the virus, it is a virus solution for that particular virus type. This does not mean that solution will be applicable to all viruses. So if you guys stop beating each other over the head and gave sound, reasonable advice instead of wasting time with berating remarks, the world will be a better place.

Anonymous said...

This is really too bad, my friend. While I don't often shill for companies whose products I use, I make an exception for one exceptional piece of software. This is Trendmicro's PC-illin 2005 (most recent version) anti-virus and internet security software. I first discovered this software after contracting (through a friend attempting to download video while using my computer) what I call the 'raspberry' virus. This virus immediately crashed my system and then during the reboot disabled and devoured norton before beginning to over-write all of my files with lower case 'b's, hence my name for this virus (I never actually found out what the name was and could only get rid of it by low level format of my entire harddrive resulting in total data loss, then flashing the CMOS as it installed a kernal of itself in the BIOS).

TrendMicro provides a free online virus scan and decontamination as you noted Panda does; however, I have found during experimentation and through reviews that there is no better integrated anti-virus, anti-spyware, anti-spam, anti-popup, firewall, and internet security program available than TrendMicro's product. Also, unlike any other company, should you ever need assistance either in setting up the program, maintaining it, or responding to a message from the program; TrendMicro provides free telephone technical assistance and customer service support. All other companies charge for these 'amenities'. Also, updates can be set to be done automatically and run in the background so one never needs be disturbed, disrupted, or even aware of what it is doing. For the first year I used TrendMicro I set it to notify me before updating and found that while Norton (I kept it for a while for comparison's sake) updated perhaps once every week to ten days; Trendmicro updated some segment of its program almost daily, especially its virus definitions; and approximately once every 4 months would come out with a completely updated drive engine. This gives me peace of mind since I know that my computer is constantly being updated with new virus definitions (almost in real time) and thus is protected.

I detest Norton/Symantec almost as much as I do M$ products because of their vulnerabilities, the drain on system resources, and their general inefficiencies. I strongly urge anyone serious about protecting their computer to investigate TrendMicro products which are available for an individual or as enterprise versions for server/corporate environments.

Anonymous said...

Yep, spyware is the death of the Windows world, and now that Firefox/mozilla is gaining exploits in the popup world, the pain will continue.

As was noted by another commentor, the MAC is (for now) immune. I have worked with computers for over 25 years now, every version of Windows, several commercial versions of Unix, with Linux from pre version .39 and have come to the conclusion that the unix systems are the way to go.

I also decided after numerous versions of Linux, that my time was worth more (to me, but this is a personal choice) in doing work than on configuring a system.

As such, I just made the switch to a Powerbook (OS X). Fast, smooth - allows me all the network programming, analysis and Unix tools I need. And lets me "play" on the net with a high level of safety!

My windows boxes have been relegated to conversion to job specific Linux systems (webserver etc) and one will remain as a high powered gaming machine, no IE, and only a game specific connection. (port limited)

The spyware/malware folks suck.

SecretBarista said...

I removed the blogger bar from the top of my blog because I don't know where it'll go and because it didn't blend with the appearance I wanted my site to have.

To remove the blogger bar, log in to Blogger, go to your blog settings and then go to the template section. there should be a box to select the color of the blogger bar and a checkbox to remove it.

In addition to this, GET FIREFOX. Very stable and there are a ton of extensions you can get to block advertising and spyware. Also, Grisoft produces a free antivirus software that I have found to be clean, inobtrusive and small.

Hope this helps you~

Anonymous said...

I'd suggest getting Opera, its the one stop web browser that does almost everything.. and yes it blocks pop-ups too..

Tanya Martin said...
This comment has been removed by a blog administrator.
BT Mail Login said...

Hi , Just wanted to say thanks for this fantastic article.
BT Email Products:
BT Email is the best email service that is provided by BT with the email addresses which end in @btinternet.com Customers who had an email service with BT for a long time might use an email address which ends @btopenworld.com or @talk21.com BT Email is a safe and secure web-based email service BT Mail
BT Mail - BLOG BT Login

lcrenovation said...
This comment has been removed by a blog administrator.
Meerconsultants said...

Еxсellent ρiеces. Keеp writіng such kind of informаtion
on youг site. Im really impгessed by it.
Home Maintenance Company in Islamabad

Unknown said...

Appreciation is a wonderful thing...thanks for sharing kepp it up.Panda Free Antivirus Crack
Bullzip PDF Printer Crack
Red Gate .NET Reflector Crack
IDM Crack 6.38 Build 16
WinRAR Crack
IOBIT Uninstaller Pro Key

Unknown said...

Nice post! This is very informative and knowledgeable article that's way I would like to say thanks for your efforts you have made in this post
General Maintenance Company in Dubai | Maintenance Company

Unknown said...

Thanks for sharing this nice information with us. I have gone through whole article and get lots of information. Please keep sharing these type of articles.
general maintenance company in Dubai

Unknown said...

Nice Post! It's Really awesome please keep writing these typs of content
maintenance company,

cracklayer said...

Download Full Crack Version;
https://cracklayer.com/falcon-box/
https://cracklayer.com/z3x-lg-tool/
https://cracklayer.com/norton-security/

cracklayer said...

https://cracklayer.com/noteburner-music/
https://cracklayer.com/panda-antivirus/
https://cracklayer.com/idm-crack/

CATCO Enterprises said...


Great Post! Thanks for sharing such beautiful information with us. Please keep sharing.

Please visit Web Design Bunbury"


Smith Michael said...

Wonderful work! This is the kind of info that are meant to be shared across the internet. Disgrace on the search engines for not positioning this post higher! Come on over and consult with my website.
So, I would like to Share VideoSolo Screen Recorder Crack with you.
Windows 7 Ultimate ISO

blog said...

Reflector Pro Crack
I am very impressed with your post because this post is very beneficial for me.

Softwarew said...

Nice explanation and article. Continue to write articles like these, and visit my website at https://usacrack.info/ for more information.
Parallels Desktop Crack
XYplorer Pro Crack
Teorex Inpaint Crack

Patchfreepc said...

Right on target I appreciate your help.Thank you so much for sharing all this wonderful info with the how-to's!!!! It is so appreciated!!! You always have good humor in your posts/blogs. So much fun and easy to read!
Crack Download
MixPad Crack
Vectric Aspire Crack
XRECODE Crack
NCH ClickCharts Pro Crack
Avast Cleanup Crack
Teorex Inpaint Crack

SAR Lawyers said...

Nice Blog Post, Very Informative Thanks for Sharing! legal consultants in abu dhabi

Patchfreepc said...

After looking through a few blog articles on your website,we sincerely appreciate the way you blogged.We’ve added it to our list of bookmarked web pages and will be checking back in the nearfuture. Please also visit my website and tell us what you think.Great work with hard work you have done I appreciate your work thanks for sharing it.
EaseUS MobiSaver Crack
Aiseesoft MobieSync Crack
PC Cleaner Pro Crack
Avid Pro Tools Crack
Magic Photo Recovery Crack
Removewat Crack
IObit Uninstaller Pro Crack
FxSound Enhancer Premium Crack

Get Repaired HERE said...

Thank you for providing such nice article. It's very helpful for the users.
We are a Digital Repair Company

GetrepairedHERE
We provide several services like-
repair computer remotely
Maintenance of servers

malik said...

I like your all post. You have done really good work. Thank you for the information you provide, it helped me a lot. suripc.com I hope to have many more entries or so from you.
Very interesting blog.
PC Cleaner Pro Crack

Unknown said...


It is amazing and wonderful to see your blog. Thanks for sharing this information,..
norton-antivirus-crack

https://crack4upc.com/ said...

Is this a paid topic or do you change it yourself?
However, stopping by with great quality writing, it's hard to see any good blog today.
Trend Micro Maximum Security Crack
Wondershare PDFelement Crack
Microsoft Office Product Crack
novaPDF Pro 11.3 Build 248 Crack

KANJU KING said...

Amazing blog! I really like the way you explained such information about this post to us. And a blog is really helpful for us this website.
Trend Micro Maximum Security Crack
Wondershare PDFelement Crack
Microsoft Office Product Crack
novaPDF Pro 11.3 Build 248 Crack

Aasubro said...

Thanks for sharing your knowledge to install & crack the Time Tables, but you need to update it now. because there is a 2022 version available now.

easeus-mobisaver-crack

encryptomatic-pstviewer-pro-crack

passfab-for-rar-crack

softeir said...

Your post astounded me because it is incredibly valuable to me and offers me with new information.....
VPN Avira Phantom Crack
XYplorer latest Version Crack

Anonymous said...

I guess I am the only one who came here to share my very own experience. Guess what!? I am using my laptop for almost the past 2 years, but I had no idea of solving some basic issues. I do not know how to Easy to Direct Download All Software With Full Activation Key But thankfully, I recently visited a website named vstpirate
FxSound Enhancer Premium Crack

Software Hub said...

With your dedication and hard effort, you accomplished an outstanding job. Thank you for taking the time to share it with me. I really appreciate it.
XYplorer

http://crackexe.info/ said...

Such a Nice post. Thanks for Awesome tips Keep it up

NetLimiter Pro Crack

iSkysoft iMedia Converter Deluxe Crack

PostgreSQL Maestro Crack

AmiBroker Crack

Topaz A I Gigapixel Crack

REAPER Crack

ProPresenter Crack

Advanced SystemCare Pro Crack

Intuit TurboTax All Editions Crack

Voicemod Pro Crack

Software Hub said...


Thank you so much for all of your efforts. I'm grateful for it, and I'm grateful for you sharing it with me.
DriverMax Pro

harry said...


I guess I am the only one who came here to share my very own experience. Guess what!? I am using my laptop for almost

the past 6 years, but I had no idea of solving some basic issues. I do not know how to

Download Cracked Pro Softwares
But thankfully, I recently visited a website named Crack Software Free Download
All Pro Cracked Softwares Download
Ad-Aware Pro Security Crack
NordVPN Crack
Sparkol VideoScribe Crack
PhpStorm Crack
Adobe Photoshop CC Crack
Microsoft Office 2007 Crack
Redshift Render Crack
ZIP Password Recover Crack

praise said...

Shop Disney Parks App
MetaPikin
Facebook Dating App Download 2022

dipanshu sharma said...
This comment has been removed by the author.
dipanshu sharma said...
This comment has been removed by the author.
dipanshu sharma said...

Very nice post, impressive. its quite different from other posts. Thanks for sharing.
Landlord Tenant Dispute Lawyer in Ontario

baloch said...

I like your all post. You have done really good work. Thank you for the information you provide, it helped me a lot. crackdoc.org I hope to have many more entries or so from you.
Very interesting blog.
JetBrains CLion Crack
PRTG Network Monitor Crack
CCleaner Pro Crack
AOMEI Partition Assistant Crack
Eset Smart Security Premium Crack

Jhon David said...

Nice post I will read It again It contains most helpful material for me thanks!
Momentum CRM

John Albert said...

Im amazed by the quality content of your blogs. Please keep updating us with new fashion trends. Winter Sale Jackets

Softwarezpronet said...

Amazing Blog, Thanks for sharing
Nordvpn Crack