Giancarlo Calo, over at SimplyTech.it, is staying aggressive with his freeware EliteBar Removal Tool. Among the infections it claims to remove "every trace" of are the following. The items highlighted in red are linked to Virtual Grub Streets's "How to Remove/Detailed Information" pages:
EliteBar; EliteToolbar; EliteSidebar; BargainBuddy; Browser
Aid; CashToolbar; FreshBar; GameSpy; MoneyTree; Nail.exe; NaviSearch; navpsrvc.exe (also known as: W32/Forbot-EF, worm); SearchMeUp; SideStep; Spybot - Randex; SupportSoft; SurfSideKick; Win32.RBot; Winmon.exe (also known as: W32/Agobot-KA, trojan); and WinMoviePlugIn.
The "How to Remove" detail pages for SearchMiracle/EliteBar consist of the articles regularly posted at VGS. The file information for EliteBar is located on the Adware & Malware Indentifier Index itself. Further detail pages will be added on a continuing basis.
Simply Tech's description of the reason why SearchMiracle/EliteBar is so difficult to remove verifies the information in the various Virtual Grub Street articles over the past several months:
Actually some software like Spybot v.1.3, CWShredder v.2.12, Noadware,Adaware v.6, SpyNuker 2004 and SBC Yahoo! Anti-spy have no success in deleting this very frustrating malware. These programs find and delete it, but it keeps coming back since this new variant is very difficult to remove from theThis would seem to be a trick that the newer malware/adware products are widely copying. Perhaps this is the reason that the EliteBar Removal Tool has added so many porducts to the list of infections it removes. It is certainly the reason that most HijackThis and manual removal instructions direct the user to do main and downloader file deletions while in Safe Mode.
The main problem is that the malware creates a lot of registry entries and executes at PC startup, winding itself into RAM and deletes its own *.exe from the C:\Windows\System32 directory.
When ordinary tools try to remove it, they only clean the registry calls, the C:\Windows\EliteToolbar directory and the cabinets files where it originated from, but they don't take any action against the malware itself that is currently running in RAM and waiting for the PC OS to be shut down only to repeat the infestation once again!
- PokaPoka.exe + Nothing = YupSearch (October 19, 2005). What do people mean when they say they have "YupSearch" instead of "EliteBar"?
- Elite Toolbar Remover Information Page (October 17, 2005).
- LQfix Information Page (October 15, 2005) There's a new tool in town!
- How to Remove PokaPoka. (October 12, 2005) Does your EliteBar variant include PokaPoka.exe?
- EliteBar Removal Tool Updates to 2.0.1. (September 21, 2005) The EliteBar Removal Tool now comes in two flavors and two generations!
- SearchMiracle.EliteBar Then and Now (September 21, 2005). Hijacks, heroes, updates and links.
- EliteBar Removal Tool Updates to 2.0.0!!!!! (September 15, 2005). Includes expanded list of infections removed by the removal tool.
- More on Variant ADW_ELITEBAR.D. (May 27, 2005). "It is a standard XP with two top-end commercial anti-virus programs. Moreover, one of the anti-virus programs -- Trend Micro's PC-Cillin -- we already know..."
- Diabolical new EliteBar variant Strikes the Web!!!!or the one the EliteBar Removal Tool can't remove (May 22, 2005).
- Key File Index (May 18, 2005).
- Adware & Malware Identifier Index (May 9, 2005). "The following is an in-progress index of some of the more common malware toolbars/browser helper objects at large on the Internet."
- Is Google Associated with a SearchMiracle Knock-Off? (April 27, 2005). "A question begs the asking: How does NetNucleus generate revenue from its Mirar Toolbar search directory if it enters search terms in the Google Search Engine?"
- HijackThis vs. the Elitebar Removal Tool (April 23, 2005). "While this approach may provide some limited, and temporary, relief, SearchMiracle will soon be back in full force."
- EliteBar Removal Tool Alert: Update V.1.2.2.!!! (April 18, 2005). "The new variants of the malware also completely conceal the presence of the EliteToolbarRemoverV10.exe, so that if you are opening the archive you can only see the readme.doc file that is attached to that and you cannot see the *.exe even if though it is really there!"
- HijackThis vs. SearchMiracle/EliteBar (April 11, 2005).
- How to Remove SearchMiracle/ EliteBar (February 27, 2005).
- Online Bibliography (Regularly updated). A bibliography of Gilbert Wesley Purdy's work on the Web and elsewhere including computer topics.