First he informs us of the original condition of the machine, which can be quite helpful:
I use WIN XP Home SP2, IE 6.0, my AV is PC-Cillin. I also use Spy Hunter and Beta version of MS Antispyware. Recently I somehowgot ADW_ELITEBAR.D adware that keeps reloading instantly afterI get rid of it with the AV.
It is a standard XP with two top-end commercial anti-virus programs. Moreover, one of the anti-virus programs -- Trend Micro's PC-Cillin -- we already know, from VGS's article "Diabolical New EliteBar Variant Strikes the Web!!!!", has claimed that it is able to remove EliteBar.D (a claim that Gian Carlo, at SimplyTech, disputes).
Next, he lets us follow the decision-making process:
I am still deciding what exactly to do and when. Trend Micro has a"solution" re the culprit at: [url] http://www.trendmicro.com/vinfo/grayware/ graywareDetails.asp?SNAME=ADW%5FELITEBAR%2ED [/url] I could not make it run. I'll have another look, maybe I was hasty and missed something. It just opens a DOS like C: Command Prompt it seems to run but nothing happens.We are talking about their instructions to download TMAPTN.ZIP with the latest grey something files. Why am I paying them and updating religiously several times a day? Anyway the program that uses the above file (tmntsrv.exe) does not run or does not run properly when I do it.
I also was told to look into Simply Tech site [url] http://www.simplytech.it/ETRemover/ [/url] and download the Elite Bar Remover
which I did and I am deciding whether to run it now or after my monthly (data)
backups just in case something goes awry.
Once the system is clean I may well switch to another Internet Browser. I am not happy with MS leaving so many holes in their software. Also their Beta Antispyware, while pretty good, cannot even see the Elite Bar!? The Trend Micro Antivirus Scan can not see it either but the special Scan for Spyware feature does and it even deletes it but the s*it reinstalls itself instantly.
The utility that Trend Micro claimed would remove EliteBar.D is "tmntsrv.exe". Whether due to the nature of the malware, his failure to properly deploy the removal tool or some other problem, the program fails even to run properly. He considers downloading and running the SimplyTech Elite Toolbar Remover.
The Beta version of MicroSoft Antispyware, we learn, was not able even to detect ADW_ELITEBAR.D. At some point bu2 (exactly when is not clear) does use "the special Scan for Spyware feature" provided with his Trend Micro service. It detects and briefly removes the malware which immediately thereafter reinstalls. Whether it actually reinstalled on reboot is not stated but it seems likely.
Next he tries SimplyTech's EliteBar Removal Tool. At this point, both SimplyTech and he are not aware that there is a variant of EliteBar that the removal tool won't remove:
Well, I ran the remedy as explained at [url] http://www.simplytech.it/ETRemover/ [/url] That was in WIN XP Safe Mode and ... I scored a big victory for the
It did not budge. As soon as I checked on it, after removing it with the "remover" and restarting the PC - I found it was still there.
Gian Carlo's commentary, soon after, in his own SimplyTech forum, can be found in VGS's article "Diabolical New EliteBar Variant Strikes the Web!!!!". What it all comes down to in the end is that no removal tool presently exists, free or commercial.
Source: Midtown Computer Systems Enterprise>message1508783
- Is Wikipedia Handing Out Your Browsing Information to Thousands? Who needs malware when there's Wikipedia?
- PokaPoka.exe + Nothing = YupSearch (October 19, 2005). What do people mean when they say they have "YupSearch" instead of "EliteBar"?
- Elite Toolbar Remover Information Page (October 17, 2005).
- LQfix Information Page (October 15, 2005) There's a new tool in town!
- How to Remove PokaPoka (October 12, 2005) Does your EliteBar variant include PokaPoka.exe?
- EliteBar Removal Tool Updates to 2.0.1. (September 21, 2005) The EliteBar Removal Tool now comes in two flavors and two generations!
- SearchMiracle.EliteBar Then and Now (September 21, 2005). Hijacks, heroes, updates and links.
- EliteBar Removal Tool Updates to 2.0.0!!!!! (September 15, 2005). Includes expanded list of infections removed by the removal tool.
- Diabolical new EliteBar variant Strikes the Web!!!!or the one the EliteBar Removal Tool can't remove (May 22, 2005).
- EliteBar Removal Tool Updates to 1.3.0!!!!! (May 20, 2005). Includes expanded list of infections removed by the removal tool.
- Key File Index (May 18, 2005).
- Adware & Malware Identifier Index (May 9, 2005). "The following is an in-progress index of some of the more common malware toolbars/browser helper objects at large on the Internet."
- Is Google Associated with a SearchMiracle Knock-Off? (April 27, 2005). "A question begs the asking: How does NetNucleus generate revenue from its Mirar Toolbar search directory if it enters search terms in the Google Search Engine?"
- HijackThis vs. the Elitebar Removal Tool (April 23, 2005). "While this approach may provide some limited, and temporary, relief, SearchMiracle will soon be back in full force."
- EliteBar Removal Tool Alert: Update V.1.2.2.!!! (April 18, 2005). "The new variants of the malware also completely conceal the presence of the EliteToolbarRemoverV10.exe, so that if you are opening the archive you can only see the readme.doc file that is attached to that and you cannot see the *.exe even if though it is really there!"
- HijackThis vs. SearchMiracle/EliteBar (April 11, 2005).
- How to Remove SearchMiracle/ EliteBar (February 27, 2005).
- Online Bibliography (Regularly updated) A bibliography of Gilbert Wesley Purdy's work on the Web and elsewhere including computer topics.
[re: SearchMiracle.EliteBar Search Miracle Elite Bar EliteToolBar Elite Toolbar Elite Tool Bar Elitum ETBrun YupSearch Yup Search.]