The following story is, unfortunately, true. What is even more unfortunate is that there is considerably more to the story. I, too, decided to end a long day of site maintenance (etc.) by browsing the Blogspot "Recently Updated" rolling index which dovetails into the "Next Blog" button. I'll let Mr. Alvin Borromeo , of Blogspots MT Law Blog, tell his story and will follow it with further vitally important information concerning our shared experiences and the astonishing results of my subsequent investigation:
CAUTION: Mallory & Tsibouris Co., LPA does not endorse the use of the "Next Blog" icon at the upper right hand corner of this blog. Please see this post for further information. Monday, January 24, 2005Spyware on Blogspot?
If you look to the upper right hand corner of this webpage, you will see an icon to go to the "next blog." Clicking on this icon will take you to a randomly selected Blogger blog. Yesterday I was surfing the web on my home computer and hit the "next blog" icon a few times to see what's out there. One of the hits was nana***.blogspot.com (the actual name has numbers in place of the astisks). Pop-ups immediately appeared on my computer immediately after I visited the nana blog, even though I have a pop-up blocker installed. I started getting messages about system resources, etc. I immediately closed all of my browsers, but it was too late. When I re-opened my browser it went to a different home page. My computer was hijacked! Sure enough, Ad-aware (from lavasoft) indicated that my computer had been infected with the Search Miracle/Elite Bar virus.I sent Blogger an e-mail to investigate. I will post their response. In the meantime, I will not be clicking on the "next blog" icon in the near future.
The blog I was directed to, at the time my computer was attacked, was called "Cut Me Deep". But far more happened than the simple download of the SearchMiracle/EliteBar adware. Realizing that the destruction of my Yahoo Pop-Up blocker, and a flood of pop-up ads, at the rate of some dozens per minute, the considerable majority advertising Microsoft Anti-spyware/adware, indicated a possibly serious attack, I brought out the full bag of tricks and went to work. Norton is my first line of information/defense but it, too, was disabled after a few preliminary scans.
I needed information from an uncorrupted source and logged back online and went to the Symantec Free Virus Scan page and spent an hour and more getting the Active-X scan files to download. Another hour was required in order to complete the search. Symantec informed me that I had about ten files infected with EliteBarB adware and nearly 1500 files infected with some generic form of the adware called simply: "adware.elitebar". But one detail of the scan report was shocking: the majority of the infected files were Norton/Symantec program and data files. There were perhaps 10 other infected files, most of them infected with the "B" version of EliteBar adware. Something was clearly out of place.
After a day of chasing down the the parasite files and digging out the Windows registry entries inserted by EliteBarB, my computer worked considerably better with the exception that pop-up ads continued at a much faster rate than normal. This lasted for another couple of hours, as I managed to do a Windows program integrity scan (no errors) and tried to disrupt any lingering remnants of the adware by doing repeated defrags and registry optimizations. Soon the Norton package was again inoperable: clearly attacked by the EliteBar adware! I was furious. This "adware" was a sophisticated and voracious virus. Surely, a criminal act. Why wasn't anyone going after these guys?
The next day again, I decided that the Norton/Symantec data file corruption was something I had to get around somehow. I decided to try another Free Virus Scan site and to see how the results compared. As luck would have it, I choose Panda Software's Scan (a company nominally headquartered out of Bilboa, Spain). Panda's Active X files downloaded reasonably quickly. The scan was reasonably quick as well. But the results were very different. Like Norton/Symantec, Panda informed me that I had some files infected with EliteBarB, but only 5 rather than 10. Panda also told me that I had some 1500 infected files all tolled... But the files, it informed me, were not infected with some generic form of EliteBar adware. It identified them as a "startpage.sj" trojan!!!!!! This trojan, it informed me, had been detected for the first time two days before it attacked my computer. No further information, of any substance, was available.
While Norton/Symantec only gives free scans, Panda also gives free decontamination of all detected worms and viruses (but not of any spyware or adware -- you must buy their software for that). I decided to take the decon. Sure enough, once the trojan was removed the pop-ups were reduced to a normal level and my computer ran normally again. Only the EliteBarB remained and I had manually removed its brain.
But now I notice that shortly after pages are loaded up in my browser they begin to display dozens of links to a search engine with the address www.searchmiracle.com/. Numerous web searches inform me that this is the sign of SearchMiracle/EliteBar adware. Not only that, but they inform me that startpage.sj (there is also an ".sk" version) appears nowhere on Yahoo and in only a few listings on Google almost all of which are sites of Panda or its subsidiaries. Because Panda clearly operates under a number of subsidiary names in various parts of the world, it is possible that only Panda lists an advisory for startpage.sj and only it has the software to remove it. As for the search engine www.searchmiracle.com/ , it provides no information about its owner and none is available via any major search engine.
Moreover, when a "HTTP Error 404 - File or directory not found" message would normally be the result of a search for a URL that did not exist, or link that was broken, my browser sent me to http://www.yupsearch.com/search.php. This is the same advertising search engine as www.searchmiracle.com/. It simply enters via a different front URL.
Also see:
- PokaPoka.exe + Nothing = YupSearch (October 19, 2005). What do people mean when they say they have "YupSearch" instead of "EliteBar"?
- Elite Toolbar Remover Information Page (October 17, 2005).
- LQfix Information Page (October 15, 2005) There's a new tool in town!
- How to Remove PokaPoka. (October 12, 2005) Does your EliteBar variant include PokaPoka.exe?
- EliteBar Removal Tool Updates to 2.0.1. (September 21, 2005) The EliteBar Removal Tool now comes in two flavors and two generations!
- SearchMiracle.EliteBar Then and Now (September 21, 2005). Hijacks, heroes, updates and links.
- EliteBar Removal Tool Updates to 2.0.0!!!!! (September 15, 2005). Includes expanded list of infections removed by the removal tool.
- More on Variant ADW_ELITEBAR.D. (May 27, 2005). "It is a standard XP with two top-end commercial anti-virus programs. Moreover, one of the anti-virus programs -- Trend Micro's PC-Cillin -- we already know..."
- Diabolical new EliteBar variant Strikes the Web!!!!or the one the EliteBar Removal Tool can't remove (May 22, 2005).
- EliteBar Removal Tool Updates to 1.3.0!!!!! (May 20, 2005). Includes expanded list of infections removed by the removal tool.
- Adware & Malware Indentifier Index (updated regularly). "The following is an in-progress index of some of the more common malware toolbars/browser helper objects at large on the Internet."
- EliteBar Removal Tool Alert: Update V.1.2.2.!!! (April 18, 2005). "The new variants of the malware also completely conceal the presence of the EliteToolbarRemoverV10.exe, so that if you are opening the archive you can only see the readme.doc file that is attached to that and you cannot see the *.exe even if though it is really there!"
- HijackThis vs. SearchMiracle/EliteBar (April 11, 2005).
- How to Remove SearchMiracle/ EliteBar (February 27, 2005)
[re: SearchMiracle.EliteBar Search Miracle Elite Bar EliteToolBar Elite Toolbar Elite Tool Bar Elitum ETBrun YupSearch Yup Search.]
45 comments:
Gilbert,
Wow. I'm sorry you had to deal with the same problem I did. Luckily I was able to remove the virus after 3 long hours of work. My problems with the "next blog" button prompted me to move my blog to our firm's server. It's now located at www.mt-law.com/blog and you will note that the "next blog" icon is no longer there.
The response from Blogger was utterly useless and did not address the real issue at hand.
Thanks for spreading the word.
Bummer about that. Two points: from looking at the source for the web-page in question, and downloading the Javascripts it downloads with wget and reading them, this is both specific to Windows AND Internet Explorer. If you have the option, Firefox or Mozilla is not able to be infected with this exploit (as far as I can tell -- I don't use Windows). Neither is a Mac or a Linux machine, but that is probably impractical. But, from a general computer security standpoint, don't use Internet Explorer unless you absolutely must.
Second, the author of the blog in question may not even realize their page is doing this. IOW, they may not be malicious. It appears that the "cover" action is a bit of Javascript to play music. The author of the blog MAY have just cut-and-pasted that bit of code, hoping to snaz up their blog with sound. Or not.
It's really sad you struggled with all those other, wierd, programs, when the two best ones, hijackthis and spybot are free, small, and easily downloaded. Also, 'defragging' and 'registry cleanups' do absoloutely nothing to remove adware or virus infestations. Don't waste your time next time 8)
I seccond Timothy (above)...get Firefox.
1) Norton is almost always a hindrance not a help. At times, it can be more malign than any virus. I know of at least one individual who had his hard drive wiped clean by Norton. You too have discovered this the hard way. Dump this shitty product before it fucks you again.
2) I concur with what someone else already said: defragging and "registry cleanup" (whatever that may mean to you) will probably do nothing for a virus, and your reference to this makes it obvious you are pretending to knowledge you do not possess. This is the kind of thing con-men love to see. If this is a personality trait of yours, you might want to rethink. Just sayin'.
3) You got screwed by one website you knew nothing about and went knowingly to another (in Spain, no less) and guess what? Got screwed agin, apparently. Not too bright, and I'm shedding no tears for you.
4) Ad-aware and Spybot are both good products. To clean up any infections these guys don't find or can't touch there's only one sure way (short of re-formatting, of course), and that's to CTRL-ALT-DEL into Windows Manager, go to Processes, and one-by-one check them out. Google's a good source. Kill the bad executables, find them on your hard drive, and get rid of them.
I have young kids who have infected my computers a few times--what I have recommended works for me. I have no pop-ups or ads. Ever.
Just finished reading your account of "next-blog" icon button - What a Nightmare! I currently use Panda AV and have had very favorable results. I have a couple of recomendations for Adware/Spyware control that I have also had favorable results with. Three I like are (Webroot)SpySweeper, (Sunbelt Software)CounterSpy, and of course the free version of (Lavasoft)Adaware, is a favorite standby. I own a computer repair business here locally and am constanly on the lookout for the next best software to help knock down this creeping crud spyware, virus's etc. Wish you the best... Al
I tell you, some people are so technical. Trying to insult others and prop others on podiums. The technical definition of a virus is any program that runs itself upon a system against the user's will. Therefore spyware/adware can be a virus. Therefore if editing the registry can disable the virus, it is a virus solution for that particular virus type. This does not mean that solution will be applicable to all viruses. So if you guys stop beating each other over the head and gave sound, reasonable advice instead of wasting time with berating remarks, the world will be a better place.
This is really too bad, my friend. While I don't often shill for companies whose products I use, I make an exception for one exceptional piece of software. This is Trendmicro's PC-illin 2005 (most recent version) anti-virus and internet security software. I first discovered this software after contracting (through a friend attempting to download video while using my computer) what I call the 'raspberry' virus. This virus immediately crashed my system and then during the reboot disabled and devoured norton before beginning to over-write all of my files with lower case 'b's, hence my name for this virus (I never actually found out what the name was and could only get rid of it by low level format of my entire harddrive resulting in total data loss, then flashing the CMOS as it installed a kernal of itself in the BIOS).
TrendMicro provides a free online virus scan and decontamination as you noted Panda does; however, I have found during experimentation and through reviews that there is no better integrated anti-virus, anti-spyware, anti-spam, anti-popup, firewall, and internet security program available than TrendMicro's product. Also, unlike any other company, should you ever need assistance either in setting up the program, maintaining it, or responding to a message from the program; TrendMicro provides free telephone technical assistance and customer service support. All other companies charge for these 'amenities'. Also, updates can be set to be done automatically and run in the background so one never needs be disturbed, disrupted, or even aware of what it is doing. For the first year I used TrendMicro I set it to notify me before updating and found that while Norton (I kept it for a while for comparison's sake) updated perhaps once every week to ten days; Trendmicro updated some segment of its program almost daily, especially its virus definitions; and approximately once every 4 months would come out with a completely updated drive engine. This gives me peace of mind since I know that my computer is constantly being updated with new virus definitions (almost in real time) and thus is protected.
I detest Norton/Symantec almost as much as I do M$ products because of their vulnerabilities, the drain on system resources, and their general inefficiencies. I strongly urge anyone serious about protecting their computer to investigate TrendMicro products which are available for an individual or as enterprise versions for server/corporate environments.
Yep, spyware is the death of the Windows world, and now that Firefox/mozilla is gaining exploits in the popup world, the pain will continue.
As was noted by another commentor, the MAC is (for now) immune. I have worked with computers for over 25 years now, every version of Windows, several commercial versions of Unix, with Linux from pre version .39 and have come to the conclusion that the unix systems are the way to go.
I also decided after numerous versions of Linux, that my time was worth more (to me, but this is a personal choice) in doing work than on configuring a system.
As such, I just made the switch to a Powerbook (OS X). Fast, smooth - allows me all the network programming, analysis and Unix tools I need. And lets me "play" on the net with a high level of safety!
My windows boxes have been relegated to conversion to job specific Linux systems (webserver etc) and one will remain as a high powered gaming machine, no IE, and only a game specific connection. (port limited)
The spyware/malware folks suck.
I removed the blogger bar from the top of my blog because I don't know where it'll go and because it didn't blend with the appearance I wanted my site to have.
To remove the blogger bar, log in to Blogger, go to your blog settings and then go to the template section. there should be a box to select the color of the blogger bar and a checkbox to remove it.
In addition to this, GET FIREFOX. Very stable and there are a ton of extensions you can get to block advertising and spyware. Also, Grisoft produces a free antivirus software that I have found to be clean, inobtrusive and small.
Hope this helps you~
I'd suggest getting Opera, its the one stop web browser that does almost everything.. and yes it blocks pop-ups too..
Еxсellent ρiеces. Keеp writіng such kind of informаtion
on youг site. Im really impгessed by it.
Home Maintenance Company in Islamabad
Nice post! This is very informative and knowledgeable article that's way I would like to say thanks for your efforts you have made in this post
General Maintenance Company in Dubai | Maintenance Company
Thanks for sharing this nice information with us. I have gone through whole article and get lots of information. Please keep sharing these type of articles.
general maintenance company in Dubai
Nice Post! It's Really awesome please keep writing these typs of content
maintenance company,
Download Full Crack Version;
https://cracklayer.com/falcon-box/
https://cracklayer.com/z3x-lg-tool/
https://cracklayer.com/norton-security/
https://cracklayer.com/noteburner-music/
https://cracklayer.com/panda-antivirus/
https://cracklayer.com/idm-crack/
Great Post! Thanks for sharing such beautiful information with us. Please keep sharing.
Please visit Web Design Bunbury"
Wonderful work! This is the kind of info that are meant to be shared across the internet. Disgrace on the search engines for not positioning this post higher! Come on over and consult with my website.
So, I would like to Share VideoSolo Screen Recorder Crack with you.
Windows 7 Ultimate ISO
Reflector Pro Crack
I am very impressed with your post because this post is very beneficial for me.
Nice explanation and article. Continue to write articles like these, and visit my website at https://usacrack.info/ for more information.
Parallels Desktop Crack
XYplorer Pro Crack
Teorex Inpaint Crack
Right on target I appreciate your help.Thank you so much for sharing all this wonderful info with the how-to's!!!! It is so appreciated!!! You always have good humor in your posts/blogs. So much fun and easy to read!
Crack Download
MixPad Crack
Vectric Aspire Crack
XRECODE Crack
NCH ClickCharts Pro Crack
Avast Cleanup Crack
Teorex Inpaint Crack
Nice Blog Post, Very Informative Thanks for Sharing! legal consultants in abu dhabi
After looking through a few blog articles on your website,we sincerely appreciate the way you blogged.We’ve added it to our list of bookmarked web pages and will be checking back in the nearfuture. Please also visit my website and tell us what you think.Great work with hard work you have done I appreciate your work thanks for sharing it.
EaseUS MobiSaver Crack
Aiseesoft MobieSync Crack
PC Cleaner Pro Crack
Avid Pro Tools Crack
Magic Photo Recovery Crack
Removewat Crack
IObit Uninstaller Pro Crack
FxSound Enhancer Premium Crack
Thank you for providing such nice article. It's very helpful for the users.
We are a Digital Repair Company
GetrepairedHERE
We provide several services like-
repair computer remotely
Maintenance of servers
I like your all post. You have done really good work. Thank you for the information you provide, it helped me a lot. suripc.com I hope to have many more entries or so from you.
Very interesting blog.
PC Cleaner Pro Crack
Is this a paid topic or do you change it yourself?
However, stopping by with great quality writing, it's hard to see any good blog today.
Trend Micro Maximum Security Crack
Wondershare PDFelement Crack
Microsoft Office Product Crack
novaPDF Pro 11.3 Build 248 Crack
Amazing blog! I really like the way you explained such information about this post to us. And a blog is really helpful for us this website.
Trend Micro Maximum Security Crack
Wondershare PDFelement Crack
Microsoft Office Product Crack
novaPDF Pro 11.3 Build 248 Crack
Thanks for sharing your knowledge to install & crack the Time Tables, but you need to update it now. because there is a 2022 version available now.
easeus-mobisaver-crack
encryptomatic-pstviewer-pro-crack
passfab-for-rar-crack
Your post astounded me because it is incredibly valuable to me and offers me with new information.....
VPN Avira Phantom Crack
XYplorer latest Version Crack
I guess I am the only one who came here to share my very own experience. Guess what!? I am using my laptop for almost the past 2 years, but I had no idea of solving some basic issues. I do not know how to Easy to Direct Download All Software With Full Activation Key But thankfully, I recently visited a website named vstpirate
FxSound Enhancer Premium Crack
With your dedication and hard effort, you accomplished an outstanding job. Thank you for taking the time to share it with me. I really appreciate it.
XYplorer
Such a Nice post. Thanks for Awesome tips Keep it up
NetLimiter Pro Crack
iSkysoft iMedia Converter Deluxe Crack
PostgreSQL Maestro Crack
AmiBroker Crack
Topaz A I Gigapixel Crack
REAPER Crack
ProPresenter Crack
Advanced SystemCare Pro Crack
Intuit TurboTax All Editions Crack
Voicemod Pro Crack
Thank you so much for all of your efforts. I'm grateful for it, and I'm grateful for you sharing it with me.
DriverMax Pro
I guess I am the only one who came here to share my very own experience. Guess what!? I am using my laptop for almost
the past 6 years, but I had no idea of solving some basic issues. I do not know how to
Download Cracked Pro Softwares But thankfully, I recently visited a website named Crack Software Free Download
All Pro Cracked Softwares Download
Ad-Aware Pro Security Crack
NordVPN Crack
Sparkol VideoScribe Crack
PhpStorm Crack
Adobe Photoshop CC Crack
Microsoft Office 2007 Crack
Redshift Render Crack
ZIP Password Recover Crack
Shop Disney Parks App
MetaPikin
Facebook Dating App Download 2022
Very nice post, impressive. its quite different from other posts. Thanks for sharing.
Landlord Tenant Dispute Lawyer in Ontario
I like your all post. You have done really good work. Thank you for the information you provide, it helped me a lot. crackdoc.org I hope to have many more entries or so from you.
Very interesting blog.
JetBrains CLion Crack
PRTG Network Monitor Crack
CCleaner Pro Crack
AOMEI Partition Assistant Crack
Eset Smart Security Premium Crack
Nice post I will read It again It contains most helpful material for me thanks!
Momentum CRM
Im amazed by the quality content of your blogs. Please keep updating us with new fashion trends. Winter Sale Jackets
Amazing Blog, Thanks for sharing
Nordvpn Crack
Post a Comment