General discussion

Locked

How do I get rid of EliteToolBar/SideBar

By startzp ·
I have a computer on the network that was invaded by the EliteToolBar/SideBar downloader. I have used the steps on the CA site, the .dll file names have morphed, but when the new name is substituted, it still does not work. I have delited the EliteToolBar, EliteSideBar, ohbbackup directories and all references to these in the registry several times, and exdl0,exdl1,exdl2, exul1, and exul3, from the windows directory-- We are a poor school district. I run adaware as soon as the computer is back on, it finds 30 - 40 registry entries that are associated with this program, deletes them, I delete the directories, and registry entries and continue to work, for a while but after about 30 minutes or when I log off and log back on or a new user logs on, its all back. I can't seem to locate what is reloading the program. If this isn't a virus, I do not know what is--I am getting very upset that my AV software is not handling it up front. I have tried the online CA AV- and 3 of 6 runs, it has said that 1 - 4 downloading trojans were installed, a time lapse window starts, that goes through the files it found; however, it never reports that these viruses were found or cured when the program finishes, but after it runs, all information concerning the user profile disappears, no access to c drive or any programs, the user must restart the computer and the problem is right back--Any ideas what to do.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by pierrejamme In reply to How do I get rid of Elite ...

Windows 2000, I assume, if XP you need to turn off restore.

Here we go with my thoughts;
Download Adaware SE Personal Edition at:
http://www.lavasoftusa.com/support/download/
Then do an update or get the latest definitions while there, they get extracted to c:\program files\Lavasoft\Ad-Aware SE Personal\
Then select "Use Custom Scanning Options" and select "Customize" and then "Scan Within Archives". What you have is probably buried deep inside a zip or archive type file and your AV isn't finding it, so everytime you reboot it re-inserts itself. Then just to be safe, download Spybot Search & Destroy version 1.3 from:
http://www.safer-networking.org/en/download/index.html and download the latest detection updates on the same page, these will install to correct location when you run it.
During Install of SPbot Search & Destroy you will have the option to install "Tea Timer". It is a great little continuous defendse mechanism but tedious at times if you don't know what to allow and not allow. It is like a mini firewall for bots.
good luck,
peter

Collapse -

by willcomp In reply to How do I get rid of Elite ...

Here's a thread from ComputerCops on same problem. Methodology used in answer there is sound.

http://computercops.biz/postp372080.html

Another link that should help.

http://www.scanspyware.net/info/EliteBar.htm

Good luck.

Dalton

Collapse -

by ReWrite In reply to How do I get rid of Elite ...

Toolbar addons and bho's are not recognized as viruses or malware. There are many legitimate addon's out there. When I cannot get rid of an unwanted addon I turn to Toolbar Cop and remove it from ie. You can get a copy here:

http://www.filesforfree.com/download/toolbar_cop.php

What I usually do is run a malware app (like AdAware or Spybot), clean all of the files from the temp directory and the temp internet directory and then run Toolbar Cop to remove the entries from ie. Roboot and happy computing.

Cheers.

RW

Collapse -

by JimCim In reply to How do I get rid of Elite ...

Hello,
Try using The Cleaner, from Moosoft.com. It is a trojan cleaner and you get a 30 day free fully functional trial. Make sure you go to the options and update the database before you run it. Also in the options, go to the scanning tab and check the 2 boxes in there that say scan in archive files, and scan for hidden executables. Click on the cleaning tab, then check delete under actions. After you set those options, run a scan. It always goes to about 12-14% real fast, then slows for a while. It will probably take about an hour, but it should find all of the trojans on your pc. Good luck. Jim

Collapse -

by JimCim In reply to

All of the above methods should and do work. But, if you run Ad-Aware, Spybot, and The Cleaner and it still doesn't find it, try Bazooka. It doesn't get rid of the problem, but it will give you a link to click on and give you detailed instructions on how to remove it.
Here is the link. Remember to remove any spaces in the link that mysteriously show up.
http://www.download.com/Bazooka-Adware-and-Spyware-Scanner/3000-8022-10247782.html
(Or just go to Download.com and search for Bazzoka)

Collapse -

by startzp In reply to How do I get rid of Elite ...

The adaware is the most up to date. I did set the settings to those suggested in the answer attempts; however the version of the EliteToolbar program has morphed. It is EliteToolBar version58.dll and Elite sidebar version 07.dll
That are showing up. I slow found the programs Bobby[1].exe, protector[1].exe, protector_update.ese, sideb.exe and a directory called ohbackup that has the elite and elitum files in it. In the startup files, there is a file-- c:\windows\kalvay32.exe. This file is called under Run in the registry, each time I delete the key, it comes back. When I do a search for the file, it is not found???? Anyone heard of how to get rid of this newer version? Deleting the files I mentioned here I got the popups to stop until I restarted the machine. Something is reloading them.

Collapse -

by startzp In reply to How do I get rid of Elite ...

Just in case anyone ele is going crazy over this....I ran Pest Patrol from the Computer Associates site. It indicated that MsBlaster.B was on the computer even though their AV product did not remove it or make a notification about its presence. Their article said to go to the HKLocal machine\current version\Software\Microsoft\Run\ and remove Windows Auto Updater. After I did this, I was finally able to remove the KA...file I mentioned in the last email and removed Windows Auto Updater.* everywhere-- The problem seems to be cured--at least I havn't heard back from the teacher.

Back to Windows Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums