Adware/ EliteBar
Adware/ EliteBar
Podria alguien decirme que es un adware y cómo puedo eliminar esto lo que sea?... Es una aceituna cono gafas oscuras que me mira mal. Por favor que no sea formateandooooo. Gracias Gracias. :cry:
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Bueno, el ISTBAR es el Internet Search Tool Bar, y el Elite Bar, es otro adware, segun descripcion de TREND:
____________________
ADW_ELITBAR.A
Discovery Date: Aug 29, 2004
Description:
Threat Type: Adware
Systems Affected: Windows 95, 98, ME, NT, 2000, XP
Installer Name: Elite Bar
This adware arrives as a dynamic link library (DLL) file, and is a component another adware. It acts as a Browser Helper Object (BHO) and adds itself as a toolbar in the Internet Explorer (IE) browser. This enables it to run every time an IE browser is opened.
Solution:
TREND MICRO SOLUTION
Minimum scan engine version needed: 7.100
TMAPTN version needed: 194.11
DCE version needed: 3.8
MANUAL REMOVAL INSTRUCTIONS
Removing Adware Entries from the Registry
Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_CLASSES_ROOT>CLSID
Still in the left panel, right-click on the following key and choose Delete:
{28CAEFF3-0F18-4036-B504-51D73BD81C3A}
In the left panel, double-click the following:
HKEY_CLASSES_ROOT>CLSID
Still in the left panel, right-click on the following key and choose Delete:
{825CF5BD-8862-4430-B771-0C15C5CA880F}
In the left panel, double-click the following:
HKEY_CLASSES_ROOT>Interface
Still in the left panel, right-click on the following key and choose Delete:
{A9B28EF6-ABF3-463B-A3D8-4D0D0BADFADC}
In the left panel, double-click the following:
HKEY_CLASSES_ROOT>Interface
Still in the left panel, right-click on the following key and choose Delete:
{DBF33E89-1784-42AC-ADE4-A428F56550A3}
In the left panel, double-click the following:
HKEY_CLASSES_ROOT>TypeLib
Still in the left panel, right-click on the following key and choose Delete:
{CA9FC31A-6F35-4493-B629-E64BD6170A17}
In the left panel, double-click the following:
HKEY_CLASSES_ROOT>TypeLib
Still in the left panel, right-click on the following key and choose Delete:
{CA9FC31A-6F35-4493-B629-E64BD6170A17}
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software
Still in the left panel, right-click on the following key and choose Delete:
Elitum
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>
Classes>CLSID
Still in the left panel, right-click on the following key and choose Delete:
{28CAEFF3-0F18-4036-B504-51D73BD81C3A}
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>
Classes>CLSID
Still in the left panel, right-click on the following key and choose Delete:
{825CF5BD-8862-4430-B771-0C15C5CA880F}
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>
Classes>Interface
Still in the left panel, right-click on the following key and choose Delete:
{A9B28EF6-ABF3-463B-A3D8-4D0D0BADFADC}
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>
Classes>Typelib
Still in the left panel, right-click on the following key and choose Delete:
{CA9FC31A-6F35-4493-B629-E64BD6170A17}
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Uninstall
Still in the left panel, right-click on the following key and choose Delete:
EliteBar Internet Explorer Toolbar
Close Registry Editor.
Additional Windows ME/XP Cleaning Instructions
Users running Windows ME and XP must disable System Restore to allow full scanning of infected systems.
Users running other Windows versions can proceed with the succeeding procedure sets.
Running Trend Micro Antivirus
Details:
Threat Type: Adware
Systems Affected: Windows 95, 98, ME, NT, 2000, XP
Installer Name: Elite Bar
This adware is a dynamic link library (DLL) component another adware. It acts as a Browser Helper Object (BHO) and adds itself as a toolbar in the Internet Explorer (IE) browser, which enables it to run every time an IE browser is opened. To do this, it creates the following registry keys:
HKEY_CLASSES_ROOT\CLSID\{28CAEFF3-0F18-4036-B504-51D73BD81C3A}
HKEY_CLASSES_ROOT\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA880F}
HKEY_CLASSES_ROOT\Interface\{A9B28EF6-ABF3-463B-A3D8-4D0D0BADFADC}
HKEY_CLASSES_ROOT\Interface\{DBF33E89-1784-42AC-ADE4-A428F56550A3}
HKEY_CLASSES_ROOT\TypeLib\{CA9FC31A-6F35-4493-B629-E64BD6170A17}
HKEY_LOCAL_MACHINE\Software\Elitum
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\
{28CAEFF3-0F18-4036-B504-51D73BD81C3A}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\
{825CF5BD-8862-4430-B771-0C15C5CA880F}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\
{A9B28EF6-ABF3-463B-A3D8-4D0D0BADFADC}
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\
{CA9FC31A-6F35-4493-B629-E64BD6170A17}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Uninstall\EliteBar Internet Explorer Toolbar
--------------------------------------------------------------------------------
Analysis by: Elizabeth R. Viray
Description Created: Jan 14, 2005
___________________
POr lo que haremos una utilidad especifica para eliminacion, y que incluiremos en un nuevo ELISTARA.EXE, que estamos potenciando incluyendole todas nuestras utilidades de eliminacion de pagicas de inicio y similares, para facilitar el uso de nuestras utilidades a nuestros usuarios.
Una primera version de este nuevo ELISTARA.EXE, que ya incluirá esta eliminacion, será subido hoy mismo a esta web, y será ersion 4.9 , que ya llevará, además de lo normal, la eliminacion del HOMESEARCHASSISTANT, del 180SOLUTIONS, del ISTBAR, de este nuevo ELITEBAR, y de otros spywares de paginas de inicio descubiertos recientemente.
Se indicará cuando esté disponible dicha utilidad, para probarla.
saludos
ms, 22-02-2005
____________________
ADW_ELITBAR.A
Discovery Date: Aug 29, 2004
Description:
Threat Type: Adware
Systems Affected: Windows 95, 98, ME, NT, 2000, XP
Installer Name: Elite Bar
This adware arrives as a dynamic link library (DLL) file, and is a component another adware. It acts as a Browser Helper Object (BHO) and adds itself as a toolbar in the Internet Explorer (IE) browser. This enables it to run every time an IE browser is opened.
Solution:
TREND MICRO SOLUTION
Minimum scan engine version needed: 7.100
TMAPTN version needed: 194.11
DCE version needed: 3.8
MANUAL REMOVAL INSTRUCTIONS
Removing Adware Entries from the Registry
Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_CLASSES_ROOT>CLSID
Still in the left panel, right-click on the following key and choose Delete:
{28CAEFF3-0F18-4036-B504-51D73BD81C3A}
In the left panel, double-click the following:
HKEY_CLASSES_ROOT>CLSID
Still in the left panel, right-click on the following key and choose Delete:
{825CF5BD-8862-4430-B771-0C15C5CA880F}
In the left panel, double-click the following:
HKEY_CLASSES_ROOT>Interface
Still in the left panel, right-click on the following key and choose Delete:
{A9B28EF6-ABF3-463B-A3D8-4D0D0BADFADC}
In the left panel, double-click the following:
HKEY_CLASSES_ROOT>Interface
Still in the left panel, right-click on the following key and choose Delete:
{DBF33E89-1784-42AC-ADE4-A428F56550A3}
In the left panel, double-click the following:
HKEY_CLASSES_ROOT>TypeLib
Still in the left panel, right-click on the following key and choose Delete:
{CA9FC31A-6F35-4493-B629-E64BD6170A17}
In the left panel, double-click the following:
HKEY_CLASSES_ROOT>TypeLib
Still in the left panel, right-click on the following key and choose Delete:
{CA9FC31A-6F35-4493-B629-E64BD6170A17}
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software
Still in the left panel, right-click on the following key and choose Delete:
Elitum
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>
Classes>CLSID
Still in the left panel, right-click on the following key and choose Delete:
{28CAEFF3-0F18-4036-B504-51D73BD81C3A}
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>
Classes>CLSID
Still in the left panel, right-click on the following key and choose Delete:
{825CF5BD-8862-4430-B771-0C15C5CA880F}
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>
Classes>Interface
Still in the left panel, right-click on the following key and choose Delete:
{A9B28EF6-ABF3-463B-A3D8-4D0D0BADFADC}
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>
Classes>Typelib
Still in the left panel, right-click on the following key and choose Delete:
{CA9FC31A-6F35-4493-B629-E64BD6170A17}
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Uninstall
Still in the left panel, right-click on the following key and choose Delete:
EliteBar Internet Explorer Toolbar
Close Registry Editor.
Additional Windows ME/XP Cleaning Instructions
Users running Windows ME and XP must disable System Restore to allow full scanning of infected systems.
Users running other Windows versions can proceed with the succeeding procedure sets.
Running Trend Micro Antivirus
Details:
Threat Type: Adware
Systems Affected: Windows 95, 98, ME, NT, 2000, XP
Installer Name: Elite Bar
This adware is a dynamic link library (DLL) component another adware. It acts as a Browser Helper Object (BHO) and adds itself as a toolbar in the Internet Explorer (IE) browser, which enables it to run every time an IE browser is opened. To do this, it creates the following registry keys:
HKEY_CLASSES_ROOT\CLSID\{28CAEFF3-0F18-4036-B504-51D73BD81C3A}
HKEY_CLASSES_ROOT\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA880F}
HKEY_CLASSES_ROOT\Interface\{A9B28EF6-ABF3-463B-A3D8-4D0D0BADFADC}
HKEY_CLASSES_ROOT\Interface\{DBF33E89-1784-42AC-ADE4-A428F56550A3}
HKEY_CLASSES_ROOT\TypeLib\{CA9FC31A-6F35-4493-B629-E64BD6170A17}
HKEY_LOCAL_MACHINE\Software\Elitum
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\
{28CAEFF3-0F18-4036-B504-51D73BD81C3A}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\
{825CF5BD-8862-4430-B771-0C15C5CA880F}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\
{A9B28EF6-ABF3-463B-A3D8-4D0D0BADFADC}
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\
{CA9FC31A-6F35-4493-B629-E64BD6170A17}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Uninstall\EliteBar Internet Explorer Toolbar
--------------------------------------------------------------------------------
Analysis by: Elizabeth R. Viray
Description Created: Jan 14, 2005
___________________
POr lo que haremos una utilidad especifica para eliminacion, y que incluiremos en un nuevo ELISTARA.EXE, que estamos potenciando incluyendole todas nuestras utilidades de eliminacion de pagicas de inicio y similares, para facilitar el uso de nuestras utilidades a nuestros usuarios.
Una primera version de este nuevo ELISTARA.EXE, que ya incluirá esta eliminacion, será subido hoy mismo a esta web, y será ersion 4.9 , que ya llevará, además de lo normal, la eliminacion del HOMESEARCHASSISTANT, del 180SOLUTIONS, del ISTBAR, de este nuevo ELITEBAR, y de otros spywares de paginas de inicio descubiertos recientemente.
Se indicará cuando esté disponible dicha utilidad, para probarla.
saludos
ms, 22-02-2005
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Subida nueva version 4.9 del ELISTARA.EXE
---v4.9---(22 de Febrero del 2005) (Union del EliHomeA, EliIstBA, EliDoomA y elimina el SurfSideKick2, EliteBar)
Para probarla, ver:
https://foros.zonavirus.com/viewtopic.php?p=3565#3565
saludos
ms, 22-02-2005
---v4.9---(22 de Febrero del 2005) (Union del EliHomeA, EliIstBA, EliDoomA y elimina el SurfSideKick2, EliteBar)
Para probarla, ver:
saludos
ms, 22-02-2005
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
mi elitebar no se yo si sigue en mi ordenador....
Me descargue el elita este y no me dio ningun virus, pero veras, yo le paso el anti-virus panda titanium no se que más, y me dice que encuentra sofware malicioso instalado en mi ordenador en dos ficheros c:\windows\system32\......y lo que me da miedo es que alguien pueda leer mis datos o descargase mis programas que contienen muchos datos privados así que trabajo con un ordenador y con otro me conecto a internet. Crees que mi virus sigue activo o solo esta el nombre del fichero?. gracias
Nueva versión del Hijack This : 1.99.1
Bajar :
http://www.merijn.org/files/hijackthis.zip
Descarga y descomprimes creando su propia carpeta, con todos los programas cerrados incluso el internet explorer, lo ejecutas, pulsa scan y luego en save, se abrira un fichero log txt con el resultado, haz un copiar y pegas el resultado como respuesta a este tema.
Lanzala en modo normal, modo seguro NO.
Saludos
maura63
Bajar :
Descarga y descomprimes creando su propia carpeta, con todos los programas cerrados incluso el internet explorer, lo ejecutas, pulsa scan y luego en save, se abrira un fichero log txt con el resultado, haz un copiar y pegas el resultado como respuesta a este tema.
Lanzala en modo normal, modo seguro NO.
Saludos
maura63
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
Quien hace una pregunta,teme parecer ignorante durante cinco minutos.Quien no pregunta se mantiene ignorante toda la vida. (Ortega y Gasset)
Quien hace una pregunta,teme parecer ignorante durante cinco minutos.Quien no pregunta se mantiene ignorante toda la vida. (Ortega y Gasset)