SearchMiracle.EliteBar

[Chris]

Every time I start windows the antiSypware picks up this
SearchMiracle spyware and allows me to remove it but the
next time I load windows it's back. Has anybody run into
this before??

 

[Engel]

This is not my "procedure", but one provided by Andy
Manchesta (here, on the newsgoups) for someone else with
the same problem, as you have.

So go through it step by step and it should resolve your
problem. In any case, however, if you have problems or
questions - post them here And after cleaning the
system please scan it once again (just to check if nothing
has been left over).

So here it goes:

================ by Andy Manchesta ====================

Usually its not that hard to remove Elite bar but your
post says new variant so maybe the fixes below are already
out of date,try them in safe mode as well as the other
scanners you have,If this dont kill it then it may take
programs such as startdreck & hijackthis to reveal whats
going on. (Copy this to notepad so you can still view it
in safe mode if needed )

Turn off your system restore goto start>right click
mycomputer > choose properties > then goto system restore

check the box ' Turn off system restore ' then pressapply

and exit.

Re-enable system restore when you get it clean again by
following the above and uncheckin ' turn off system
restore' then press apply.

Download Ccleaner (remove temp & unused files)
http://download.ccleaner.com/download119bin.asp

Download the elite bar remover
http://www.simplytech.it/ETRemover/ETRemover_v130.zip

(This needs to be run in safe mode-reboot and tap F8
untill you see the option page then choose safe mode)

Run the above remover in safe mode with system restore
tuned off then Ccleaner on all 3 settings(windows,apps &
issues) and clear anything found reboot and see if it
still exists.


Plan B

If the problems are still there use this batch file & reg
fix Elite Bar Removal Batch File.

This attempts to remove all Elite Tool Bar entries .

Download from:
http://andymanchesta.com/Downloads/eliteremover.bat

Also download this regfix to remove all the reg values
related to elitebar

REGFIX DOWNLOAD

Right click this link and save the file to your desktop.
http://andymanchesta.com/Downloads/eliteremove.reg

Restart the PC in Safe Mode and then double click the .bat
file then run the reg fix.

Run the fix by double clicking on the eliteremove.reg file.

You will receive a message "Are you sure you want to add
information to the registry".

Click "Yes".
===================================================

 

[AndyManchesta]

Hey Chris ,

Thanks for that Engel but I need to correct myown post,
Because Elite changes alot and now uses a rootkit-like
effect that fix is abit outdated plus system restore
should not be touched untill the system is clean incase
anything goes wrong (All fixes for Elite should be run in
safe mode which means MS Antispy may remove this by
itself if used in safe mode).

I know its my fault for posting that but Ive seen too
many error's since then where genuine files have been
removed and the restore had been turned off.Could you
please replace that fix with this one for future
reference.

Any one of these can kill the infection but I will post
as many tools as possible to make sure you dont have
problems:

First Check Add/remove screen and remove these if found:

Elite Sidebar
Elite Toolbar

Download The Elitebar Remover

http://www.simplytech.it/ETRemover/ETRemover_V201.zip


Downloal Ewido Security Suite :

http://www.ewido.net/en/download/

Install ewido.
During the installation, under "Additional Options"
uncheck "Install background guard" and "Install scan via
context menu".
Launch ewido
On the left side of the main screen click update
Click on Start and let it update.
DO NOT run a scan yet. You will do that later in safe
mode.

Download Ccleaner and install to remove temp and unused
files

http://www.ccleaner.com/ccdownload.asp

Then reboot into safe mode (Reboot and keep tapping F8
then choose safe mode from the list)


Run Ewido & Elitebar Remover or MSAS on a complete system
scan and remove anything found

Next run Ccleaner and choose 'Run Cleaner'

Then goto Start menu and to Control Panel and
openInternet Options

Goto the Programs Tab and press Reset Web Settings , Then
back to the General Tab and enter the homepage you wish
to use into the homepage address box and press apply and
exit.

Then Reboot back to normal mode and things should now be
clean.

Then remove the infected restore points by either going
to Start Menu and right click my computer then goto
properties. Choose system restore and check the box 'Turn
off system restore' then press apply and exit, Reboot and
follow the above but uncheck the box 'Turn Off System
Restore' then press apply again

The other way is to goto start and to Help & Support then
click 'Undo changes to your computer with System
Restore ' when this opens press Create a restore point
and 'next' then name it and press create and then Close

Next goto Cleanmgr , Goto start and to run and type
cleanmgr and goto the more Options Tab, Press Clean Up on
the System Restore area to remove all the restore points
except the one you just created.

Your done!

If this doesnt fix it for you then you have a nasty
variant of Elite so then download this fixtool and run
this in safe mode

http://andymanchesta.com/Downloads/LQfix.zip

Im sure with the above info' all variants of Elite will
be killed without problems


Regards Andy