Why doesn't MSASW detect EliteBar???

[Johan Lind]

A friend of mine got Elitebar on his computer...

What is most annoying abut this is that it loads a heap of pop ups with
frequent intervals, that advertises various drugs and pills.

After running the MS AntiSpyware on that machine it neither detected or
deleted any of the files connected to that malware. Will this be
rectified in later versions of this program? In any case it's weird that
it goes by without a single notice...


More may be read about the EliteBar Ad ware here:
http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html

I dare not let my friend loose in the registry so someone please help
the dude out!
//Johan

 

[sdf]

search for remove elite toolbar geocities. there is a cool
safe mode exe to run - gets rid of it

 

[Johan Lind]

search for remove elite toolbar geocities. there is a cool
safe mode exe to run - gets rid of it


of pop ups with


neither detected or


this be


it's weird that


please help

Thanx mate, that search gave some impressive results!

TRhanx for a speedy answer SDF!!!
//Johan

 

[Bill Sanderson]

If you can do it, submit a Tools, suspected spyware report, and tell
Microsoft that EliteBar is in place on the machine.

I doubt that this is an intentional non-detection. If EliteBar were
removable via add or remove programs, maybe, but it doesn't sound like that
kind of app...

 

[Gary Tomlinson]

It isn't. Elitebar injects a code stub into one or more
legitimate running programs. Delete the registry entries
and executables, and the code stup kicks in and recreates
them. Not sure why MSASW is missing this, it's an awful
application.

 

[plun]

It isn't. Elitebar injects a code stub into one or more
legitimate running programs. Delete the registry entries
and executables, and the code stup kicks in and recreates
them. Not sure why MSASW is missing this, it's an awful
application.

Hi

Try this:

http://www.simplytech.it/ETRemover/

Reference:
http://uk.geocities.com/darren_st/etb/

 

[Bill Sanderson]

I see that Sunbelt claims to catch it:

http://research.sunbelt-software.com/threat_display.cfm?name=SearchMiracle.EliteBar

It should either be embarassing, silly, or bordering on obnoxious to need to
post such information from a competitors site in order to attempt to divine
information about whether Microsoft Antispyware can/is capable of/etc
handle a particular threat, but in the absence of any clear information
about threats handled, this is as close as I can come.

They don't date these pages, so I've no idea whether this is new, old,
outdated, etc, but at least it has some concrete information about files
involved that may be useful, in case a new variant is involved in this
thread.