elite keeps coming back

Hi there
Can anyone help please.
I have followed the instructions on "READ ME FIRST BEFORE ASKING......" and the only thing I couldn't do in Safe Mode was the Symantec Security Check which I did afterwards in Normal Mode.
However, every time I reboot and run my Ad-aware SE again, the same registry key referring to "elite" keeps popping up - I have deleted this key with Ad-aware, HiJack This and manually through regedit (in Safe Mode as well as Normal Mode). It has made no difference, the registry key keeps popping back again when running Ad-aware or HiJack This. There appears to be 2 keys (plus a third key) in the BHO section in the list.
I have pasted only these entries here (not the whole log):

O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)

Can anyone suggest anything to delete this once and for all?
Thanks
Barbiebut1

 

Hi Barbie,

Did you have System Restore (Assuming OS) OFF when you fixed the bad items? Try looking in Add/Remove Programs for EliteBar - Look in program files as well for an Elite Folder.

O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - (no file
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file) ---> These two are EliteBar remnants. As you can see, the files have been removed, probably by one of your tools.

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll ---> This is Legitimate and needed!


You should also send us a HijackThis Log to review. Please be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!

Should you need a Fresh Download of HJT, get it HERE: HijackThis v1.99

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

I’m not around this forum too often these days, but somebody will try to take a look when they get a chance.

Best
PP

 

Hi PhilliePan,
Thank you for reply.

I did have System Restore off, as per main instructions. Elite Bar had previously been removed by Add/Remove. I had also searched for all references to it and nothing remains (as far as I can see) other than these 2 keys that keep popping back.

As you suggest, I am attaching the HiJack This log file. It is the latest version I believe as I downloaded it a couple of days ago and it is v1.99.

I hope you, or someone reading this, is able to suggest how to zap that thing.

Thanks
Barbie

 

Hallo!

I have experienced the same problem yesterday! I dunno where and when but I had took this very bad malware! It took me some hours to defeat it but finally I did it!

I have released a freeware utility (EliteToolbar Remover v.1.0) that, used in Safe Mode, should delete this malware from the system.

You can freely using or re-distributing it if you want!

It is at: http://www.simplytech.it/ETRemover/

Best regars,

Simplytech

 

Hi Barbie,

Your HJT Log is clean. All you need to do is remove these remnants with HJT:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - (no file)
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)

If you have any trouble fixing these with HijackThis (I doubt you will), try temporarily disabling Spybot's Tea Timer and then fixing with HJT. This new version of HJT is really buggy - New one will be available soon!

Also, while you're here, have a peek at Chaslang's guide to keeping computers safe from malware!

PP

 

Perhaps you might Submit this tool to the Site Owners for review and possible addition to the site?

PP

 

YEEEEEEES! AT LAST!

Thank you soooo much.
I went through the whole procedure again, making sure I had turned off system restore, opened in safe mode. I removed the 2 keys with HiJack This and ran all other software suggested in "READ ME FIRST....", just to be sure. Have now rebooted in normal mode (did it twice to be sure) and the dratted thing WAS NOT THERE!!!!!

Thanks again
Barbie

 

You're Welcome!

You probably didn't have anything to worry about. I doubt there were any files left relating to those orphaned registry keys. Still, it's probably nice to get rid of the annoyance!

Best,
PP

 

Hallo! Thanks for your suggest, I'm going to write them asking if they want to add it in the site.

All the best,

SimplyTech

 

Dear M.Attitude hello,

since you have issued the old program I would to tell you that I have released a new version of the EliteToolbar Remover that is now at version 1.1

I will be honoured if you can update the version in your site with the new one that is very useful to defeat the new variants of the EliteToolbar that are circulating nowadays...

Please download it from my site and you will find there all the informations you may need about the new version:

http://www.simplytech.it/ETRemover/

All the best,

Giancarlo

www.simplytech.it

 

Glad to hear it! This EliteBar is a real pain to remove. I hope the new version gets it all!

PP