Il nuovo EliteToolbar Remover elimina ogni traccia dei seguenti persistenti malwares:

EliteBar(adware toolbar)
EliteToolbar (adware toolbar)
EliteSidebar (adware toolbar)
BargainBuddy(Adware)
Browser Aid (adware toolbar)
CashToolbar (adware toolbar)
FreshBar(also known as: ADW_FRESHBAR.B, adware)
GameSpy(adware)
InternetExplorer Plugin (adware)
MoneyTree(adware)
Nail.exe (Trojan)
NaviSearch (Adware)
navpsrvc.exe (also known as: W32/Forbot-EF, worm)
SearchMeUp (adware toolbar)
SideStep (spyware)
Spybot - Randex (Worm)
SupportSoft (spyware)
SurfSideKick (malware)
Win32.RBot (Worm)
winmon.exe (also known as: W32/Agobot-KA, trojan)
WinMoviePlugIn (adware)

... and many others! Too much to list!

Last update: 08th October 2005

Technical Summary of the EliteToolbar malware (now known as PokaPoka):

Name: EliteBar IE Toolbar

Company: Search Miracle (www.searchmiracle.com)

Description: EliteBar (ELITETOOLBAR VERSION xx.DLL) IE toolbar. Component of SearchMiracle.
Adware applications, toolbars and browser extensions may serve advertisements even while you are not surfing the Internet.
This application may serve various types of advertising, not limited to pop-up ads. It may result in blocking the activity of a PC user since this malware consumes a lot of memory because it constantly monitors if someone is deleting it from the registry or is trying to kill it in some way. It may also block anti-virus programs and contains a list of *.exe program names in memory to block them if it detects they are running in the task manager.

Summary of the EliteToolbar Remover v.2.1.1:

A lot of people around Internet are having problems with one of the latest Elitetoolbar malware variants, the new variants are called PokaPoka but this pest used a lot of other names in the past.

Actually some software like Spybot v.1.3, CWShredder v.2.12, Noadware, Adaware v.6, SpyNuker 2004 and SBC Yahoo! Anti-spy have no success in deleting this very frustrating malware. These programs find and delete it, but it keeps coming back since this new variant is very difficult to remove from the operating system.

The main problem is that the malware creates a lot of registry entries and executes at PC startup, winding itself into RAM and deletes its own *.exe from the C:WindowsSystem32 directory.

When ordinary tools try to remove it, they only clean the registry calls, the C:WindowsEliteToolbar directory and the cabinets files where it originated from, but they don't take any action against the malware itself that is currently running in RAM and waiting for the PC OS to be shut down only to repeat the infestation once again!

This new version of the EliteToolbar has all the previous disadvantages of the CoolWebSearch malware and some new ones including pop-up windows every 2 minutes, a permanent block of the Google Toolbar (if present), redirecting of any instances of Google and Yahoo web-browsing, and so on...

This is a very tricky situation that keeps frustrating people who experience it!

We, at SimplyTech.it, in early January 2005, released a freeware utility that helped you restore your OS functionality by killing this malware. Since this version 1.0 of our EliteToolbar Remover, the silly guys at EliteToolbar have released some new variants of their malware. The variants in circulation from the end of January 2005, in fact, do a cache detect of the words: "EliteToolbarRemoverV10.zip" which was the old name of our previous version 1.0.

If you are trying to download it from a mirror site you will receive the following error:

''Cannot copy file, Cannot read from file source or disk''

This is not a message from your operating system, but a stupid message from the malware that is actually running in your PC.

The new variants of the malware also completely conceal the presence of the EliteToolbarRemoverV10.exe, so that if you are opening the archive you can only see the readme.doc file that is attached to that and you cannot see the *.exe even if though it is really there! After all, these are very clever programmers, aren't they?

Anyway, it is sure that these people will also blacklist the new name of the zip we are using now, so if this occurs and some new variants will circulate the Internet from today we suggest you to download the software to another PC and take it on a diskette or a USB pendrive and run it on the infected PC in Safe Mode, as usual.

Look carefully at what you have to do:

The only thing you have to do is to reboot your machine in Safe Mode (just click the F8 key as the PC is starting, just before the MS Windows flag screen appears) and run the EliteToolbar Remover, then click the "Kill Elite Toolbar" button and wait until it finishes its work.

Occasionally a DOS box may appear asking your permission to delete some files in temporary Windows directories. You must accept the deletion of these to be sure of properly removing the malware!

What's new in Version 2.1.1?

This version solve some minor bug of the v.2.1.0 wich has been released the 02nd of October and follows a two months Beta V.2.0.1 release wich was distributed in the http://www.simplytech.it/forum/.

This version take care of the new and very hard “PokaPoka” variants of the EliteToolbar malware. The PokaPoka series uses some new skill to attack your pc without leaving a sign. It uses a dll wich the people behind the malware have called Nt_HideXX.dll wich makes “trasparent” the presence of the PokaPoka process and inject it in any running task. So, that’s why killing this malware in Normal Mode is virtually impossible but we did a little miracle by using some new attack to this malware. This time onward, when ETRemover finds a PokaPoka infestation, it will split its work in two steps and will complete the second step after a Re-Boot in Normal Mode. So, from the current version ETRemover could be run just in Normal Mode if you want to kill the PokaPoka malware and will do its work in two sessions (the present boot and the further boot). If you want to remove the infestation in just one session you can simply go in Safe Mode and run the program from there. You’ll be sure to remove this and other infestations in that way.

The ETRDFN.DAT file is the file wich contains the malware definitions.



What was new in the previous versions?

The previous programs inducted features like:

- a complete real-time processes-manager

- the automatic detection of the EliteToolbar malware even if the system is running in Normal Mode, even though it is strictly suggested to run the program in Sade Mode!

- it is possible to dump a process while it is running to save it in a *.dmp file that can be useful when a new variant of the malware is in circulation and you want to send it to us to check for it

- the program generates a Registry Log file by clicking on the button: "Save Reg. Log".
This file shows a list of the auto-run keys, subkeys and values from your System Registry.

From the version 1.1.B, the program defeats also some variants of the BrowserAid and the CashToolbar malwares.

From the version 1.2.2, the program defeats also the following malwares: SearchMeUp, FreshBar and the navpsrvc.exe infestation. This last is a NEW persistant worm wich steals informations from the pc and acts as a key-logger put your privacy and security unders a serious risk!

EliteToolbar Remover Live Update:

The EliteToolbar Remover has automatic live update function: by using the command "Check for updates..." in the menu of the program it will search if a new version is available in our site, and will let you download it if necessary.