I found a nasty trojan when I was surfing last night that wouldn't take no for an answer. An invitation to install an error-checker from www.errorsafe.com. Apparently clicking anywhere on the window, including the x box, allows it to install itself on your computer. I knew I had a problem when the AVG Email Scanner was trying to download from a site that looked totally unfamiliar to me. I've shut down lots of running apps and have AVG scanning my computer. It's found "Exploit". Spyware Doctor is also running and has found 3 suspicious files. All this scanning is slowing my computer down somewhat, but better that than to be plagued with problems. Already Carly is yelling at me from her bedroom to say the internet isn't working on her computer or on the laptop.
My internet is working fine, and I hope all will be back to normal when I've cleaned the nasties up.
Okay, the rascal installed EliteBar, a Trojan Horse that redirects search requests, modifies internet settings, deletes previously installed toolbars and displays numerous advertisements. If you are seeing new toolbars in your browser, excessive popups, or your homepage has been changed, chances are you have been infected with an internet parasite.
An important point to remember when removing Elite Bar is to delete all parts of the Elite Bar code. This is a must as Elite Bar will rebuild itself and will result in further spreading of the spyware parasite. If you don't have spy remover software installed on your computer here are the instructions for manually removing the offending code:
Before you can delete it, the DLL file must be deregistered.
Open a DOS command prompt window (from Start->Programs->Accessories). Enter the following commands in the DOS window: cd "%WinDir%\System" regsvr32 /u elitesidebar 08.dll and cd "%WinDir%\System" regsvr32 /u elitetoolbar version 59.dll .
Open the registry (Start->Run->regedit) and delete the following keys and values: HKEYCLASSESROOT\CLSID{28CAEFF3-0F18-4036-B504-51D73BD81C3A} HKEYCLASSESROOT\CLSID\ {825CF5BD-8862-4430-B771-0C15C5CA880F} HKEYCLASSESROOT\Interface\ {A9B28EF6-ABF3-463B-A3D8-4D0D0BADFADC} HKEYCLASSESROOT\Interface\ {DBF33E89-1784-42AC-ADE4-A428F56550A3} HKEYCLASSESROOT\TypeLib{CA9FC31A-6F35-4493-B629-E64BD6170A17} HKEYCLASSESROOT\TypeLib{CA9FC31A-6F35-4493-B629-E64BD6170A17} HKEYLOCALMACHINE\Software\Elitum HKEYLOCALMACHINE\Software\Classes\CLSID\ {28CAEFF3-0F18-4036-B504-51D73BD81C3A} HKEYLOCALMACHINE\Software\Classes\CLSID\ {825CF5BD-8862-4430-B771-0C15C5CA880F} HKEYLOCALMACHINE\Software\Classes\Interface\ {A9B28EF6-ABF3-463B-A3D8-4D0D0BADFADC} HKEYLOCALMACHINE\Software\Classes\Typelib\ {CA9FC31A-6F35-4493-B629-E64BD6170A17} HKEYLOCALMACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\EliteBar Internet Explorer Toolbar
Now, remove the files with Windows Explorer: elitesidebar 08.dll, elitetoolbar version 59.dll, and suicidetb.exe.
After the deregistration, end the suicidetb.exe process from the Task Manager (ctrl-alt-delete). Having successfully done this you should be able to delete the entire "Elite Bar" folder in Program Files.
Leave a comment