Check out some similar questions!

yasasin1 · Oct 2, 2005, 12:52 PM

Hi ,
Got a problem getting rid of Elitum.EliteBar
I've got the removal tool ran it in safe turned of system restore
Ran ccleaner and window washer but it keeps regenarating itself
Spybot s&d found it
I saw the manual removal instructions but they aren't very clear
Any ideas how to purge this pest

Ps what sort of threat is it

Thanks :o

ScottGem · Oct 2, 2005, 03:47 PM

First what A/V do you use? Second what about the removal instructions wasn't clear?

yasasin1 · Oct 3, 2005, 12:30 AM

Originally Posted by ScottGem

First what A/V do you use? Second what about the removal instructions wasn't clear?

I've got bullguard ,adaware , micro beta , spy bot s&d and spywareblasater

S&D found it and seems to be the only one that does

OK instructions
It was the close running programmes part , and dissabling dlls
Also when I run removal tool after a bit I get a message saying something about two temp files being used by other programmes and a Y/N question but no matter what I answer it doesn't remove it

Also got ccleaner and window washer

Spybot fixes the problem but it keeps re appearing after any re start
Here's were it is HKEY_Local_machine\system\currentcontrolset\servic es jm5289
I can jump to location and manually delete it except for one part that windows can't access first part
This thing is annoying
Thanks for replying gratefull for any assistance :)

fredg · Oct 3, 2005, 04:15 AM

Hi,
There are many, many references to this Spyware Elitum on google.com, dogpile.com, and othe search engines.
Most removal tools are "buy" tools with their program. The free scans will scan for it, but when it finds it, will not repair it until you buy their program.
Here is something you can try; it will not harm your computer.
Have you tried running your Spyware scans in SafeMode??
Follow these instructions, and see if it will get rid of it.

If you think you already have Spyware/Advertising Ware in your computer, run these as follows:

http://www.security-related.com/download2.htm
Download: SpyBot Search & Destroy; 1.3
(If you use the Spyware Blaster free program, then don't set SpyBot to the Immunization feature)

AdAware at:
http://www.lavasoftusa.com
Download: AdAware_SE V 1.06

CWShredder at:
http://www.intermute.com/products/cwshredder.html
(CWShredder is intended only for removal of CoolWebSearch files; placed as spyware on the harddrive). It is not a "stand alone" scan, but needs to be run. Download the free version by clicking on "Download stand alone version of CW Shredder".

All 3 of the above programs run better and much faster when run in SafeMode.

To get into SafeMode:
Re-boot the computer, and immediately after starting up, Press and hold down, F8, at top of keypad.
When the options show on the screen, use the up and down arrow keys on the keyboard to select
"Safe Mode".
Press Enter

It's best to run the AdAware scan first; 3 times; then re-boot.
Then, run the AdAware scan again 3 times; then run the SpyBot. Then, run CWShredder.
Re- Boot.
Reason for running so many times:
Some of these trojans' files can be deleted the first time; leaving some others; but on re-boot, they re-write the files that were deleted.
Running multiple times deletes most of it the first time.

If you wish to have a great program, after you clean out Spyware/Advertising Ware:
This program stops this stuff from getting into the computer in the first place, by placing URL's in the browser, stopping them instantly. One of the Very Best free programs anyone can download!

SpyWare Blaster 3.3

http://www.javacoolsoftware.com/sbdownload.html

Best of luck,
fredg

ScottGem · Oct 3, 2005, 05:48 AM

Originally Posted by yasasin1

ive got bullguard ,adaware , micro beta , spy bot s&d and spywareblasater

ok instructions
it was the close running programmes part , and dissabling dlls
also when i run removal tool after a bit i get a message saying something about two temp files being used by other programmes and a Y/N question but no matter what i answer it doesnt remove it

Ok, Closing all running programs means to close anything running in the background. You can do this by going into Task Manager. But that may not be enough. Your best choice is to boot to Safe Mode (see Fred's instructions). This is a diagnostic mode that does a minimal load of Windows. All unnecessary programs and DLLs are not loaded. Run S&D from that or follow the manual instructions.

yasasin1 · Oct 3, 2005, 08:18 AM

I like the sound of diagnostic mode also the run scans 3 times will try both and let you all know how it goes
This must be the worst trojan out there lol
Thanks again all :)

Edit...
Tried all things still there I've contacted spybot and bullguard
Next step the PC doctor :(
Thanks ayway folks :)

Ps if I find out how to purge it I will post solution for others
Thanks again

fredg · Oct 4, 2005, 06:17 AM

Hi,
Here is a link:

http://www.mytechsupport.ca/support/...?TOPIC_ID=8335

It's referring to the Elite Bar, and you won't believe what you will see.
There has to be an easier way to get rid of this Spyware from Hell.
If I find it, I will let you know. As you discovered yourself, it seems that running in SafeMode doesn't work either!
If you don't find anything else to try, you can always Edit the Registery. But, BE CAREFUL, and you would want to create a backup copy first, by simply shutting down the computer, turn if off, wait a few seconds, then turn it back on. It will save a good Registry that you can access later if you do something with the Registry, causing the computer to not start again.
You could try the following:
Go to Start/Run then type in REGEDIT, then click on OK. This brings up the Registry. At the top, click on Edit, then Find.
In the space, type in anything associated with Elitum.Elite Bar.
You could try typing in elitum, then remove the checkmark by "Match whole string only". Then click on Find Next.
If it finds the word you are looking for, then Right click on what it found, and Left click on Delete. Press F3 to continue the search.
After that, you could try typing in the words elite bar.
And, search for that.
After you finish, click on File, then Exit.
Re-boot. If the computer will not boot up, then turn it off.
Restart it, pressing the F8 key, and when it goes into the menu, select the "Last Known Good Configuration", and press Enter. This will replace the bad registry with the last known good one.
If you try this, you do so AT YOUR OWN RISK.
I have editied my own registry many times, and this does work.
Best of luck,
fredg
Best of luck,
fredg

yasasin1 · Oct 4, 2005, 09:29 AM

I have edited my registryand all files are deleted except 1 it won't allow me to delete.
it is ab in a box at the side named reg-sz and says value not set .
this is the only bit I can't remove any sugestions on this.
you have been a great help with this so far .

ps
other info I have
advice given is to ignore (put on s&d ignore list) win xp sp2 should stop along with adaware and spyware blaster
only other suggested advice is to reformat or scrap hard disk
thanks again

yasasin1 · Oct 5, 2005, 01:02 AM

Did what you said on your last post also got rid of these files on hijackthis

04-HKLM\.. Run:[ALi5289]C:\Program Files\ULI5289.exe
04-HKLM\.. Run:[JMAP5289]C:\ProgramFiles\ULI5289\JMAP5289.exe

Thanks very guys for all your help. :D :D :D

fredg · Oct 5, 2005, 05:40 AM

Hi,
YAAA-a-a-a-a-a-a-a.
I'm so glad you got rid of it.
It's great when "a plan comes together"!!
Best wishes,
fredg

yasasin1 · Oct 8, 2005, 06:15 AM

Yeah

Thanks guys great help PC working a OK
:D :D