Content

Adware-EliteBar.dll

Type
Program
SubType
Application extension
Discovery Date
05/17/2005
Minimum DAT
4493 (05/17/2005)
Updated DAT
4683 (01/26/2006)
Minimum Engine
5.1.00
Description Added
05/17/2005
Description Modified
06/14/2005 6:51 AM (PT)

Tab Navigation

Characteristics

McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application.  If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software.
Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Summary

This is not a virus or a trojan. It is an adware program that belongs to searchmiracle.com. Upon execution, this application installs a toolbar in Internet explorer, modifies the default search page and favorites menu and pops up advertisements.

Privacy

No license agreement is displayed during installation, although one could be displayed by another installer if bundled with another application.

Installation

Filename : EliteBar version 59.dll
MD5  : 6b51045b8a8db3873823e1a525812225

Upon execution, the application connects to searchmiracle.com and installs EliteBar toolbar in Internet Explorer.

The following run entry is created in the system registry so that the application is activated on system startup.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|checkrun
"Value Data" = "c:\windows\system32\elitetun32.exe"

The following BHO is installed in Internet Explorer.

%WINDOWS%\EliteToolBar\EliteToolBar version 60.dll

The following Registry entries are added to hook system startup.

  • HKEY_CLASSES_ROOT\CLSID\
    {825CF5BD-8862-4430-B771-0C15C5CA8DEF}
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
    WebBrowser|{825CF5BD-8862-4430-B771-0C15C5CA8DEF}
  • HKEY_CLASSES_ROOT\CLSID\
    {28CAEFF3-0F18-4036-B504-51D73BD81ABC}
  • HKEY_CLASSES_ROOT\Interface\
    {DBF33E89-1784-42AC-ADE4-A428F56550A3}
  • HKEY_CLASSES_ROOT\Interface\
    {A9B28EF6-ABF3-463B-A3D8-4D0D0BADFADC}
  • HKEY_CLASSES_ROOT\CLSID\
    {825CF5BD-8862-4430-B771-0C15C5CA8DEF}
  • HKEY_CLASSES_ROOT\TypeLib\
    {CA9FC31A-6F35-4493-B629-E64BD6170A17}
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\
    Toolbar|{825CF5BD-8862-4430-B771-0C15C5CA8DEF}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
    CurrentVersion\Explorer\Browser Helper Objects\
    {28CAEFF3-0F18-4036-B504-51D73BD81ABC}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Elitum
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
    Uninstall\EliteBar Internet Explorer Toolbar

The default searchpage is modified to yupsearch.com/search.php.

The favorites menu is modified as shown below.

The following ads are displayed.

Aliases

Aliases

  • Adware.EliteBar.B (Symantec)
  • Adware.EliteBar.H (Virusbuster)
  • AdWare.ToolBar.EliteBar.z (Kaspersky)
  • Adware/EliteBar (Panda)