EliteToolbar Remover V.2.1.2
Freeware anti-malware (Updated: 16 Oct. 2005)


The new EliteToolbar Remover deletes any traces of the following persistent malwares:

EliteBar (adware toolbar)
EliteToolbar (adware toolbar)
EliteSidebar (adware toolbar)
BargainBuddy (Adware)
Browser Aid (adware toolbar)
CashToolbar (adware toolbar)
FreshBar (also known as: ADW_FRESHBAR.B, adware)
GameSpy (adware)
InternetExplorer Plugin (adware)
MoneyTree (adware)
Nail.exe (Trojan)
NaviSearch (Adware)

navpsrvc.exe (also known as: W32/Forbot-EF, worm)
SearchMeUp (adware toolbar)
SideStep (spyware)
Spybot - Randex (Worm)
SupportSoft (spyware)

SurfSideKick (malware)
Win32.RBot (Worm)

winmon.exe (also known as: W32/Agobot-KA, trojan)
WinMoviePlugIn (adware)

... and many others! Too much to list!

Last update: 16th October 2005

Technical Summary of the EliteToolbar malware (now known as PokaPoka):

Name: EliteBar IE Toolbar

Company: Search Miracle (www.searchmiracle.com)

Description : EliteBar (ELITETOOLBAR VERSION xx.DLL) IE toolbar. Component of SearchMiracle.
Adware applications, toolbars and browser extensions may serve advertisements even while you are not surfing the Internet.
This application may serve various types of advertising, not limited to pop-up ads. It may result in blocking the activity of a PC user since this malware consumes a lot of memory because it constantly monitors if someone is deleting it from the registry or is trying to kill it in some way. It may also block anti-virus programs and contains a list of *.exe program names in memory to block them if it detects they are running in the task manager.

Summary of the EliteToolbar Remover v.2.1.x:

A lot of people around Internet are having problems with one of the latest Elitetoolbar malware variants, the new variants are called PokaPoka but this pest used a lot of other names in the past.

Actually some software like Spybot v.1.3, CWShredder v.2.12, Noadware, Adaware v.6, SpyNuker 2004 and SBC Yahoo! Anti-spy have no success in deleting this very frustrating malware. These programs find and delete it, but it keeps coming back since this new variant is very difficult to remove from the operating system.

The main problem is that the malware creates a lot of registry entries and executes at PC startup, winding itself into RAM and deletes its own *.exe from the C:\Windows\System32 directory.

When ordinary tools try to remove it, they only clean the registry calls, the C:\Windows\EliteToolbar directory and the cabinets files where it originated from, but they don't take any action against the malware itself that is currently running in RAM and waiting for the PC OS to be shut down only to repeat the infestation once again!

This new version of the EliteToolbar has all the previous disadvantages of the CoolWebSearch malware and some new ones including pop-up windows every 2 minutes, a permanent block of the Google Toolbar (if present), redirecting of any instances of Google and Yahoo web-browsing, and so on...

This is a very tricky situation that keeps frustrating people who experience it!

We, at SimplyTech.it, in early January 2005, released a freeware utility that helped you restore your OS functionality by killing this malware. Since this version 1.0 of our EliteToolbar Remover, the silly guys at EliteToolbar have released some new variants of their malware. The variants in circulation from the end of January 2005, in fact, do a cache detect of the words: "EliteToolbarRemoverV10.zip" which was the old name of our previous version 1.0.

If you are trying to download it from a mirror site you will receive the following error:

''Cannot copy file, Cannot read from file source or disk''

This is not a message from your operating system, but a stupid message from the malware that is actually running in your PC.

The new variants of the malware also completely conceal the presence of the EliteToolbarRemoverV10.exe, so that if you are opening the archive you can only see the readme.doc file that is attached to that and you cannot see the *.exe even if though it is really there! After all, these are very clever programmers, aren't they?

Anyway, it is sure that these people will also blacklist the new name of the zip we are using now, so if this occurs and some new variants will circulate the Internet from today we suggest you to download the software to another PC and take it on a diskette or a USB pendrive and run it on the infected PC in Safe Mode, as usual.

Look carefully at what you have to do:

The only thing you have to do is to reboot your machine in Safe Mode (just click the F8 key as the PC is starting, just before the MS Windows flag screen appears) and run the EliteToolbar Remover, then click the "Kill Elite Toolbar" button and wait until it finishes its work.

Occasionally a DOS box may appear asking your permission to delete some files in temporary Windows directories. You must accept the deletion of these to be sure of properly removing the malware!

What's new in Version 2.1.x?

This version solve some minor bug of the v.2.1.0 wich has been released the 02nd of October and follows a two months Beta V.2.0.1 release wich was distributed in the http://www.simplytech.it/forum/.

This version take care of the new and very hard “PokaPoka” variants of the EliteToolbar malware. The PokaPoka series uses some new skill to attack your pc without leaving a sign. It uses a dll wich the people behind the malware have called Nt_HideXX.dll wich makes “trasparent” the presence of the PokaPoka process and inject it in any running task. So, that’s why killing this malware in Normal Mode is virtually impossible but we did a little miracle by using some new attack to this malware. This time onward, when ETRemover finds a PokaPoka infestation, it will split its work in two steps and will complete the second step after a Re-Boot in Normal Mode. So, from the current version ETRemover could be run just in Normal Mode if you want to kill the PokaPoka malware and will do its work in two sessions (the present boot and the further boot). If you want to remove the infestation in just one session you can simply go in Safe Mode and run the program from there. You’ll be sure to remove this and other infestations in that way.

The ETRDFN.DAT file is the file wich contains the malware definitions.

What was new in the previous versions?

The previous programs inducted features like:

- a complete real-time processes-manager

- the automatic detection of the EliteToolbar malware even if the system is running in Normal Mode, even though it is strictly suggested to run the program in Sade Mode!

- it is possible to dump a process while it is running to save it in a *.dmp file that can be useful when a new variant of the malware is in circulation and you want to send it to us to check for it

- the program generates a Registry Log file by clicking on the button: "Save Reg. Log".
This file shows a list of the auto-run keys, subkeys and values from your System Registry.

From the version 1.1.B, the program defeats also some variants of the BrowserAid and the CashToolbar malwares.

From the version 1.2.2, the program defeats also the following malwares: SearchMeUp, FreshBar and the navpsrvc.exe infestation. This last is a NEW persistant worm wich steals informations from the pc and acts as a key-logger put your privacy and security unders a serious risk!

EliteToolbar Remover Live Update:

The EliteToolbar Remover has automatic live update function: by using the command "Check for updates..." in the menu of the program it will search if a new version is available in our site, and will let you download it if necessary.


To download the *new* version 2.1.2 of the program click here!

The program has also permanent mirrors here at Softpedia.com, here at MajorGeeks.com and here at BetaNews.com

Do you have an error message-box that says you need the Msinet.ocx or Comctl32.ocx?

You can download the DLLs.zip from here and register the 2 ocx it via Regsvr32 (by following the instructions in the file ReadMe.txt), or you can download the EliteToolbar Remover Setup Kit from here! (This last will be easiest ;) )

Note: since it is a freeware the program may be redistribuited everywhere!

To support us and to keep some new freeware coming soon or later, we would appreciate a donation from our users. Any amount would be greatly appreciated... YES! Also one single dollar... why not? :)
By clicking the donation link below, you will be able to make a donation to us using PayPal. It's fast, easy and secure.

If you want to do a donation but you have not a PayPal account, you can copy my address from the following picture and send me a donation via mail if you want :)

Thank You for your support!! :-)

For any question or problem, or if you want to advise us of the presence of some new variant of the malware, you can contact us by writing a mail to giancarlo@simplytech.it or you can put a message in the EliteToolbar Remover section of our forum here. You will have a reply in the shortest time.


The program has been awarded with 5 stars
and won a SoftPedia Pick Award.

Programa Recomendado en UpToDown.com
Programa Recomendado en UpToDown.com



[c] 2005 SimplyTech

Do you need a fast help?

If you need a help and you have ICQ you can contact us via that way, the picture below shows if we are online or not.

SimplyTech 195566548

ICQ Inc. All Rights Reserved. Use of ICQ2Go Panel is subject to the ICQ Terms of Service.


Do you need a
Remote Assistance?

If you need a Professional REMOTE ASSISTANCE we have the solution for you! We have developed a new way to be in contact with our customers.

Many time people have problems related to persistent malwares, virus or spywares that run in their pc and they cannot get rid of them with common antivirus in commerce.

We have can give you a TOP assistance with the lowest price! We can run in your pc with our new software called RemoteHelper wich give us a complete access to your pc. Why asking for a IT expert to come to your house to solve your problems when we can do the same via Internet?

The service is based on a "On Demand" basis, if you need our help we can give you that and you are not asked to pay until we have not finished our work. If we will not get rid of your persistant virus or other problems you want to solve we won't ask you a cent!

To learn more about SimplyTech RemoteHelper please go here!