elitum.elitebar.pokapoka

**gopher** · 2007-11-16, 05:49

I got this in a Spybot scan, and just let Spybot fix it. On the next scan a week or so later, I got it again. I looked it up to see what it was, and found out what it was supposed to do. I don't have any of the random registry entries it's supposed to create (I checked half a dozen or so), it's not adding stuff to my favorites list or to my computer's processes as far as I can see, and it's not hijacking my browser. And it keeps showing up in Spybot scans. Is this really on my computer, or is it a false positive? I use IE6 on WinXP SP2, constantly updated; Spybot, WinPatrol, SpywareGuard, SpywareBlaster, AVG Free & Windows Defender installed and updated regularly, and a few online malware scans, and Spybot is the only one picking this up as far as I know. If it's not a false positive, I would appreciate some expert advice in making this disappear from my computer. Thanks.

**Yodama** · 2007-11-16, 07:25

please follow the steps in this sticky
for reporting a possible false positive.

**gopher** · 2007-11-16, 07:56

But what if it isn't a false positive? How can I tell?

**tashi** · 2007-11-16, 08:20

Originally Posted by gopher

But what if it isn't a false positive? How can I tell?

Once you provide the report, Yodama will be able to inform you if it is a false positive or not.

**gopher** · 2007-11-16, 08:59

Ok, I found all the info requested. How do I post it? I can send the reports as an email attachment (need an address), or copy and paste it as a reply in this forum, or do you have another preferred method?

**gopher** · 2007-11-17, 05:29

I have WinXp SP2 Home, Internet Explorer 6.

This is the last clean report before elitebar:
--- Report generated: 2007-11-04 21:47 ---

Microsoft.Windows.Security.InternetExplorer: [SBI $A3433CBF] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4063778703-1048953030-487377227-1007\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe

--- Spybot - Search & Destroy version: 1.5 (build: 20071005) ---

2007-10-07 blindman.exe (1.0.0.6)
2007-09-24 SDDelFile.exe (1.0.0.1)
2007-10-07 SDMain.exe (1.0.0.4)
2007-10-07 SDShred.exe (1.0.1.2)
2007-10-07 SDUpdate.exe (1.0.7.4)
2007-10-07 SDWinSec.exe (1.0.0.10)
2007-10-07 SpybotSD.exe (1.5.1.17)
2007-10-07 TeaTimer.exe (1.5.0.11)
2007-10-23 unins000.exe (51.48.0.0)
2007-10-07 Update.exe (1.4.0.5)
2007-10-07 advcheck.dll (1.5.4.2)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-10-07 SDHelper.dll (1.5.0.10)
2007-10-07 Tools.dll (2.1.3.2)
2007-10-31 Includes\Cookies.sbi (*)
2007-10-31 Includes\Dialer.sbi (*)
2007-10-31 Includes\DialerC.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-10-31 Includes\HijackersC.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2007-10-31 Includes\KeyloggersC.sbi (*)
2007-10-24 Includes\Malware.sbi (*)
2007-10-31 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2007-10-31 Includes\PUPSC.sbi (*)
2007-10-31 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-10-31 Includes\SecurityC.sbi (*)
2007-10-24 Includes\Spybots.sbi (*)
2007-10-31 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-11-01 Includes\Trojans.sbi (*)
2007-10-31 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll

This is the report from when elitebar was found:
--- Report generated: 2007-11-08 07:40 ---

Elitum.Elitebar.Pokapoka: [SBI $DB502C11] Executable (File, nothing done)
C:\Documents and Settings\Touch System\Local Settings\Temp\~setuptmp0\irsetup.exe

eSupport.FFBiosExt: [SBI $12D696B9] System file (File, nothing done)
C:\WINDOWS\system32\drivers\TVICHW32.SYS

--- Spybot - Search & Destroy version: 1.5 (build: 20071005) ---

2007-10-07 blindman.exe (1.0.0.6)
2007-09-24 SDDelFile.exe (1.0.0.1)
2007-10-07 SDMain.exe (1.0.0.4)
2007-10-07 SDShred.exe (1.0.1.2)
2007-10-07 SDUpdate.exe (1.0.7.4)
2007-10-07 SDWinSec.exe (1.0.0.10)
2007-10-07 SpybotSD.exe (1.5.1.17)
2007-10-07 TeaTimer.exe (1.5.0.11)
2007-10-23 unins000.exe (51.48.0.0)
2007-10-07 Update.exe (1.4.0.5)
2007-10-07 advcheck.dll (1.5.4.2)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-10-07 SDHelper.dll (1.5.0.10)
2007-10-07 Tools.dll (2.1.3.2)
2007-11-07 Includes\Cookies.sbi (*)
2007-10-31 Includes\Dialer.sbi (*)
2007-11-07 Includes\DialerC.sbi (*)
2007-11-07 Includes\Hijackers.sbi (*)
2007-11-07 Includes\HijackersC.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2007-11-07 Includes\KeyloggersC.sbi (*)
2007-11-07 Includes\Malware.sbi (*)
2007-11-07 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2007-11-07 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-11-07 Includes\SecurityC.sbi (*)
2007-11-07 Includes\Spybots.sbi (*)
2007-11-07 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2007-11-07 Includes\Trojans.sbi (*)
2007-11-07 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll

This is the report from when elitebar was 'fixed':
--- Report generated: 2007-11-08 09:11 ---

Elitum.Elitebar.Pokapoka: [SBI $DB502C11] Executable (File, fixed)
C:\Documents and Settings\Touch System\Local Settings\Temp\~setuptmp0\irsetup.exe

eSupport.FFBiosExt: [SBI $12D696B9] System file (File, fixed)
C:\WINDOWS\system32\drivers\TVICHW32.SYS

--- Spybot - Search & Destroy version: 1.5 (build: 20071005) ---

2007-10-07 blindman.exe (1.0.0.6)
2007-09-24 SDDelFile.exe (1.0.0.1)
2007-10-07 SDMain.exe (1.0.0.4)
2007-10-07 SDShred.exe (1.0.1.2)
2007-10-07 SDUpdate.exe (1.0.7.4)
2007-10-07 SDWinSec.exe (1.0.0.10)
2007-10-07 SpybotSD.exe (1.5.1.17)
2007-10-07 TeaTimer.exe (1.5.0.11)
2007-10-23 unins000.exe (51.48.0.0)
2007-10-07 Update.exe (1.4.0.5)
2007-10-07 advcheck.dll (1.5.4.2)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-10-07 SDHelper.dll (1.5.0.10)
2007-10-07 Tools.dll (2.1.3.2)
2007-11-07 Includes\Cookies.sbi (*)
2007-10-31 Includes\Dialer.sbi (*)
2007-11-07 Includes\DialerC.sbi (*)
2007-11-07 Includes\Hijackers.sbi (*)
2007-11-07 Includes\HijackersC.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2007-11-07 Includes\KeyloggersC.sbi (*)
2007-11-07 Includes\Malware.sbi (*)
2007-11-07 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2007-11-07 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-11-07 Includes\SecurityC.sbi (*)
2007-11-07 Includes\Spybots.sbi (*)
2007-11-07 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2007-11-07 Includes\Trojans.sbi (*)
2007-11-07 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll

Since then it's come back a few times and has been 'fixed' whenever it's shown up.

**gopher** · 2007-11-20, 17:02

Elitebar showed up again this morning on my scan. I haven't fixed it yet, so I can send a before and after on the results, and I can do the same for an HJT scan if you'd like. Spybot is set at the default settings, so if you want that changed, let me know.

**gopher** · 2007-11-21, 16:28

I scanned my computer with Spybot yesterday morning, and found out elitebar was back. I didn't fix it, but I did shut Spybot down and restart it, and scanned again. It came up again on the second scan. Again, I didn't fix it. After work when I got home, I scanned again and Spybot came up clean. It showed up twice in the morning, was never fixed, and yet it's gone, like magic. Is this thing a false positive or isn't it?

Thread: elitum.elitebar.pokapoka

Thread Tools

Display

elitum.elitebar.pokapoka

Posting Permissions