English 
Deutsch
Español
Français
Portuguese
EliteBar EliteBar
By
GoldSparrow in 
Loading ...
EliteBar Description
EliteBar is a widely-spread trojan that displays unsolicited commercial advertisements, changes Internet Explorer default home and search pages and redirects the web browser to undesirable web sites. The parasite also secretly downloads from the Internet and executes potentially harmful files, removes installed Internet Explorer toolbars, adds numerous bookmarks to the Favorites list and blocks access to some web resources. EliteBar is able to hide its processes by injecting malicious code into legitimate tasks and system components. The trojan automatically runs on every Windows startup.
Type: Browser Hijackers
Aliases: AdWare.ToolBar.EliteBar.z, Adware/EliteBar,, ADW_ELITEBAR.N.
How Can You Detect EliteBar?
EliteBar Technical Report
As new EliteBar details are reported by our customers and findings from our Threat Research Center, we will update this section.
The following EliteBar files with its MD5s were created in the system:
| File Name | File Size | MD5 |
|---|
| wuauclt.exe | 72704 | 2254457213510df63c482be5a95f2625 |
| elitepeg32.exe | 11881 | 3e96658ca748eceda34e5b7f4ced3095 |
| elitebfv32.exe | 11593 | 825b6e2f440cbff32e340ff0d59b66cc |
| elitebsh32.exe | 11589 | 39eb6705ef3936d61e168abde344bf98 |
| nt_hide79.dll | 49152 | 3bfe5760545429dd1d9d0ba7feae3f8b |
| protector[1].exe or sideb[1].exe or silent_install[1].exe | 184320 | 02b601aba63bf920282db6bb831e0235 |
| pokapoka79.exe | 148480 | 807fcb10c817836af1f0f6f5e9b944f4 |
EliteBar has typically the following processes in memory:
- pokapoka63.exe
- pokapoka78.exe
- silent53.exe
- elitetoolbar.dll.
- nt_hide_[number].dll
- elitetoolbarversion59.dll
- xud_63.dll
- sb.exe
- ptf_0006(2).exe
- elite.ocx
- nt_hide76.dll
- motoin.exe
- preInsln.exe
- wuauclt.exe
- elite toolbar.exe
- pre8.exe
- toolbar.exe
- elitebarversion[number].dll
- xud_[number].dll
- nt_hide79.dll
- 1884629.dll
- sideb.exe
- msnavc32.exe
- Winupdate.exe
- sideb[1].exe
- AcsProxyStub.exe
- mm15201518.Stub.exe
- EliteBar version 40.dll
- c4t.exe
- protas.exe
- pokapoka76.exe
- silent093.exe
- elitesidebar[number].dll.
- 81635062.dll
- elitesidebar08.dll
- elitebar.dll
- protopro.exe
- Ed.exe
- pokapoka79.exe
- EliteToolBar version 60.dll
- sideb[2].exe
- preInsMM.exe
EliteBar creates the following registry entries:
- a74cd7de-ea6f-11d4-abf3-000102378429
- CAAB3B3F-E815-47D9-94FD-8BB9143C0077
- CA9FC31A-6F35-4493-B629-E64BD6170A17
- 0A1D22C3-37BE-470C-9C29-E3074EE0574B
- 28CAEFF3-0F18-4036-B504-51D73BD81ABC
- HKEY_CLASSES_ROOT\CGBand.BHO.1
- HKEY_CLASSES_ROOT\CGBand.CGBandObj
- Software\Microsoft\Internet Explorer\Toolbar\825CF5BD-8862-4430-B771-0C15C5CA8DEF
- CGBand.CGBandObj
- CGBand.UICGBandObj.1
- ohbbackup
- 825CF5BD-8862-4430-B771-0C15C5CA880F
- PLOT.PlotCtrl.1
- A9B28EF6-ABF3-463B-A3D8-4D0D0BADFADC
- 4AFF987A-773B-48E4-AEE8-08EBDDBDADF8
- a74cd7dd-ea6f-11d4-abf3-000102378429
- 02C20140-76F8-4763-83D5-B660107BABCD
- ED103D9F-3070-4580-AB1E-E5C179C1AE41
- HKEY_CLASSES_ROOT\CGBand.BHO
- HKEY_CLASSES_ROOT\CGBand.UICGBandObj.1
- 3ED2BC26-0FE0-0C1E-9AD9-02D27CACDECA
- CGBand.BHO.1
- CGBand.UICGBandObj
- Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\825CF5BD-8862-4430-B771-0C15C5CA8DEF
- Elitum
- A74CD7DF-EA6F-11D4-ABF3-000102378429
- DBF33E89-1784-42AC-ADE4-A428F56550A3
- 276B0903-EB4B-46FF-8304-F093DEF69DE7
- ED646219-20BF-41E5-80FD-EE49021DA599
- 8AA59E15-6E81-415C-B299-1ADFB50C8E1A
- BE8D0059-D24D-4919-B76F-99F4A2203647
- 825CF5BD-8862-4430-B771-0C15C5CA8DEF
- HKEY_CLASSES_ROOT\CGBand.UICGBandObj
- HKEY_CLASSES_ROOT\CGBand.CGBandObj.1
- CGBand.BHO
- CGBand.CGBandObj.1
- Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\825CF5BD-8862-4430-B771-0C15C5CA8DEF
- motoin
- 02C20140-76F8-4763-83D5-B660107B7A11
- 46605C8C-D306-4E2D-B367-9B53690CB867
Important Article Disclaimer
