EliteBar removal

Posted on 2005-05-02
Medium Priority
Last Modified: 2013-12-04
Hi, cannot get rid of popups caused by what I believe is part of EliteBar that keeps regenerating itself in the registry at HKEY Local Machine\Software\MicrosoftWindows\Current version\run

It is called elitexhi32.exe

I have tried the manual removal solution posted earlier on this site, but to no effect.  The DLLs which I am supposed to unregister do not exist according to Regsvr32 /u command.

I have run SpyBot, PestPatrol, HiJackThis, CWShredder, AdAware in both Windows and Safe Mode and deleted anything found.  HiJack this will detect it and I select Fix, but less than 2 minutes later the file pops back up in the registry and the ads return.

Any ideas?  Thanks.
Question by:AA095927
LVL 10

Expert Comment

ID: 13909904
Did you check your services?  Sometimes spyware will install a service which regenerates these files.  You may need to stop or uninstall this service.
LVL 38

Expert Comment

by:Rich Rumble
ID: 13910316
Using Xp or winME? Turn off system restore, then scan with ad-aware or spybot
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

LVL 12

Accepted Solution

rossfingal earned 500 total points
ID: 13910540

Just remembered this - here's a utility that may work:

Please download miekiemoes' LQfix batch here:
Unzip it to the desktop but do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:

Once in Safe Mode, please run LQfix.bat.  When finished, restart your computer in normal mode.

Hope this helps.

Expert Comment

ID: 13912062
Are you able to find and delete the file elitexhi32.exe, or do you get an "access denied" message?  What folder is it in?  If you can remove the files and registry settings, do they return if there is no connection to the internet?  
LVL 15

Assisted Solution

greyknight17 earned 500 total points
ID: 13914346
OK, this EliteBar could be a pain to remove.  But there is a tool that should remove it most of the time.  Download this program:


Unzip it.  Boot into Safe Mode by restarting and hitting the F8 key (or F5 in some systems) and then choose Safe Mode.  Now run that ETRemover.exe that you just unzipped.

Restart and you should be ok now.

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question