The information in Virtual Grub Street's computer postings is the result of thousands of web searches. It can not, however, possibly be complete. The subject is vast and constantly changing. Moreover, vendor uninstall tools and other freeware removal tools do not necessarily remove all of an infection from your computer. Vendor uninstall tools, for instance, may silently leave cookies or other tracking software installed. It is suggestible to follow up a removal with one or more adware scans and/or to do an inspection using a HijackThis log. The information on the page is not guaranteed correct and any use you may choose to make of it is entirely at your own risk.








Intro. The LQfix removal tool was created by a 30 year old Belgian woman who goes by the handle "miekiemoes". [M]iekiemos has long been a regular participant in numerous web forums.

The name "LQfix" refers to the fact that the tool removes the signature registry entry "HKCU\Software\LQ" as a key step of its process. It is not clear that any infection that does not include this entry can be removed by this tool.

Versions. There are two versions of LQfix that have been made available by free download since September 27, 2005. The first is refered to by the name "LQfix.exe". It is the full LQfix removal program. A new limited one-click batch-process version, for targetted use, is refered to as "LQfix.bat". LQfix.bat is only available via the zip file download "LQfix.zip".

File Size. LQfix.exe 2.1: 656KB; LQbat: 10KB.

File Type. LQbat: MS-Dos.

Most recent update. LQfix.exe 2.1; 10/22/05; LQbat: 10/12/05.

vs. PokaPoka76.exe. Versions of LQfix prior to 10/22/05 alone can not remove pokapoka76.exe file. It is not clear whether the new version can or not. Previous versions of LQfix can, however, definitely remove PokaPoka76.exe in combination with the Ewido Security Suite's trialware trojan remover. A example Ewido scan report, relating to pokapoka76 removal should read as follows:

[####] C:\WINNT\etb\nt_hide76.dll -> Trojan.EliteBar.a : Cleaned with
backup

[####] C:\WINNT\etb\pokapoka76.exe -> Trojan.EliteBar.a : Cleaned with
backup

*

C:\Documents and Settings\gward\Local Settings\Temp\1246052_2340_2308_1816_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup

C:\Documents and Settings\gward\Local
Settings\Temp\131564_3584_2888_548_76.41.tmp -> Trojan.EliteBar.a : Cleaned
with backup

*

C:\Documents and Settings\gward\Local
Settings\Temp\262588_2208_3968_2508_76.41.tmp -> Trojan.EliteBar.a : Cleaned
with backup

C:\Documents and Settings\gward\Local
Settings\Temp\66126_2832_2504_3884_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup

C: \Documents and Settings\gward\Local
Settings\Temp\66262_2340_2308_3020_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup

*

C:\Documents and Settings\gward\Local Settings\Temp\k_AA09.tmp ->
Trojan.EliteBar.a : Cleaned with backup

Typically, both tools are employed in Safe Mode in order to remove this infection. Ewido is run first, to remove the actual files associated with Trojan.EliteBar.a (PokaPoka76), followed by LQfix, to remove the other files associated with the infection.

Downloads. LQfix.exe can be downloaded from the following locations:

• http://www.downloads.subratam.org/LQfix.exe
• http://miekiemoes.geekstogo.com/tools/LQfix.exe
• http://users.pandora.be/bluepatchy/miekiemoes/tools/LQfix.exe

The last site listed is miekiemoes's own page.

The following example instructions for LQfix.exe (the version prior to 2.1) appear at the Geeks to Go forum:

• Double-Click LQfix.exe and click Next > Next > Install.
• Leave the default settings, if you change them, the fix will Fail!
• You need an active internetconnection, so make sure your you're not blocking any connection now.
• Now make sure the "Launch LQfix" box is checked. Click the Finish button, after clicking the Finish button the fix will start.
• Follow the on-screen prompts.
• Your system will reboot afterwards. Please be patient after the reboot, there is a script running in the background that needs to complete.

The tool must be run in Safe Mode.


LQfix.bat (LQfix.zip) can be downloaded from the following locations:

• http://users.telenet.be/bluepatchy/miekiem...tools/LQfix.zip
• http://www.downloads.subratam.org/LQfix.zip

LQfix.bat is deployed by opening the LQfix folder and clicking on "LQfix.bat".

Other VGS Freeware/Trialware Information Pages:

• Ad-Aware;
• CCleaner;
• CleanUp!;
• Elite Toolbar Remover;
• EliteBarfix.bat;
• Ewido Security Suite;
• HijackThis;
• LQfix;
• Nailfix.exe;
• Pocket KillBox;
• SpyBot S&D;
• SpyWall
  (Captured first place in the 2006 Enterprise Security category of Datamation's Product of the Year awards.).

Also see:

• Is Wikipedia Handing Out Your Browsing Information to Thousands? Who needs malware when there's Wikipedia? (VGS alert)
• EliteBarfix.bat Information Page (October 20, 2005). Yet another new removal tool, sort of.
• PokaPoka.exe + Nothing = YupSearch (October 19, 2005). What do people mean when they say they have "YupSearch" instead of "EliteBar"?
• Elite Toolbar Remover Information Page (October 17, 2005).
• How to Remove PokaPoka. (October 12, 2005) Does your EliteBar variant include PokaPoka.exe?
• EliteBar Removal Tool Updates to 2.0.1. (September 21, 2005) The EliteBar Removal Tool now comes in two flavors and two generations!
• SearchMiracle.EliteBar Then and Now. (September 21, 2005). Hijacks, heroes, updates and links.
• EliteBar Removal Tool Updates to 2.0.0!!!!! (September 15, 2005). Includes expanded list of infections removed by the removal tool.
• More on Variant ADW_ELITEBAR.D. (May 27, 2005). "It is a standard XP with two top-end commercial anti-virus programs. Moreover, one of the anti-virus programs -- Trend Micro's PC-Cillin -- we already know..."
• Diabolical new EliteBar variant Strikes the Web!!!!or the one the EliteBar Removal Tool can't remove (May 22, 2005).
• EliteBar Removal Tool Updates to 1.3.0!!!!! (May 20, 2005). Includes expanded list of infections removed by the removal tool.
• Key File Index (May 18, 2005).
• Adware & Malware Identifier Index (May 9, 2005). "The following is an in-progress index of some of the more common malware toolbars/browser helper objects at large on the Internet."
• HijackThis vs. the Elitebar Removal Tool (April 23, 2005). "While this approach may provide some limited, and temporary, relief, SearchMiracle will soon be back in full force."
• EliteBar Removal Tool Alert: Update V.1.2.2.!!! (April 18, 2005). "The new variants of the malware also completely conceal the presence of the EliteToolbarRemoverV10.exe, so that if you are opening the archive you can only see the readme.doc file that is attached to that and you cannot see the *.exe even if though it is really there!"
• HijackThis vs. SearchMiracle/EliteBar (April 11, 2005).
• How to Remove SearchMiracle/ EliteBar (February 27, 2005).

Labels: Computer Security, Freeware/Trialware