microsoft XP startup programs

C

cerberus

Guest
value name "lite slow flaw proxy"
in HKLMN/microsoft/windows/current version/run

C:\ Documents and Settings\All Users\Application Data\birdchicliteslow\DUPEATOM.exe
------------------------------------------
value "tick five" in HKCU/microsoft/windows/current version/run

C:\ DOCUME~1\Tom\APPLIC~1\GREYLI~1\BarbHoleBold.exe
------------------------------------------------

what are they?
Are they aprt of XP?

Edited by ClubMan to remove extraneous .
 
Judging by the folder names in which the executable files are stored they are not part of XP itself. The names used would immediately make me suspicious but I can't find much information about them on Google. Have you scanned your PC with a few ?
 
club

yes with adaware and spybot and AVG anti virus
searches in microsoft and google don't show up anything either so I am completly stuck
 
Re: club

I get [broken link removed] on DupeAtom which suggests that it's some sort of parasite. Can't get anything useful on BarbHoleBold or variants on that theme.
 
Re: club

thx club bit that dupadam but as my name is tom then maybe that relevant
 
..

I think cerberus is posting from his mobile phone again.

The barb exe was located in the TOM users application data in his original post. Cerberus, I think you'll have to think a bit broader then that if youre assuming that you wont be affected by it.
I also wouldnt just trust spybot and adaware so try the yahoo and MS products as well.
The names alone of those 2 exes look dodgy, Id be convinced theyre adware until Id exhausted 4-5 different antispyware products.
 
Re: club

Clubman, my name is not Tom.
(and Tom - any sign of Micheál Martin at the gates of Hell yet? )

Any advice on how to get rid of this annoying little bit of malware?



I’ve run Ad-Aware 1.05 and it picks up on it OK, but even after it deletes the registry keys the little bugger is still there on reboot!

There’s nothing visible in the Startup folder, and I can’t see any obvious new 'dodgy' folders in the Program files, either. Their EULA link points to www.ysbweb.com/terms.html, but that only tells you how to uninstall it afterwards rolleyes ?)And it looks like it comes bundled with all sorts of other crappy spyware that I really don’t want..!

Any tips? Cheers...

[Edit: P.S. car, our posts crossed! There's nothing in my Application data folders either. D'you reckon I should try Spybot or some other anti-ad/spyware application?
P.P.S Ooops! Just found Ondrej Brablc's website ('though, curiously, it didn't show up the other day when I googled "SiteBar"...?) - and the associated forums. Ah, those cunning Czechs...! Surely, they shall inherit the p2p earth... ]
 
Re: club

I’ve run Ad-Aware 1.05 and it picks up on it OK, but even after it deletes the registry keys the little bugger is still there on reboot!

If you're comfortable with using regedit you could check your registry for Run/RunOnce/RunOnceEx entries that might be causing this to persist and delete those that look suspicious? Backup the relevant keys/values before deleting anything.
 
Re: club

Cheers, Clubman, I'll try that. No Regedit expert, but what the hell, it's only the work confluther... they can rebuild me. They have the technology...

If you don't hear from me for a few days, you'll know what's happened! :eek
 
Re: club

To cut a long story short, this says 'AVG' sorted the sitebar trojan.
 
The spyware that would not die...

This post will be deleted if not edited immediately H, this thing is persistent!

Adaware couldn't get rid of it. Spybot doesn’t even see it. AVG sees it but says it’s OK. Norman our networked AV system) doesn’t pick up on it at all.

Deleted C: \WINDOWS\system32\ysbinstall_1002648_3.exe and emptied the recycle bin.

Searched the registry for ‘ysbinstall’ and deleted the relevant entries from the MUIcache and CurrentVersion\Run folders - nothing in the RunOnce and RunOnceEx folders but the default (value not set) keys. Searched for ‘sitebar’ and ‘ist’; nothing there except other things that happened to have the letters ‘ist’ in them.

Ran Adaware SE again. And AVG. Rebooted.

…Guess what? :eek
 
Re: The spyware that would not die...

God bless you, FatherD!

I didn't have AdStatus and there was no 'ide21201.exe' in the system32 folder, but there was a 'test.exe' with a file creation date that coincided with when I started getting the ShiteBar problem.

Cheers for that...
 
You must log in or register to reply here.
Menu
Log in
Register