?
Solved

Spyware: BPT.exe, BPCv2.exe, AutoUpdate.exe

Posted on 2005-05-09
8
Medium Priority
?
311 Views
Last Modified: 2013-12-04
I have popups randomly displaying ads. Upon running Norton's Internet Security 2005 scan, the files BPT.exe, BPCv2.exe, AutoUpdate.exe are displayed as spyware, but inspite of deleting them they appear again in the next scan. I also get a popup IE window titled 3-30369Plat0pct9BAP3SP each time I open IE.

Running a HijackThis gives the following log:

<<  HijackThis log removed 5-10-2005 - humeniuk, Page Editor  >>

<<  log file available at www.hijackthis.de/logfiles/3e8afc487538537031647ac9ed52dfd1.html  >>
<<  courtesy of r-k  >>

Any suggestions on what to clean up?
0
Comment
Question by:scptech
  • 5
7 Comments
 
LVL 32

Expert Comment

by:r-k
ID: 13965419
Tip for next time: Please submit the Hijackthis log at: http://www.hijackthis.de/ and post just the link to the analysis. I did this for you, and you can view it at:

http://www.hijackthis.de/logfiles/3e8afc487538537031647ac9ed52dfd1.html

The programs you want to eliminate or disable are:

 bpcv2.exe, Autoupdate.exe, bpt.exe, czwXTp6k.exe, nsvsvc.exe, modsd.exe and possibly ads.exe

There is not enough information here to know how these programs are starting, probably from registry entries. You can still disable and render them harmless by changing their permissions so that no one, not even system or administrator, can access them in any way.

Just right-click on each of these files in Windows Explorer, select Properties -> Sharing then click on Advanced, un-check the box that reads "Inherit from parent...", then click on remove to remove all permissions to access these files. Do this for each file, then reboot and they should no longer be running.

(If you have XP Home Edition then you will fist have to boot in safe mode before you can change the security settings on a file).
0
 
LVL 32

Accepted Solution

by:
r-k earned 1000 total points
ID: 13965493
Also, here is how you can determine where they are starting from, and disable that as well:

Download Autoruns.exe from:

http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml

When you run it, it shows a bunch of things that start automatically. Open the "View" menu and select everything from "Show Appinit Dlls" to "Hide Microsoft Entries",then select Refresh and it will give you a new list of startups.

Examine the list carefully and un-check anything that looks suspicious.

Then exit Autoruns and reboot.

Run Autoruns again and see if the things you unchecked earlier are still unchecked.

Once you're sure everything is normal you can delete the .exe files themselves (after first changing their permission back to give yourself delete permission).
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 13966243

I would suggest you paste your FULL log at

http://www.hijackthis.de/index.php?langselect=english

Click the "Analyze" button.

Scroll down, click Save Analysis.

Post the LINK to that saved analysis here (as r-k suggested above and posted).

Without that there is no one that can help you in detail.

Zee
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:scptech
ID: 13992966
After accepting the answer from r-k I realized that there is still an issue - so I hope you can help.

I started the PC (running Windows XP Prof) in Safe mode and deleted the folder C:\Program Files\bpc_search. To be absolutely sure, I also emptied the Recycle bin.

The folder (and all the files in it) shows up again when I boot up regularly.

Tried this several times, the folder keep coming back from the dead.

Any suggestions would be appreciated.
0
 
LVL 32

Expert Comment

by:r-k
ID: 13993265
Sorry to hear that. It means that there is still something running that re-creates this folder.

First, I would remove all permissions on any file that is known to be bad, using the process outlined above. But don't delete the files. That way they are rendered harmless even though they are still on your disk.

Next, please run Autoruns in the way suggested above. Then, use File -> Save As.. and save its table to a text file and then cut and paste it here.
0
 
LVL 32

Expert Comment

by:r-k
ID: 13993283
I found a link on the net re. this type of adware. There are removal instructions also there. Please see:

 http://sarc.com/avcenter/venc/data/adware.broadcastpc.html

0
 
LVL 32

Expert Comment

by:r-k
ID: 13993297
Also more removal instructions at:

 http://www.doxdesk.com/parasite/BroadcastPC.html

0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

755 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question