1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

BDE Projector

Discussion in 'Virus & Other Malware Removal' started by Tuppence2, Apr 2, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Tuppence2

    Tuppence2 Thread Starter

    Joined:
    Jun 8, 2003
    Messages:
    6,563
    Hello,

    I've just run Spybot and found BDE Projector key present on my computer. Spybot removed the key.

    On running Regedit and searching for BDE, I came across this key

    HKEY_USERS\S-1-5-21-2025429265-1060284298-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BDEADF00-C265-11d0-BCED-00A0C90AB50F}

    Is it a legitimate one for some other application, or is it the BDE projector key?

    Thanks for any advice you may be able to give.

    Bye,
    Penny. :)
     
  2. ironmaixden

    ironmaixden

    Joined:
    Mar 24, 2004
    Messages:
    46
    This is a free thing offered to view/listen to rich media and stands for brilliant digital url=www.brilliantdigital.com and is spyware.To get rid of,start by uninstalling in the control panel. If you've had this program installed for a while you need to get rid of everything BDE + b3d in regestry and in common files such as documents and settings. and kill in the task mgr.,all bde and programfilesdir+\altnet\download manager\adm.exe. Restart your pc and this should solve the problem. Questions?? feel free to direct email me.
     
  3. Tuppence2

    Tuppence2 Thread Starter

    Joined:
    Jun 8, 2003
    Messages:
    6,563
    Hello ironmaixden,

    Thank you very much for your reply. I will make sure I wipe the nasty thing off my computer. I will certainly email you if I run across problems.

    Best wishes,
    Bye,
    Penny. :)
     
  4. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Hi Pen............if you want to post an HijackThis log we can see what loaded BDE and if anything else needs removing.
    ;)
     
  5. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    The original date on this when i copied it to a MS Word file was 04/03/2002 so there may be a few more reg entires these days....not sure. But even if BDE has added more, this should give you a "good running start" on getting it removed. BDE is installed as part of several P2P downloading programs, so if you use P2P be aware that removing BDE may prevent the program from working.


    Do a file search for bde*.* in your Windows system directory. Search
    and destroy the following:
    c:\Windows\BDE (the folder and everything in it)
    c:\Windows\Temp\Brilliant (the folder and everything in it)
    c:\Windows\SYSTEM\bdedata2.dll
    c:\Windows\SYSTEM\bdedownloader.dll
    c:\Windows\SYSTEM\bdefdi.dll
    c:\Windows\SYSTEM\bdeinsta2.dll
    c:\Windows\SYSTEM\bdeinstall.exe
    c:\Windows\SYSTEM\bdesecureinstall.cab
    c:\Windows\SYSTEM\bdesecureinstall.exe
    c:\Windows\SYSTEM\bdeverify.dll
    c:\Windows\SYSTEM\bdeverify.exe

    Now fire up Regedit and delete the following trails:
    HKEY_CLASSES_ROOT\.b3ds
    HKEY_CLASSES_ROOT\b3ds_auto_file
    HKEY_CLASSES_ROOT\BDESmartInstaller.BDESmartInstaller
    HKEY_CLASSES_ROOT\BDESmartInstaller.BDESmartInstaller.1
    HKEY_CLASSES_ROOT\CLSID\{67925165-C4B6-11D2-B9C6-0000E84F59A6}
    HKEY_CLASSES_ROOT\TypeLib\{82FC7881-AACC-11D2-B9C6-0000E842E40A}
    HKEY_LOCAL_MACHINE\Software\Brilliant Digital Entertainment
    HKEY_LOCAL_MACHINE\Software\Zupdate
    Additionally, the B3D Projector configures itself to update silently at
    system startup. To remove this (yes, not even this is removed at
    uninstall), delete the b3dUpdate value at HKEY_LOCAL_MACHINE\Software
    \Microsoft\Windows\CurrentVersion\Run.

    http://www.geocities.com/Pentagon/Quarters/5077/new/cleankazaa.html



    add this to your host file
    127.0.0.1 www.brilliantdigital.com
    127.0.0.1 desktop.kazaa.com
    127.0.0.1 shop.kazaa.com
    127.0.0.1 www.bonzi.com
     
  6. Tuppence2

    Tuppence2 Thread Starter

    Joined:
    Jun 8, 2003
    Messages:
    6,563
    Hello Steve,

    I will do that, thank you for telling me about it. Will download Hijack and get working on it.

    Bye,
    Penny.

    Hello Nitehawk,

    Thank you very much for the extras. I'll post a Hijack This Log and see if there are any entries left. I see this nasty is listed in my Spybot log as being dealt with. But you never know. I don't use a separate downloader.

    Bye,
    Penny.


     
  7. Tuppence2

    Tuppence2 Thread Starter

    Joined:
    Jun 8, 2003
    Messages:
    6,563
    Hello Steve,

    Here's the log. I use Mozilla but I see that the Log has been taken by IE.

    Logfile of HijackThis v1.97.7
    Scan saved at 19:09:52, on 05/04/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\tcpsvcs.exe
    C:\WINNT\System32\snmp.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\htpatch.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
    C:\Program Files\Desktop Architect\datray.exe
    C:\Program Files\DigiGuide\client01.exe
    C:\Program Files\mozilla.org\Mozilla\mozilla.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://antwrp.gsfc.nasa.gov/apod/astropix.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [HTpatch] C:\WINNT\htpatch.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S
    O4 - Startup: DigiGuide.lnk = C:\Program Files\DigiGuide\client.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_05) -
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.blueyonder.co.uk/html/software/instantsupport/tool/files/MotivePreQual.cab
    O16 - DPF: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_05) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    Thanks,
    Penny.
     
  8. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    Did you set the O6 item (Control Panel) with a security program?
     
  9. Tuppence2

    Tuppence2 Thread Starter

    Joined:
    Jun 8, 2003
    Messages:
    6,563
    Hello Winchester,

    Sorry, I don't even know what the item is. I don't use IE very often, being a Mozilla user. Is there something I should change or delete regarding this entry?

    Thanks,
    Bye,
    Penny.
     
  10. Tuppence2

    Tuppence2 Thread Starter

    Joined:
    Jun 8, 2003
    Messages:
    6,563
    ....I have IE set to "ask" in Zone Alarm.

    Bye
     
  11. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    O6 items indicate Internet Explorer restrictions. It is usually recommended to fix items such as this, unless the user has used a security program to lock their browser settings.

    I'm not sure about Mozilla and whether HJT shows something similar for that browser ... wait until a Mozilla user stops by.
     
  12. Tuppence2

    Tuppence2 Thread Starter

    Joined:
    Jun 8, 2003
    Messages:
    6,563
    Hello,

    Thanks. Will do.

    Bye,
    Penny. :)
     
  13. Tuppence2

    Tuppence2 Thread Starter

    Joined:
    Jun 8, 2003
    Messages:
    6,563
    Hello again,

    Does anyone with Mozilla experience have any more to say on this matter?

    Thanks,
    Penny. :)
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/216863

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice