BDE Projector

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Tuppence2

Thread Starter
Joined
Jun 8, 2003
Messages
6,563
Hello,

I've just run Spybot and found BDE Projector key present on my computer. Spybot removed the key.

On running Regedit and searching for BDE, I came across this key

HKEY_USERS\S-1-5-21-2025429265-1060284298-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BDEADF00-C265-11d0-BCED-00A0C90AB50F}

Is it a legitimate one for some other application, or is it the BDE projector key?

Thanks for any advice you may be able to give.

Bye,
Penny. :)
 
Joined
Mar 24, 2004
Messages
46
This is a free thing offered to view/listen to rich media and stands for brilliant digital url=www.brilliantdigital.com and is spyware.To get rid of,start by uninstalling in the control panel. If you've had this program installed for a while you need to get rid of everything BDE + b3d in regestry and in common files such as documents and settings. and kill in the task mgr.,all bde and programfilesdir+\altnet\download manager\adm.exe. Restart your pc and this should solve the problem. Questions?? feel free to direct email me.
 

Tuppence2

Thread Starter
Joined
Jun 8, 2003
Messages
6,563
Hello ironmaixden,

Thank you very much for your reply. I will make sure I wipe the nasty thing off my computer. I will certainly email you if I run across problems.

Best wishes,
Bye,
Penny. :)
 
Joined
Oct 9, 2001
Messages
9,396
Hi Pen............if you want to post an HijackThis log we can see what loaded BDE and if anything else needs removing.
;)
 
Joined
Mar 9, 2003
Messages
4,699
The original date on this when i copied it to a MS Word file was 04/03/2002 so there may be a few more reg entires these days....not sure. But even if BDE has added more, this should give you a "good running start" on getting it removed. BDE is installed as part of several P2P downloading programs, so if you use P2P be aware that removing BDE may prevent the program from working.


Do a file search for bde*.* in your Windows system directory. Search
and destroy the following:
c:\Windows\BDE (the folder and everything in it)
c:\Windows\Temp\Brilliant (the folder and everything in it)
c:\Windows\SYSTEM\bdedata2.dll
c:\Windows\SYSTEM\bdedownloader.dll
c:\Windows\SYSTEM\bdefdi.dll
c:\Windows\SYSTEM\bdeinsta2.dll
c:\Windows\SYSTEM\bdeinstall.exe
c:\Windows\SYSTEM\bdesecureinstall.cab
c:\Windows\SYSTEM\bdesecureinstall.exe
c:\Windows\SYSTEM\bdeverify.dll
c:\Windows\SYSTEM\bdeverify.exe

Now fire up Regedit and delete the following trails:
HKEY_CLASSES_ROOT\.b3ds
HKEY_CLASSES_ROOT\b3ds_auto_file
HKEY_CLASSES_ROOT\BDESmartInstaller.BDESmartInstaller
HKEY_CLASSES_ROOT\BDESmartInstaller.BDESmartInstaller.1
HKEY_CLASSES_ROOT\CLSID\{67925165-C4B6-11D2-B9C6-0000E84F59A6}
HKEY_CLASSES_ROOT\TypeLib\{82FC7881-AACC-11D2-B9C6-0000E842E40A}
HKEY_LOCAL_MACHINE\Software\Brilliant Digital Entertainment
HKEY_LOCAL_MACHINE\Software\Zupdate
Additionally, the B3D Projector configures itself to update silently at
system startup. To remove this (yes, not even this is removed at
uninstall), delete the b3dUpdate value at HKEY_LOCAL_MACHINE\Software
\Microsoft\Windows\CurrentVersion\Run.

http://www.geocities.com/Pentagon/Quarters/5077/new/cleankazaa.html



add this to your host file
127.0.0.1 www.brilliantdigital.com
127.0.0.1 desktop.kazaa.com
127.0.0.1 shop.kazaa.com
127.0.0.1 www.bonzi.com
 

Tuppence2

Thread Starter
Joined
Jun 8, 2003
Messages
6,563
Hello Steve,

I will do that, thank you for telling me about it. Will download Hijack and get working on it.

Bye,
Penny.

Hello Nitehawk,

Thank you very much for the extras. I'll post a Hijack This Log and see if there are any entries left. I see this nasty is listed in my Spybot log as being dealt with. But you never know. I don't use a separate downloader.

Bye,
Penny.


NiteHawk said:
The original date on this when i copied it to a MS Word file was 04/03/2002 so there may be a few more reg entires these days....not sure. But even if BDE has added more, this should give you a "good running start" on getting it removed. BDE is installed as part of several P2P downloading programs, so if you use P2P be aware that removing BDE may prevent the program from working.


Do a file search for bde*.* in your Windows system directory. Search
and destroy the following:
c:\Windows\BDE (the folder and everything in it)
c:\Windows\Temp\Brilliant (the folder and everything in it)
c:\Windows\SYSTEM\bdedata2.dll
c:\Windows\SYSTEM\bdedownloader.dll
c:\Windows\SYSTEM\bdefdi.dll
c:\Windows\SYSTEM\bdeinsta2.dll
c:\Windows\SYSTEM\bdeinstall.exe
c:\Windows\SYSTEM\bdesecureinstall.cab
c:\Windows\SYSTEM\bdesecureinstall.exe
c:\Windows\SYSTEM\bdeverify.dll
c:\Windows\SYSTEM\bdeverify.exe

Now fire up Regedit and delete the following trails:
HKEY_CLASSES_ROOT\.b3ds
HKEY_CLASSES_ROOT\b3ds_auto_file
HKEY_CLASSES_ROOT\BDESmartInstaller.BDESmartInstaller
HKEY_CLASSES_ROOT\BDESmartInstaller.BDESmartInstaller.1
HKEY_CLASSES_ROOT\CLSID\{67925165-C4B6-11D2-B9C6-0000E84F59A6}
HKEY_CLASSES_ROOT\TypeLib\{82FC7881-AACC-11D2-B9C6-0000E842E40A}
HKEY_LOCAL_MACHINE\Software\Brilliant Digital Entertainment
HKEY_LOCAL_MACHINE\Software\Zupdate
Additionally, the B3D Projector configures itself to update silently at
system startup. To remove this (yes, not even this is removed at
uninstall), delete the b3dUpdate value at HKEY_LOCAL_MACHINE\Software
\Microsoft\Windows\CurrentVersion\Run.

http://www.geocities.com/Pentagon/Quarters/5077/new/cleankazaa.html



add this to your host file
127.0.0.1 www.brilliantdigital.com
127.0.0.1 desktop.kazaa.com
127.0.0.1 shop.kazaa.com
127.0.0.1 www.bonzi.com
 

Tuppence2

Thread Starter
Joined
Jun 8, 2003
Messages
6,563
Hello Steve,

Here's the log. I use Mozilla but I see that the Log has been taken by IE.

Logfile of HijackThis v1.97.7
Scan saved at 19:09:52, on 05/04/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\htpatch.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\Desktop Architect\datray.exe
C:\Program Files\DigiGuide\client01.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://antwrp.gsfc.nasa.gov/apod/astropix.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINNT\htpatch.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S
O4 - Startup: DigiGuide.lnk = C:\Program Files\DigiGuide\client.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_05) -
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.blueyonder.co.uk/html/software/instantsupport/tool/files/MotivePreQual.cab
O16 - DPF: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_05) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Thanks,
Penny.
 

Tuppence2

Thread Starter
Joined
Jun 8, 2003
Messages
6,563
Hello Winchester,

Sorry, I don't even know what the item is. I don't use IE very often, being a Mozilla user. Is there something I should change or delete regarding this entry?

Thanks,
Bye,
Penny.
 
Joined
Aug 18, 2003
Messages
2,438
O6 items indicate Internet Explorer restrictions. It is usually recommended to fix items such as this, unless the user has used a security program to lock their browser settings.

I'm not sure about Mozilla and whether HJT shows something similar for that browser ... wait until a Mozilla user stops by.
 

Tuppence2

Thread Starter
Joined
Jun 8, 2003
Messages
6,563
Hello again,

Does anyone with Mozilla experience have any more to say on this matter?

Thanks,
Penny. :)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top