Tb_ani~1.exe

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Warped

Thread Starter
Joined
Oct 16, 2003
Messages
3
Hello, All;

I am new to this group, and of course, joined with the intent of asking a question. So, here it is.

I have PC's on my network that are starting to get an error message indicating that the above file (or one of its components) cannot be found. From some searching I did through Google, I was able to determine that this might be virus related, but nothing concrete. Does anyone have any info on this, including resolutions? Any help is appreciated.

Thanks.
 
Joined
Sep 16, 2003
Messages
594
Hi

Havent seen this virus/file before.
Has anything gone "funny" on your pc?

Do a search on your pc for the file. Where is it located? Is it under a normal system file?

Things to try:

1. Have your pc scanned free online: http://housecall.trendmicro.com/

2. Download Spybot from www.downloads.com

3. Download Hijackthis from...? somewhere and post a log here....someone will know if any bad shows!


Good luck

Pileyrei
 
Joined
Feb 19, 2003
Messages
8,812
It's accociated with some animated cursor programs that contain spyware. Spyware are programs installed unknowingly on the PC in order to allow spying on the habits of the user. We can remove the spyware, but you need to download and run HijackThis from http://www.lurkhere.com/~nicefiles/ on one machine at a time and post the log results.. From there we can inform you what to remove..
 
Joined
Oct 9, 2001
Messages
9,396
"Tutorial bridge" is the programs name but as root says,its definately spyware.......we have seen a few instances and none of the posters had installed it,so posting a H/T log is a good idea.
Read the instructions for H/T before posting and post it in the security forum.
;)
 

Warped

Thread Starter
Joined
Oct 16, 2003
Messages
3
Unfortunately, my companies policies, and HIPPA guidelines, prohibit me from posting the logs here.:mad: Do you think that editing the registry would suffice?
 
Joined
Oct 9, 2001
Messages
9,396
Difficult to advise as there are so many things that can be seen with HijackThis that you could not possibly find with anything else.
But the file itself should be easy to find and delete.
But if you click on the "here" link at the bottom of my post you will find programs that will help.

;)
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Originally posted by Warped:
Unfortunately, my companies policies, and HIPPA guidelines, prohibit me from posting the logs here.:mad: Do you think that editing the registry would suffice?
Well in that case, your company should examine it's policies carefully and you should have your company's computer technical support look at all the computers straight away,

In every case that I have seen that file recently, there has been at least one trojan that has the potential to leak confidential information.

If your company is so concerned with privacy & security, then it should be impossible for these parasites or trojans to be installed on the comapany's systems.

The ONLY way that spyware/trojans or viruses get installed on the computer is either due to lax & incorrectly set security settings or by allowing users to install applications or programs them selves.

If your company's policies are as strict as you make them out to be then you should be prohibited from installing any software yourself which would include automatic cleaning programs such as those in $teve's signature.
 

Warped

Thread Starter
Joined
Oct 16, 2003
Messages
3
Thanks for your reply, dvk01. I do appreciate the comments. However, I think that you have misunderstood my situation a little. I am part of my companies computer technical support, albeit the most junior member.

I would most readily agree that my companies security practices are obviously not what they should be, or we would not be having the issues we are. However, that is no excuse for me to go along breaking those guidelines myself. Furthermore, I do not feel this is the place to discuss this, nor was that the reason for my posting here. I thought that this would be a good place to gain information regarding what I was potentially up against, as well as some recommendations from my peers as to what I might do to address the issue. I also do not appreciate your tone in the statement, "If your company's policies are as strict as you make them out to be...". Are you daft? Do you think that i have nothing better to do than post at tech sites asking questions and then provide no answer like some sort of tease? Get over yourself.

I do appreciate everyone else's attempt to help rather than critique. I was able to at least edit the register and remove the entries that I found, which I followed up with Stinger. Everything seems to be fine, but again, if anyone has any information regarding this 'bug', please let me know.
 
Joined
Oct 9, 2001
Messages
9,396
Your welcome...............Any time.
Actually Derek pm`d me Asking whether I thought he`d been too Hard on you..................And I said no:D
Those of us at T.S.G know some peoples definition of "Tech support" is a little diferent than our own.
This is indeed the best place for T/S on the net and like I said,your very welcome to glean as much as you like here.

Good luck;)
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
There is absolutely no way anyone can advise you on what to fix if we don't know the problem.

As I said earlier this TB-ani file has been seen in every case with known trojan files so without looking at a log of the system we can't determine whether "editing the registry" and just removing tbani references willl cure the problem , I personally doubt it, because with these trojans there are other start ups and entries not by the same name.

Also with many of these parasites just removing the registry start up entry without removing ALL files associated with it will not solve the problem, a user can & most likely will click on it's exe file and run it manually. The .exe file most probablu=y is called by a totally different name to the registry start up entry for tb-ani
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top