1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AI Project Updater: Insatlling...

Discussion in 'Windows - Virus and spyware problems' started by Stupot1, Apr 30, 2011.

  1. Stupot1

    Stupot1 Member

    Joined:
    Jan 19, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    Hi

    I have a feeling that my system may be infected with a virus or malware.

    Everytime i start my system up, i have a pop up that starts called "AI Project Updater:Installing...". I have no idea what it is related to, but it comes up every time i boot it. It remains there for about 10 minutes, and then disappers.

    I cannot close it, etc, but have a feeling it isnt supposed to be there!

    I ran Malwarebytes, ad-aware and virus scan, but it still keeps coming back.

    Any ideas would be very welcome..

    Thanks in advance!

    bradders
     
  2. attar

    attar Senior member

    Joined:
    Jun 17, 2005
    Messages:
    11,512
    Likes Received:
    29
    Trophy Points:
    128
    Run msconfig to see if it's listed and see if it gives any information, then Google it.
     
  3. Stupot1

    Stupot1 Member

    Joined:
    Jan 19, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    I ran the config, but nothing is listed under any of the tabs.

    Yesterday, i ran my Malwarebytes again, and it found a few infected files which i have removed since. Virus scanner shows nothing still.

    When i booted up this morning, the AI Project updater came on again ....


    When i open a new tab in Internet Explorer, i get ad popups such as
    http://media.mynewswheel.com/dsnrestate.html

    I have a feeling its virus/malware related .. any other scanners i could use?

    Sorry i cant give anymore information!
     
  4. attar

    attar Senior member

    Joined:
    Jun 17, 2005
    Messages:
    11,512
    Likes Received:
    29
    Trophy Points:
    128
    Do you have a Restore Point that predates this problem.
     
  5. Stupot1

    Stupot1 Member

    Joined:
    Jan 19, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    After looking on the web yesterday, I turned off my restore point, but yes, it would predate the problem. At the moment, my restore point is not enabled.

    Bradders
     
  6. attar

    attar Senior member

    Joined:
    Jun 17, 2005
    Messages:
    11,512
    Likes Received:
    29
    Trophy Points:
    128
    No restore point and scanning doesn't show anything.
    Hijackthis might show what's causing it - but interpreting the results is kind of technical.
    You can run it and post the log here and someone might be able to help.

    In the meantime you might want to post at the Videohelp site and ask for assistance.

    http://forum.videohelp.com/forums/37-Computer
     
  7. Stupot1

    Stupot1 Member

    Joined:
    Jan 19, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    I have run a new Malware scan and the log is below. There were some infected files, and everytime i run Malwarebytes, there are always infected files now ...

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6482

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    01/05/2011 11:19:32
    mbam-log-2011-05-01 (11-19-32).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 237048
    Time elapsed: 49 minute(s), 26 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 5
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    c:\WINDOWS\system32\fjlfixbubud.dll (Trojan.Agent) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{07588A81-6C32-116A-1F8F-8685EA777F4D} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07588A81-6C32-116A-1F8F-8685EA777F4D} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07588A81-6C32-116A-1F8F-8685EA777F4D} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07588A81-6C32-116A-1F8F-8685EA777F4D} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aujpvdjfnkv (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jhvouvxmeuhl (Trojan.Agent) -> Value: jhvouvxmeuhl -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\Stuart\local settings\Temp\drivers_pack_v4.55.63_fix.exe (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\drivers_pack_v4.55.63_fix.exe (Adware.Agent) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\fjlfixbubud.dll (Trojan.Agent) -> Quarantined and deleted successfully.
     
  8. Stupot1

    Stupot1 Member

    Joined:
    Jan 19, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    Here is the log file from the Hijakthis scan:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 15:17:59, on 01/05/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ZoomingHook.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\TCtrlIOHook.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Web Components\messenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\GTCO CalComp InterWrite\IWStarter.exe
    C:\Documents and Settings\sbradley\Local Settings\Temp\Password .exe
    C:\Program Files\SMART Board Software\SMARTBoardTools.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\SMART Board Software\Aware.exe
    C:\Program Files\SMART Board Software\Marker.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\SMART Board Software\SMARTBoardService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit0.dll
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
    O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
    O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit0.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit0.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
    O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [messenger.exe] C:\Program Files\Common Files\Microsoft Shared\Web Components\messenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: InterWrite Starter.lnk = ?
    O4 - Global Startup: Password .lnk = C:\Documents and Settings\sbradley\Local Settings\Temp\Password .exe
    O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Board Software\SMARTBoardTools.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279103420687
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1B987F89-9FA1-41A2-B966-9E3884135D18}: NameServer = 62.171.194.104,62.171.194.105
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

    --
    End of file - 9174 bytes
     
  9. attar

    attar Senior member

    Joined:
    Jun 17, 2005
    Messages:
    11,512
    Likes Received:
    29
    Trophy Points:
    128
  10. Stupot1

    Stupot1 Member

    Joined:
    Jan 19, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    Hi

    Posted on the forums you mentioned, but no joy yet.

    Just thought i would add a little more detail. I keep running the malwarebytes scan, and it keeps coming up with the same files, even though it tells me it has removed them. The last log i di is posted below:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6490

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    02/05/2011 10:26:37
    mbam-log-2011-05-02 (10-26-37).txt

    Scan type: Full scan (C:\|F:\|)
    Objects scanned: 238789
    Time elapsed: 50 minute(s), 23 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jhvouvxmeuhl (Trojan.Agent) -> Value: jhvouvxmeuhl -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\Stuart\local settings\Temp\drivers_pack_v4.55.63_fix.exe (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\drivers_pack_v4.55.63_fix.exe (Adware.Agent) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\fjlfixbubud.dll (Trojan.Agent) -> Delete on reboot.


    The four files it found were found in the previous scan as well. Not sure if that helps any, but thought i would mention it.

    cheers
     
  11. species235

    species235 Member

    Joined:
    May 4, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    11
    I have the same problem with the same infected files. My anti-virus and malwarebytes says they quarantined and removed it already but everytime I scan its still there. And this annoying AI PROJECT UPDATE keeps on popping out when I turn on my laptop. I think its a new breed of malware of some sort.

    We definitely need help!
     
  12. vadeo

    vadeo Member

    Joined:
    May 5, 2011
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    I have the same problem with the same infected files.

    We definitely need help!
     
    Last edited: May 5, 2011
  13. vadeo

    vadeo Member

    Joined:
    May 5, 2011
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    Im having the same problem... I dont want to see this same old AI project Updater popping up again, I need your help guys, Please this is really killing me HELP !!!!!
     
  14. Stupot1

    Stupot1 Member

    Joined:
    Jan 19, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    Hi,

    Just an update..

    Still no joy removing what ever it is .. Computer now occasionally starts up, boots as normal, then shows a blue screen and restarts itself... a repetative cycal. It doenst however do this all the time, just sometimes...

    Really stuck guys!

    Anyone else had any joy?
     
  15. attar

    attar Senior member

    Joined:
    Jun 17, 2005
    Messages:
    11,512
    Likes Received:
    29
    Trophy Points:
    128
  16. freddy29

    freddy29 Member

    Joined:
    May 10, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    11
    me to any know yet, been trying to delete it now for over 8 weeks, it think it came down with a key gen, but not 100% sure, anyone help?
     
  17. millerra

    millerra Member

    Joined:
    Nov 24, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    11
  18. millerra

    millerra Member

    Joined:
    Nov 24, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    11
    It was still there, so I used Task manager to find it and removed with Unlocker(great tool, free download) look here: C:\Program Files\Common Files\microsoft shared\Web Components\messenger(?).
    All the really great minds here, but I found this despite them.
     
  19. cmdmss

    cmdmss Member

    Joined:
    May 23, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    11
    Help! I'm also with this sittuation! I open the msconfig and dissable all related with messenger.exe... it was in the same path as the friend above said! I already run my antivirus, it's got something but the problem still persisting!

    I also see regedit and delete all related with messenger.exe... but nothing!

    Please, any tips? Thanks...
     
  20. neenzz

    neenzz Member

    Joined:
    Jun 1, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    11
    I am having this issue as well. Has anyone figured out how to resolve this issue? I run my Malware and i delete thei nfected files. Also My microsoft security essentials does not work either. I tried to keep enabling it but it doesnt allow me. Please help!! I am about to throw my laptop out of the window
     

Share This Page