Anyone know what BiR.exe is?

  • Thread starter Thread starter news.rcn.com
  • Start date Start date
N

news.rcn.com

I started getting a problem with a tick mark continuously being put in the
WORK OFFLINE section of the FILE menu and no internet connection becoming
available with IE6 (and OE) until I removed it. Outlook still seemed to
work

I did all the usual checks with NAV, Spybot, Adaware etc and along the way
the problem MAY have been removed

But I did try something called EAccelerator which I thought reliable because
it features prominently on CNET at the moment and seems to be the flavour of
the month in malware detection software?

It found what it identified as a trojan called bispy contained in this
BiR.exe file which I cant find any evidence of anywhere else also associated
with a normal looking file called voicip.dll. It also found evidence of
trojans called Palspy and Bankfraud in cookies and in my temporary internet
directories in htm files which I dont seem to be able to remove.

The supposed Bispy file itself only seems to feature on Tukish web sites!
(so I deleted it anyway along with the voicIP.dll file: I dont use voice
over IP and I figure that if I ever need it, it will be installed when I
need it)

Anyone know anything about these? Are they real or just methods to get you
to buy their anti-virus software? Or is this just one great piece of
anti-trojan software which I cant live without and protection from which I
am not getting with AdAware, Spybot and NAV?

I suspected that EAccelerator was OK as I found it when I tried to solve the
IE problem after no one at Microsoft knew what was causing the check mark to
appear in its own software's file menu by trying Firefox
 
From: "news.rcn.com" <news.rnc.com>

| I started getting a problem with a tick mark continuously being put in the
| WORK OFFLINE section of the FILE menu and no internet connection becoming
| available with IE6 (and OE) until I removed it. Outlook still seemed to
| work
|
| I did all the usual checks with NAV, Spybot, Adaware etc and along the way
| the problem MAY have been removed
|
| But I did try something called EAccelerator which I thought reliable because
| it features prominently on CNET at the moment and seems to be the flavour of
| the month in malware detection software?
|
| It found what it identified as a trojan called bispy contained in this
| BiR.exe file which I cant find any evidence of anywhere else also associated
| with a normal looking file called voicip.dll. It also found evidence of
| trojans called Palspy and Bankfraud in cookies and in my temporary internet
| directories in htm files which I dont seem to be able to remove.
|
| The supposed Bispy file itself only seems to feature on Tukish web sites!
| (so I deleted it anyway along with the voicIP.dll file: I dont use voice
| over IP and I figure that if I ever need it, it will be installed when I
| need it)
|
| Anyone know anything about these? Are they real or just methods to get you
| to buy their anti-virus software? Or is this just one great piece of
| anti-trojan software which I cant live without and protection from which I
| am not getting with AdAware, Spybot and NAV?
|
| I suspected that EAccelerator was OK as I found it when I tried to solve the
| IE problem after no one at Microsoft knew what was causing the check mark to
| appear in its own software's file menu by trying Firefox
|


Dump the contents of the IE Temporary Internet Folder cache (TIF)

start --> settings --> control panel --> internet options --> delete files

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt486.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) Update Ad-aware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible.
5) Using both the Trend Sysclean utility and Ad-aware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point

* * Please report back your results * *
 
I'll try it:

So you aren't impressed by Stop-Sign finding all these trojans (which I
removed) at all?
 
I'll try it:

So you aren't impressed by Stop-Sign finding all these trojans (which I
removed) at all?
Click to expand...

Stop sign? As in eAccelleration's Stop-Sign.... rotflmao - You got
spyware :)


--

Regards,
Ian Kenefick
Got a virus?
Go to www.ik-cs.com > 'Got a virus?'
 
Stop sign? As in eAccelleration's Stop-Sign.... rotflmao - You got
spyware :)
Click to expand...

I stand corrected...

"While testing indicates that the "threat scanner" is still slow and
has occasional problems with false positives -- in large part because
of the use of heuristics, which cannot be turned off by the user -- we
can no longer classify this application as "rogue/suspect."
Nonetheless, this anti-malware application -- at least in its current
state -- cannot be recommended, given the many excellent competing
anti-virus, anti-trojan, and anti-spyware applications that are
available (some for free)."
--

Regards,
Ian Kenefick
Got a virus?
Go to www.ik-cs.com > 'Got a virus?'
 
* * Please report back your results * *

It ran about six times over an hour or so and on the first or second run
found what it called a virus named trojan websearch C in c:\null (and
deleted it) but didnt find the trojans or virusses reported by Stop-Sign
when they were asking me to buy their product to remove them

AdAware (which I thought I had run fairly recently) found and deleted 89
supposedly critical me-watching (mostly) cookies which it then deleted. But
there WERE quite alot of registry entries put there by e-acceleration! But
there again by the time I followed yuour instructions I had already deleted
the trojan found by E-Accelerator even if I STILL dont necessarily know what
BiR.exe is and if it indeed is associated in some way with what looks like a
harmless voice over IP .dll file in my windows directory.
 
Back
Top