malware removal

[Guest]

Hello, I need advice on how to remove a malware item which spyboot cannot
remove. Spyboot spotted a folder called BDE which is in the windows
directory, what I don't know whether the entire folder is malware or only
part of it. Is BDE a windows folder?, what I get with this is a pop up
advertising which after being closed keeps on opening. Please help me on how
to remove this manualy
Thank you for your assistance. I have xp home edition
Elly

 

[Guest]

Hello, I need advice on how to remove a malware item which spyboot cannot
remove. Spyboot spotted a folder called BDE which is in the windows
directory, what I don't know whether the entire folder is malware or only
part of it. Is BDE a windows folder?, what I get with this is a pop up
advertising which after being closed keeps on opening. Please help me on how
to remove this manualy
Thank you for your assistance. I have xp home edition

Hi Elly,
Yes it is Adware folder created to let advertising po-up on your computer,
to remove follow these steps:
Locate the folder in these pathes and Delete:
C:\BDE
C:\Windows\BDE
C:\Windows\System32\BDE
C:\Program Files\BDE

Also open the Local search on your desktp and search for these files/foldrs:
Bdeclean.exe
Bdeclean.glc
b3bupdate

Then Open a run command andtype in:
regedit.exe click [OK]
On the Registry Editor locates these Keys and delete the Entries for the
Adware:
<Quote>//** [be careful in editing the registry, if you done in the wrong
way you will render your OS useless]**//
KEY_CLASSES_ROOT\s3d_auto_file
HKEY_CLASSES_ROOT\.b3dini
HKEY_CLASSES_ROOT\b3d_auto_file
HKEY_CLASSES_ROOT\b3dini_auto_file
HKEY_CLASSES_ROOT\BDEPLAYER.BDEPlayerCtrl
HKEY_CLASSES_ROOT\BDEPLAYER.BDEPlayerCtrl.1
HKEY_ALL_USERS\Software\Brilliant Digital Entertainment
HKEY_CLASSES_ROOT\BDESmartInstaller.BDESmartInstaller
HKEY_CLASSES_ROOT\BDESmartInstaller.BDESmartInstaller.1
HKEY_CLASSES_ROOT\BDESmartInstaller25.BDESmartInstaller25.1
HKEY_CLASSES_ROOT\BDESmartInstaller25.BDESmartInstaller25
HKEY_LOCAL_MACHINE\SOFTWARE\Brilliant Digital Entertainment
HKEY_CLASSES_ROOT\CLSID\{51958169-D5E3-11D1-AA42-0000E842E40A}
HKEY_CLASSES_ROOT\CLSID\{67925165-C4B6-11D2-B9C6-0000E84F59A6}
HKEY_CLASSES_ROOT\Interface\{51958167-D5E3-11D1-AA42-0000E842E40A}
HKEY_CLASSES_ROOT\Interface\{51958168-D5E3-11D1-AA42-0000E842E40A}
HKEY_CLASSES_ROOT\Typelib\{51958166-D5E3-11D1-AA42-0000E842E40A}
HKEY_CLASSES_ROOT\TypeLib\{82FC7881-AACC-11D2-B9C6-0000E842E40A}
HKEY_CLASSES_ROOT\Interface\{67925164-C4B6-11D2-B9C6-0000E84F59A6}
HKEY_CLASSES_ROOT\CLSID\{3EEC42B5-FB94-40D3-A588-BB54B383A7CB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bdeplayer
</Quote>
Also locate this Key:
[-] HKEY_Local machine\Software\Microsoft\Windows\CurrentVersion\Run = look
in the Right pane/window and locate this entry and delet:
"b3bUpdate"
"Bdeclean.exe"
"Bdeclean.lgc"

[-]HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\\CurrentVersion\RunOnce =
"b3bUpdate"
"Bdeclean.exe"
"Bdeclean.lgc"

Close the Registry Editor and then Run a Disk CleanUP and clear your Caches
and Temp files/folders.
Run a scan for Viruses and Malwares again to be sure all clean in some cases
the BDE is a Trojans, Borland Database Engine.
HTH.
Let us know.
Regards,
nass

 

[Curt Christianson]

Hi Elly,

The other alternative is to run HijackThis, available here:
http://downloads.malwareremoval.com/HJTsetup.exe , with instructions here:

http://forum.malwareremoval.com/viewtopic.php?t=16805

--
Curt

http://dundats.mvps.org/
http://www.aumha.org/


|
|
| "elly" wrote:
|
| > Hello, I need advice on how to remove a malware item which spyboot
cannot
| > remove. Spyboot spotted a folder called BDE which is in the windows
| > directory, what I don't know whether the entire folder is malware or
only
| > part of it. Is BDE a windows folder?, what I get with this is a pop up
| > advertising which after being closed keeps on opening. Please help me
on how
| > to remove this manualy
| > Thank you for your assistance. I have xp home edition
| >
|
| Hi Elly,
| Yes it is Adware folder created to let advertising po-up on your computer,
| to remove follow these steps:
| Locate the folder in these pathes and Delete:
| C:\BDE
| C:\Windows\BDE
| C:\Windows\System32\BDE
| C:\Program Files\BDE
|
| Also open the Local search on your desktp and search for these
files/foldrs:
| Bdeclean.exe
| Bdeclean.glc
| b3bupdate
|
| Then Open a run command andtype in:
| regedit.exe click [OK]
| On the Registry Editor locates these Keys and delete the Entries for the
| Adware:
| <Quote>//** [be careful in editing the registry, if you done in the wrong
| way you will render your OS useless]**//
| KEY_CLASSES_ROOT\s3d_auto_file
| HKEY_CLASSES_ROOT\.b3dini
| HKEY_CLASSES_ROOT\b3d_auto_file
| HKEY_CLASSES_ROOT\b3dini_auto_file
| HKEY_CLASSES_ROOT\BDEPLAYER.BDEPlayerCtrl
| HKEY_CLASSES_ROOT\BDEPLAYER.BDEPlayerCtrl.1
| HKEY_ALL_USERS\Software\Brilliant Digital Entertainment
| HKEY_CLASSES_ROOT\BDESmartInstaller.BDESmartInstaller
| HKEY_CLASSES_ROOT\BDESmartInstaller.BDESmartInstaller.1
| HKEY_CLASSES_ROOT\BDESmartInstaller25.BDESmartInstaller25.1
| HKEY_CLASSES_ROOT\BDESmartInstaller25.BDESmartInstaller25
| HKEY_LOCAL_MACHINE\SOFTWARE\Brilliant Digital Entertainment
| HKEY_CLASSES_ROOT\CLSID\{51958169-D5E3-11D1-AA42-0000E842E40A}
| HKEY_CLASSES_ROOT\CLSID\{67925165-C4B6-11D2-B9C6-0000E84F59A6}
| HKEY_CLASSES_ROOT\Interface\{51958167-D5E3-11D1-AA42-0000E842E40A}
| HKEY_CLASSES_ROOT\Interface\{51958168-D5E3-11D1-AA42-0000E842E40A}
| HKEY_CLASSES_ROOT\Typelib\{51958166-D5E3-11D1-AA42-0000E842E40A}
| HKEY_CLASSES_ROOT\TypeLib\{82FC7881-AACC-11D2-B9C6-0000E842E40A}
| HKEY_CLASSES_ROOT\Interface\{67925164-C4B6-11D2-B9C6-0000E84F59A6}
| HKEY_CLASSES_ROOT\CLSID\{3EEC42B5-FB94-40D3-A588-BB54B383A7CB}
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bdeplayer
| </Quote>
| Also locate this Key:
| [-] HKEY_Local machine\Software\Microsoft\Windows\CurrentVersion\Run =
look
| in the Right pane/window and locate this entry and delet:
| "b3bUpdate"
| "Bdeclean.exe"
| "Bdeclean.lgc"
|
| [-]HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\\CurrentVersion\RunOnce =
| "b3bUpdate"
| "Bdeclean.exe"
| "Bdeclean.lgc"
|
| Close the Registry Editor and then Run a Disk CleanUP and clear your
Caches
| and Temp files/folders.
| Run a scan for Viruses and Malwares again to be sure all clean in some
cases
| the BDE is a Trojans, Borland Database Engine.
| HTH.
| Let us know.
| Regards,
| nass
|

 

[Curt Christianson]

Hi Elly,

I neglected to mention after running HJT, *do not allow it to repair
anything*.

Submit your log to either:

http://aumha.net/viewforum.php?f=30 or,
http://forum.malwareremoval.com/viewforum.php?f=11 , and the experts there
can help you out.

--
Curt

http://dundats.mvps.org/
http://www.aumha.org/


| Hi Elly,
|
| The other alternative is to run HijackThis, available here:
| http://downloads.malwareremoval.com/HJTsetup.exe , with instructions
here:
|
| http://forum.malwareremoval.com/viewtopic.php?t=16805
|
| --
| Curt
|
| http://dundats.mvps.org/
| http://www.aumha.org/
|
|
| ||
||
|| "elly" wrote:
||
|| > Hello, I need advice on how to remove a malware item which spyboot
| cannot
|| > remove. Spyboot spotted a folder called BDE which is in the windows
|| > directory, what I don't know whether the entire folder is malware or
| only
|| > part of it. Is BDE a windows folder?, what I get with this is a pop up
|| > advertising which after being closed keeps on opening. Please help me
| on how
|| > to remove this manualy
|| > Thank you for your assistance. I have xp home edition
|| >
||
|| Hi Elly,
|| Yes it is Adware folder created to let advertising po-up on your
computer,
|| to remove follow these steps:
|| Locate the folder in these pathes and Delete:
|| C:\BDE
|| C:\Windows\BDE
|| C:\Windows\System32\BDE
|| C:\Program Files\BDE
||
|| Also open the Local search on your desktp and search for these
| files/foldrs:
|| Bdeclean.exe
|| Bdeclean.glc
|| b3bupdate
||
|| Then Open a run command andtype in:
|| regedit.exe click [OK]
|| On the Registry Editor locates these Keys and delete the Entries for the
|| Adware:
|| <Quote>//** [be careful in editing the registry, if you done in the wrong
|| way you will render your OS useless]**//
|| KEY_CLASSES_ROOT\s3d_auto_file
|| HKEY_CLASSES_ROOT\.b3dini
|| HKEY_CLASSES_ROOT\b3d_auto_file
|| HKEY_CLASSES_ROOT\b3dini_auto_file
|| HKEY_CLASSES_ROOT\BDEPLAYER.BDEPlayerCtrl
|| HKEY_CLASSES_ROOT\BDEPLAYER.BDEPlayerCtrl.1
|| HKEY_ALL_USERS\Software\Brilliant Digital Entertainment
|| HKEY_CLASSES_ROOT\BDESmartInstaller.BDESmartInstaller
|| HKEY_CLASSES_ROOT\BDESmartInstaller.BDESmartInstaller.1
|| HKEY_CLASSES_ROOT\BDESmartInstaller25.BDESmartInstaller25.1
|| HKEY_CLASSES_ROOT\BDESmartInstaller25.BDESmartInstaller25
|| HKEY_LOCAL_MACHINE\SOFTWARE\Brilliant Digital Entertainment
|| HKEY_CLASSES_ROOT\CLSID\{51958169-D5E3-11D1-AA42-0000E842E40A}
|| HKEY_CLASSES_ROOT\CLSID\{67925165-C4B6-11D2-B9C6-0000E84F59A6}
|| HKEY_CLASSES_ROOT\Interface\{51958167-D5E3-11D1-AA42-0000E842E40A}
|| HKEY_CLASSES_ROOT\Interface\{51958168-D5E3-11D1-AA42-0000E842E40A}
|| HKEY_CLASSES_ROOT\Typelib\{51958166-D5E3-11D1-AA42-0000E842E40A}
|| HKEY_CLASSES_ROOT\TypeLib\{82FC7881-AACC-11D2-B9C6-0000E842E40A}
|| HKEY_CLASSES_ROOT\Interface\{67925164-C4B6-11D2-B9C6-0000E84F59A6}
|| HKEY_CLASSES_ROOT\CLSID\{3EEC42B5-FB94-40D3-A588-BB54B383A7CB}
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bdeplayer
|| </Quote>
|| Also locate this Key:
|| [-] HKEY_Local machine\Software\Microsoft\Windows\CurrentVersion\Run =
| look
|| in the Right pane/window and locate this entry and delet:
|| "b3bUpdate"
|| "Bdeclean.exe"
|| "Bdeclean.lgc"
||
|| [-]HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\\CurrentVersion\RunOnce
=
|| "b3bUpdate"
|| "Bdeclean.exe"
|| "Bdeclean.lgc"
||
|| Close the Registry Editor and then Run a Disk CleanUP and clear your
| Caches
|| and Temp files/folders.
|| Run a scan for Viruses and Malwares again to be sure all clean in some
| cases
|| the BDE is a Trojans, Borland Database Engine.
|| HTH.
|| Let us know.
|| Regards,
|| nass
||
|
|