BringStar.exe Malware

Page 1 of 3 123 LastLast

  1. Posts : 159
    Windows 7 - 64 bit
       #1

    BringStar.exe Malware


    Rare occurrence here but I actually had ZoneAlarm Extreme Security pop up a program alert regarding BringStar.exe ZAES popped up and access authorization window for BringStar.exe which was deemed malware and must have been part of what I like to call a "Guerrilla Install" back doored in with some other program. I hadn't installed anything on the date the file folder appeared (01/28/14) so asked my son (pilot) who uses the puter for flight sims if he did (no). The only thing control panel shows being installed same date is nVidia's new GFX drivers and a Backup utility upgrade (FBackup) which I did myself after the message appeared..

    I web search with Yahoo and Google comes up dry. Uninstalled the program from control panel but it resulted in a Error .... still have a program folder with

    C\ProgramFiles(x86)\BringStar\updateBringStar.exe
    C\ProgramFiles(x86)\BringStar\bin\utilBringStar.exe

    The 2nd one still appears in periodic ZAES popups which I have just "Deny"

    There are also 4 registry entries.

    HKEY_CLASSES_ROOT\Interface\{7F729B23-22C4-4C83-9BC8-8B9C59F2A51A - refers to IBringStarBHO

    HKEY_CLASSES_ROOT\TypeLib\{25N975982-A39A-4D49-8B84-5E2443CBd1B}\1.0 - refers to BringStarIEClientLib

    HKEY_CLASSES_ROOT\TypeLib\{25N975982-A39A-4D49-8B84-5E2443CBd1B}\1.0\0\Win32 - refers to file BrinStarbho.dll which no longer exists

    HKEY_CLASSES_ROOT\TypeLib\{25N975982-A39A-4D49-8B84-5E2443CBd1B}\1.0\HELPDIR - refers to file folder C\ProgramFiles(x86)\BringStar\

    Before manually deleting, given the total lack of any web sources on this file, wanted to ask here 1st.
      My Computer


  2. Posts : 1,413
    Windows 7 Home Premium 64Bit
       #2

    Hi there. i suggest you run these

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

    Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
      My Computer


  3. Posts : 159
    Windows 7 - 64 bit
    Thread Starter
       #3

    Both programs took just a few seconds .... used junkware before .... Neither brought up any reference to BrightStar.

    Also not a fan of Junkware Removal Tool as it finds "bad modules" and removes them w/o telling you what they are until after the fact. Also .... don't know which one did it but the process seems to have disabled several of my start up programs.... MSI Afterburner for example .... had 12, now down to 7

    # AdwCleaner v3.018 - Report created 31/01/2014 at 11:58:44
    # Updated 28/01/2014 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : JackN - MAINOFFICEPC
    # Running from : R:\Download\Utilities\AdwCleaner\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\Users\JackN\AppData\Roaming\Mozilla\Firefox\Profiles\pzclvz61.default\searchplugins\zonealarm.xml

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
    Key Found : HKLM\Software\InstallIQ
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16428


    -\\ Mozilla Firefox v26.0 (en-US)

    [ File : C:\Users\JackN\AppData\Roaming\Mozilla\Firefox\Profiles\pzclvz61.default\prefs.js ]


    *************************

    AdwCleaner[R1].txt - [1974 octets] - [31/01/2014 11:58:44]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2034 octets] ##########



    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.0 (01.07.2014:1)
    OS: Windows 7 Professional x64
    Ran by JackN on Fri 01/31/2014 at 12:05:45.30
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 01/31/2014 at 12:10:01.58
    Computer was rebooted
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    I have renamed the BrightStar files with *.dis (disabled) extension till I find out what it is and best way to remove all traces.
    BringStar.exe Malware Attached Files
      My Computer


  4. Posts : 1,413
    Windows 7 Home Premium 64Bit
       #4

    Did you run the delete park of Adwcleaner yeah?

    Il pass on this thread to another member, got alot of stuff to do at the moment mate, i did look into it but i couldn't find much related to the problem, il pop in from time to time and see whats happening, cheers
      My Computer


  5. Posts : 6,458
    x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
       #5

    Is it Bringstar (your thread title) or Brightstar?
    post# 3: Both programs took just a few seconds .... used junkware before .... Neither brought up any reference to BrightStar.

    edit: I see in post 1 - Bringstar folders and BHO
      My Computer


  6. Posts : 6,458
    x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
       #6

    A few questions: Zone Alarm reported it but can't or didn't clean it?
    Does Bringstar show up in Control Panel/Features and Programs list? Can you simply uninstall it?
    Does Bringstar show up in IE manage add-ons? Can it simple be removed?

    I'm confused why Zone Alarm just told you about it, but didn't do it's job.

    Try Malwarebytes, see if it cleans up:
    Download Malwarebytes Anti-Malware Free (click here to download, select the free version)
    "Save as" the install package to your Desktop
    Double click the mbam-setup file on your desktop to install and run Malwarebytes (Mbam)

    Answer YES to all authorization prompts and then follow the Mbam setup prompts.
    Do not make any changes to default settings.
    When the install is finished, verify that only the following two options have checkmarks,
    change to match if necessary.
    [a] Update Malwarebytes’ Anti-Malware
    [a] Launch Malwarebytes’ Anti-Malware

    Make sure that there is NOT a checkmark next to:
    [ ] Enable free trial of Malwarebytes Anti-Malware PRO

    Then click the Finish button.

    Allow Mbam to update, then
    Select Perform Quick Scan from the options on the Scanner tab, then
    Click the Scan button.

    After the scan is complete
    Click on Show Results
    A window displaying any detected malware is shown
    Select all malware (make sure all objects are ticked [a]), then
    Click on Remove Selected

    The Mbam report file pops up in your text editor when Mbam has completed the removal process.

    Select all of the text in the report (Ctrl+A) and paste the text in a new post on this thread.

       Note
    If MBAM encounters a file that is difficult to remove, you are asked to restart the computer.
    The restart is REQUIRED to allow Mbam to complete the removal of the malware.
    Failure to restart means that the malware is still present on your machine.

    You want to restart in Normal mode, not in Safe mode.
      My Computer


  7. Posts : 159
    Windows 7 - 64 bit
    Thread Starter
       #7

    Slartybart said:
    Is it Bringstar (your thread title) or Brightstar?
    post# 3: Both programs took just a few seconds .... used junkware before .... Neither brought up any reference to BrightStar.
    Ooop, sorry .... BringStar

    Slartybart said:

    edit: I see in post 1 - Bringstar folders and BHO
    Yes....

    1. ZAEC detected it
    2. Found it in Programs and uninstalled it, rec'd Error: could not complete uninstall
    3. ZAEC still detected it.
    4. Searched HD and registry for BringStar
    5. Posted what I found in step 4 above here hoping to find someone who had successfully removed.
    6. Ran the two utilities recommended in Post 2
    7. Neither detected it
    8. Files, folders and registry entries still there.
    9. I relabeled extensions of BringStar.exe files to *.dis (disabled)
    10. ZAEC no longer detects but files / registry entries still there.


    Slartybart said:
    A few questions: Zone Alarm reported it but can't or didn't clean it?

    I'm confused why Zone Alarm just told you about it, but didn't do it's job.
    It wasn't a AV popup. From Post # 1

    "ZoneAlarm Extreme Security pop up a program alert regarding BringStar.exe ZAES popped up an access authorization window for BringStar.exe"

    As you are aware, but I'll post for anyone lurking, the features of most AV / Malware programs are three fold.... the 1st is the regular passive scanning for known Viruses / Malware, the second is active scanning for files being opened and the 3rd is program control. There was no "ZAES detected a bad thing" message. There was a "something wants to start BringStar.exe, do you want to let that happen" popup.

    If I don't recognize it, I say no. If I see a program pop up that I didn't install or have no idea what it does, I deem it malware.


    Does Bringstar show up in Control Panel/Features and Programs list? Can you simply uninstall it?
    Does Bringstar show up in IE manage add-ons? Can it simple be removed?
    See Post No. 1 - "Uninstalled the program from control panel but it resulted in a Error.... still have a program folder with....."


    Try Malwarebytes, see if it cleans up:
    I am quite familiar with MalwareBytes, Bit Defender and the like .... have a host of free or trial programs that I use use often to clean up peep's PC's who don't bother to install protection or too cheap to pay $10 a year for one that updates automatically.

    However, as I indicated, I have never had the experience where something that any of them found, I was unable to find any web reference as to where it was, where it came from. Usually don't like to keep trying different programs that do the same thing as they oft leave traces of themselves behind and sometimes have unintended side effects like my missing start up items.



    Devlin1888 said:
    Did you run the delete park of Adwcleaner yeah?

    Il pass on this thread to another member, got alot of stuff to do at the moment mate, i did look into it but i couldn't find much related to the problem, il pop in from time to time and see whats happening, cheers
    There was nothing I wanted to Delete.

    -Under "Files", there is a ZoneAlarm listing
    -There's 14 registry references but no indication as to what they are or why i should be concerned about them
    -Firefox tab lists reference to my *.js file
    Last edited by JackNaylorPE; 31 Jan 2014 at 14:59.
      My Computer


  8. Posts : 6,458
    x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
       #8

    Got it, I wasn't sure which program you uninstalled in post 1.

    The registry entries all seem related to IE - check the add-ons and remove anything Bringstar. Go through all of the types and options in the drop down box (currently loaded, run without permission....)
      My Computer


  9. Posts : 6,458
    x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
       #9

    Since there's relatively little information on the web (except for your post on Zone Alarm... funny thing, someone answered your post there and pointed to your post here as a possible solution) and you've already tried to properly uninstall it - you might as well just delete the Bringstar folders.

    Do you have cCleaner installed?
      My Computer


  10. Posts : 6,458
    x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
       #10

    Thanks for clarifying.
    Different malware scanners do have different strenghths and the full regiment compliments each one. I've run through 9 or 10 scanners and each one finds different things it deems bad.

    It's your choice to install and run anythng suggested. I'm not sure I can offer anything other than "use this" or "use that" - as you said, there's no information available to work on.

    See if the IE suggestions clear up the registry for you. Other than that, I'm out of ideas.

    Bill
      My Computer


 
Page 1 of 3 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 23:57.
Find Us