Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: BringStar.exe Malware


30 Jan 2014   #1

Windows 7 - 64 bit
 
 
BringStar.exe Malware

Rare occurrence here but I actually had ZoneAlarm Extreme Security pop up a program alert regarding BringStar.exe ZAES popped up and access authorization window for BringStar.exe which was deemed malware and must have been part of what I like to call a "Guerrilla Install" back doored in with some other program. I hadn't installed anything on the date the file folder appeared (01/28/14) so asked my son (pilot) who uses the puter for flight sims if he did (no). The only thing control panel shows being installed same date is nVidia's new GFX drivers and a Backup utility upgrade (FBackup) which I did myself after the message appeared..

I web search with Yahoo and Google comes up dry. Uninstalled the program from control panel but it resulted in a Error .... still have a program folder with

C\ProgramFiles(x86)\BringStar\updateBringStar.exe
C\ProgramFiles(x86)\BringStar\bin\utilBringStar.exe

The 2nd one still appears in periodic ZAES popups which I have just "Deny"

There are also 4 registry entries.

HKEY_CLASSES_ROOT\Interface\{7F729B23-22C4-4C83-9BC8-8B9C59F2A51A - refers to IBringStarBHO

HKEY_CLASSES_ROOT\TypeLib\{25N975982-A39A-4D49-8B84-5E2443CBd1B}\1.0 - refers to BringStarIEClientLib

HKEY_CLASSES_ROOT\TypeLib\{25N975982-A39A-4D49-8B84-5E2443CBd1B}\1.0\0\Win32 - refers to file BrinStarbho.dll which no longer exists

HKEY_CLASSES_ROOT\TypeLib\{25N975982-A39A-4D49-8B84-5E2443CBd1B}\1.0\HELPDIR - refers to file folder C\ProgramFiles(x86)\BringStar\

Before manually deleting, given the total lack of any web sources on this file, wanted to ask here 1st.

My System SpecsSystem Spec
.

30 Jan 2014   #2

Windows 7 Home Premium 64Bit
 
 

Hi there. i suggest you run these

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
My System SpecsSystem Spec
31 Jan 2014   #3

Windows 7 - 64 bit
 
 

Both programs took just a few seconds .... used junkware before .... Neither brought up any reference to BrightStar.

Also not a fan of Junkware Removal Tool as it finds "bad modules" and removes them w/o telling you what they are until after the fact. Also .... don't know which one did it but the process seems to have disabled several of my start up programs.... MSI Afterburner for example .... had 12, now down to 7

# AdwCleaner v3.018 - Report created 31/01/2014 at 11:58:44
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : JackN - MAINOFFICEPC
# Running from : R:\Download\Utilities\AdwCleaner\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\JackN\AppData\Roaming\Mozilla\Firefox\Profiles\pzclvz61.default\searchplugins\zonealarm.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\JackN\AppData\Roaming\Mozilla\Firefox\Profiles\pzclvz61.default\prefs.js ]


*************************

AdwCleaner[R1].txt - [1974 octets] - [31/01/2014 11:58:44]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2034 octets] ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by JackN on Fri 01/31/2014 at 12:05:45.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/31/2014 at 12:10:01.58
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


I have renamed the BrightStar files with *.dis (disabled) extension till I find out what it is and best way to remove all traces.


Attached Files
File Type: txt AdwCleanerReport.txt (2.1 KB, 1 views)
File Type: txt JRT.txt (656 Bytes, 0 views)
My System SpecsSystem Spec
.


31 Jan 2014   #4

Windows 7 Home Premium 64Bit
 
 

Did you run the delete park of Adwcleaner yeah?

Il pass on this thread to another member, got alot of stuff to do at the moment mate, i did look into it but i couldn't find much related to the problem, il pop in from time to time and see whats happening, cheers
My System SpecsSystem Spec
31 Jan 2014   #5

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Is it Bringstar (your thread title) or Brightstar?
post# 3: Both programs took just a few seconds .... used junkware before .... Neither brought up any reference to BrightStar.

edit: I see in post 1 - Bringstar folders and BHO
My System SpecsSystem Spec
31 Jan 2014   #6

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

A few questions: Zone Alarm reported it but can't or didn't clean it?
Does Bringstar show up in Control Panel/Features and Programs list? Can you simply uninstall it?
Does Bringstar show up in IE manage add-ons? Can it simple be removed?

I'm confused why Zone Alarm just told you about it, but didn't do it's job.

Try Malwarebytes, see if it cleans up:
Download Malwarebytes Anti-Malware Free (click here to download, select the free version)
"Save as" the install package to your Desktop
Double click the mbam-setup file on your desktop to install and run Malwarebytes (Mbam)

Answer YES to all authorization prompts and then follow the Mbam setup prompts.
Do not make any changes to default settings.
When the install is finished, verify that only the following two options have checkmarks,
change to match if necessary.
[a] Update Malwarebytes’ Anti-Malware
[a] Launch Malwarebytes’ Anti-Malware

Make sure that there is NOT a checkmark next to:
[ ] Enable free trial of Malwarebytes Anti-Malware PRO

Then click the Finish button.

Allow Mbam to update, then
Select Perform Quick Scan from the options on the Scanner tab, then
Click the Scan button.

After the scan is complete
Click on Show Results
A window displaying any detected malware is shown
Select all malware (make sure all objects are ticked [a]), then
Click on Remove Selected

The Mbam report file pops up in your text editor when Mbam has completed the removal process.

Select all of the text in the report (Ctrl+A) and paste the text in a new post on this thread.

Note   Note
If MBAM encounters a file that is difficult to remove, you are asked to restart the computer.
The restart is REQUIRED to allow Mbam to complete the removal of the malware.
Failure to restart means that the malware is still present on your machine.

You want to restart in Normal mode, not in Safe mode.
My System SpecsSystem Spec
31 Jan 2014   #7

Windows 7 - 64 bit
 
 

Quote   Quote: Originally Posted by Slartybart View Post
Is it Bringstar (your thread title) or Brightstar?
post# 3: Both programs took just a few seconds .... used junkware before .... Neither brought up any reference to BrightStar.
Ooop, sorry .... BringStar

Quote   Quote: Originally Posted by Slartybart View Post

edit: I see in post 1 - Bringstar folders and BHO
Yes....

1. ZAEC detected it
2. Found it in Programs and uninstalled it, rec'd Error: could not complete uninstall
3. ZAEC still detected it.
4. Searched HD and registry for BringStar
5. Posted what I found in step 4 above here hoping to find someone who had successfully removed.
6. Ran the two utilities recommended in Post 2
7. Neither detected it
8. Files, folders and registry entries still there.
9. I relabeled extensions of BringStar.exe files to *.dis (disabled)
10. ZAEC no longer detects but files / registry entries still there.


Quote   Quote: Originally Posted by Slartybart View Post
A few questions: Zone Alarm reported it but can't or didn't clean it?

I'm confused why Zone Alarm just told you about it, but didn't do it's job.
It wasn't a AV popup. From Post # 1

"ZoneAlarm Extreme Security pop up a program alert regarding BringStar.exe ZAES popped up an access authorization window for BringStar.exe"

As you are aware, but I'll post for anyone lurking, the features of most AV / Malware programs are three fold.... the 1st is the regular passive scanning for known Viruses / Malware, the second is active scanning for files being opened and the 3rd is program control. There was no "ZAES detected a bad thing" message. There was a "something wants to start BringStar.exe, do you want to let that happen" popup.

If I don't recognize it, I say no. If I see a program pop up that I didn't install or have no idea what it does, I deem it malware.


Quote:
Does Bringstar show up in Control Panel/Features and Programs list? Can you simply uninstall it?
Does Bringstar show up in IE manage add-ons? Can it simple be removed?
See Post No. 1 - "Uninstalled the program from control panel but it resulted in a Error.... still have a program folder with....."


Quote:
Try Malwarebytes, see if it cleans up:
I am quite familiar with MalwareBytes, Bit Defender and the like .... have a host of free or trial programs that I use use often to clean up peep's PC's who don't bother to install protection or too cheap to pay $10 a year for one that updates automatically.

However, as I indicated, I have never had the experience where something that any of them found, I was unable to find any web reference as to where it was, where it came from. Usually don't like to keep trying different programs that do the same thing as they oft leave traces of themselves behind and sometimes have unintended side effects like my missing start up items.



Quote   Quote: Originally Posted by Devlin1888 View Post
Did you run the delete park of Adwcleaner yeah?

Il pass on this thread to another member, got alot of stuff to do at the moment mate, i did look into it but i couldn't find much related to the problem, il pop in from time to time and see whats happening, cheers
There was nothing I wanted to Delete.

-Under "Files", there is a ZoneAlarm listing
-There's 14 registry references but no indication as to what they are or why i should be concerned about them
-Firefox tab lists reference to my *.js file
My System SpecsSystem Spec
31 Jan 2014   #8

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Got it, I wasn't sure which program you uninstalled in post 1.

The registry entries all seem related to IE - check the add-ons and remove anything Bringstar. Go through all of the types and options in the drop down box (currently loaded, run without permission....)
My System SpecsSystem Spec
31 Jan 2014   #9

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Since there's relatively little information on the web (except for your post on Zone Alarm... funny thing, someone answered your post there and pointed to your post here as a possible solution) and you've already tried to properly uninstall it - you might as well just delete the Bringstar folders.

Do you have cCleaner installed?
My System SpecsSystem Spec
31 Jan 2014   #10

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Thanks for clarifying.
Different malware scanners do have different strenghths and the full regiment compliments each one. I've run through 9 or 10 scanners and each one finds different things it deems bad.

It's your choice to install and run anythng suggested. I'm not sure I can offer anything other than "use this" or "use that" - as you said, there's no information available to work on.

See if the IE suggestions clear up the registry for you. Other than that, I'm out of ideas.

Bill
My System SpecsSystem Spec
Reply

 BringStar.exe Malware




Thread Tools



Similar help and support threads for2: BringStar.exe Malware
Thread Forum
Malware-splosion: 2013 Will be Malware's Biggest Year Ever Security News
Malware Removal Guide 2011: How to Get Rid of All The Latest Malware Security Basics
think I have bad Malware System Security
Malware help... System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 11:04 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33