BringStar.exe Malware

[ShamrockRig]

Your facetiousness was understood.

I'm careful with my system as well, probably to a fault. At minimum I create a restore point before using any tool on my system but more then likely I will create an image. I use the search function on the forums extensively before using any tool as well as search the Internet. It's not that I have any trust issues on recommended tools by the members of this forum but more that I want to know what will happen, I call it training. Same goes for software installations.

I always want a path back to the prior state if needed.

Usually when programs are recommended by members on here they follow with instructions and a link to the download page, 8/10 the page you are sent to will have a description on what the program does. Not always, but a good majority of the time. I also look into new ways of dealing with certain things and programs but not in as much depth as you mate lol, better safe than sorry to be honest, as for the learning aspect, i completely agree, everything is knowledge

 

[JackNaylorPE]

i completely agree, info on the current subject is very limited, we can only offer suggestions on programs to run etc, I would advise going into your "program files" and "Program files x86" and having a look for it in there.

There is nothing there. Searched all folders using wild cards.

IE has nothing also .... never used it for other than WU

I dug a little deeper: here's some information you can work with.
Pmagma.exe related to Bringstar
Pmagma.exe Google results
herdProtect Analysis of pmagma.exe

The next steps are up to you Jack. I'll be glad to walk you through the malware scanners, but that's all I can do. If you don't want to download and run anything, that's your choice. I just don't know of any other way to clean up a computer that's infected.

Someone can point you to some very good tools and help you use them, but no one can help you clean up your system if you won't install and run the tools. Check out the links I posted and give it some thought.

Yes, I found the reference to conduit, thanks for confirming. I agree on the multiple tools but many of them have gotten to the point where they leave more behind when you uninstall than they were successful in getting out. So my normal path is if the programs I normally use (ZAEC, F-Prot, MB, CleanUp, CCleaner and a few small specific utilities) I regularly use don't find, I prefer to go for manual removal rather than clog up machine with leftovers from a dozen utilities.

Go into 'safe mode' and delete the folder. Reboot...
Then, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.

I already have another utility that I have been using for about a dozen years that performs this function.....runs weekly.

Here's something on BringStar from Malwarebytes Posted Today:

https://forums.malwarebytes.org/index.php?showtopic=141488

And repeated here:

Removal instructions for BringStar - Geeks to Go Forums

Much thx..... the new MalwareBytes Beta that came out last week did the trick ..... well at least it detects it.... looking now to see if all listed traces have been removed. The old version which I already had apparently does not

https://forums.malwarebytes.org/index.php?showtopic=141488

No, but for a full removal of the Firefox add-on you will need Malwarebytes Anti-Malware 2.00 beta or newer.

EDIT: MaywareBytes detected it but did not remove the files nor most of the registry entries.

 

[ShamrockRig]

Computer>tools>folder options>view>show hidden folders.

Once this is done look for a folder in "computer" called "ProgramData" and look for it in there

 

[JackNaylorPE]

Computer>tools>folder options>view>show hidden folders.

Once this is done look for a folder in "computer" called "ProgramData" and look for it in there

As soon as Windows completes it's initial install, Folder Options are modified to show all Hidden Files and Folders

The next 3 settings are also unchecked so that all empty drives, extensions, and protected OS files are also shown.

 

[JackNaylorPE]

Latest Update:

The ZA Forum moderator stated that ZA did detect it as malware ..... when I responded that it did not, it merely prompted the standard "This program is trying to launch yada yada yada ....." .... do you want to allow it"

He deleted my response and closed the thread. Well after over 10 years with ZA, that's the end of that. They can kiss my two home site licenses goodbye as well as the office.

 

[Malnutrition]

Download RSIT 64 bit or RSIT 32 bit Save it to your desktop.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.

Double-click RSIT.exe to start the tool. Windows Vista, 7 and 8 users Right Click & Run as Administrator .

• Then click " Continue "
• When the tool is finished, a notepad file called " Log "and "info" open
• Attach both of these to your reply.

 

[cottonball]

JackNaylorPE,

If you are still having an issue with BringStar, please do the following. The program is excellent at removing browser hijackers and Adware:

Let's use the tool: Zoek
Download > Download zoek.exe version 5.0.0.0
Click: Download the Zoek.exe version.
When the download appears, save to the Desktop.

On the Desktop, right-click zoek.exe and select: Run as Administrator (Give the program a few seconds to appear.)
If your AntiVirus warns you about the program, either allow Zoek to run, or temporarily disable your AV program.
Info on how to disable your security applications > How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides

Next, copy/paste the entire script inside the code box below to the input field of Zoek:

BringStar;u
autoclean;
emptyclsid;
shortcutfix;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;

Note: This script is written only for use on this computer. Please do not use it on another computer even if the problems are similar!





Now...

• Close any open Browsers.
• Click the Run Script button, and wait. It takes a few minutes to run all the script.
• When the tool finishes, the zoek-results.log is opened in Notepad.
• The log is also found on the systemdrive, normally C:\
• If a reboot is needed, the log is opened after the reboot.

:ar: Please post the zoek-results.log in your reply.


Thanks!


.

 

[JackNaylorPE]

I manually removed most of the Bringstar references from the registry....also found a few sets of manual remove instructions that I haven't had time to go thru line by line removals yet. I'm not having problems with it; but my OCD won't let me leave any traces of it behind ..... will try those as soon as I get a chance..... several new builds underway and 2 networks need expanding.