I've got a BHO called "pribi" and I can't find any information about it on the net, nor can I think of anything I've installed that would do this. Here's the details:

Hijack this log entries:
O2 - BHO: (no name) - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.dll
O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe

I have a folder C:\Documents and Settings\All Users\Application Data\Pribi
in it there is:
pribi.dll
spif.fil
spif.ini

Contents of spif.ini:
[DEF]
ID=2151
INST=True
CV=v28
UUID={5C42A822-CD41-4339-863B-8B27FD57FE1F}
Date=7/25/2004
[DYN]
CV=v28
CFPID=÷¼¼¼¼¼»º¾¡¿µº¹¡¸Í½Í¡µ´ÏÉ¡¿È¸Îʸ¹»È¸Ï´ñ
[PRC]
PRC=36

It's also called G1.GZ according to Security Task Manager. The manufacturer is listed as ": E"

Anyone have any idea what this is???

Anyone have any idea of what this is?

HI, infotime:

Google:
-{ Quote: "Your search - Pribi.exe - did not match any documents." }-

No results here also:

http://www.sysinfo.org/startuplist.php

I used several search engines, and majority only came up with an email address of someone called Peter Ribi: pribi @ DELETETHIS.POBOX.COM

Did you go to the Pribi.exe, right click/Properties, and see what info you can get from there?

TAS

There's no pribi.exe on my system (I've searched all drives for it). There are only 3 files related as I described in first post, one of which is pribi.dll. Here's the text inside that file according to Security Task Manager:
This program cannot be run in DOS mode.
3qC\Program Files\DevStudio\VB\VB5.OLB
Software\Microsoft\Internet Explorer\Main\
Start Page
Are you sure you wish to uninstall
runtime error 522
http 404 not found
server application unavailable
the page cannot be displayed
proxy authentication required
the resource cannot be displayed
the page cannot be found
the web site cannot be found
you are not authorized to view this page
the page requires a client certificate
the page must be viewed with a high
security web browser
the page must be viewed over a secure channel
the page cannot be saved
the resource cannot be found
no page to display
the page requires a valid client certificate
runtime error
server too busy
cannot find server
the page does not exist
Microsoft Sans Serif
----------------
InternetExplorer
Location
NInitializeWW
Vbshell.tlbWW
stdole2.tlbWW
OLESelfRegister
Pribi.dll
OriginalFilename
Pribi
InternalName
ProductVersion
FileVersion
ProductName
StringFileInfo
Translation
VarFileInfo
__vbaFreeStr
__vbaFreeObj
__vbaAryUnlock
__vbaLateIdSt
_allmul
__vbaStrVarCopy
__vbaHresultCheckNonvirt
__vbaCastObj
__vbaStrMove
__vbaI2ErrVar
_CIatan
__vbaLateMemCallLd
__vbaVarCopy
__vbaVarDup
__vbaStrToAnsi
__vbaAryLock
_adj_fdiv_r
__vbaPowerR8
_adj_fdivr_m32
__vbaDerefAry1
__vbaFreeStrList
EVENT_SINK2_AddRef
__vbaStrCopy
_adj_fdivr_m32i
_adj_fdiv_m32i
__vbaInStr
__vbaNew2
__vbaVar2Vec
__vbaFileOpen
__vbaErrorOverflow
__vbaVarCat
__vbaUbound
__vbaInStrVar
__vbaFPException
__vbaFailedFriend
_adj_fdivr_m64
_adj_fprem
__vbaStrToUnicode
__vbaExceptHandler
EVENT_SINK_QueryInterface
__vbaNew
EVENT_SINK_Release
__vbaRecUniToAnsi
__vbaRedim
Zombie_GetTypeInfoCount
__vbaLateIdCallLd
__vbaFixstrConstruct
_adj_fpatan
__vbaAryConstruct
__vbaLbound
__vbaCastObjVar
__vbaVarOr
DllFunctionCall
__vbaObjVar
__vbaStrCmp
__vbaGenerateBoundsError
EVENT_SINK_AddRef
__vbaFileClose
__vbaChkstk
__vbaErase
__vbaBoolVarNull
__vbaVarTstLt
_adj_fdivr_m16i
__vbaObjSetAddref
_adj_fdiv_m16i
__vbaObjSet
__vbaOnError
__vbaExitProc
EVENT_SINK2_Release
__vbaAryDestruct
Zombie_GetTypeInfo
_adj_fdiv_m32
__vbaHresultCheckObj
__vbaSetSystemError
__vbaLsetFixstr
__vbaStrCat
__vbaRecAnsiToUni
_adj_fprem1
__vbaStrErrVarCopy
__vbaFreeObjList
EVENT_SINK_Invoke
_adj_fdiv_m64
__vbaFreeVarList
__vbaStrVarMove
__vbaAptOffset
__vbaLateIdCall
__vbaLenBstr
__vbaLineInputStr
__vbaFreeVar
__vbaAryMove
__vbaVarVargNofree
__vbaVarMove
_adj_fptan
__vbaVarSub
__vbaVarTstGt
EVENT_SINK_GetIDsOfNames
DllUnregisterServer
DllRegisterServer
DllGetClassObject
DllCanUnloadNow
Pribi.dll
VujVWjh
uhdw
uhdw
uhdw
uhdw
uhdw
uhpt
Suht
Suhpt
Suhl
Suhe
Suhl
WPad
pCmdText
pvaOut
nCmdExecOpt
pguidCmdGroup
IOleCommandTarget
priid
fReserved
punkToolbarSite
prcBorder
fEnterMode
dwreserved
Location
IObjectWithSite
IDockingWindow
ProgressMax
Progress
Text
Headers
PostData
TargetFrameName
Flags
Cancel
lblClose
lblTitle
Frame1
SHDocVwCtl.WebBrowser
SHDocVwCtl.WebBrowser
SHDocVwCtl.WebBrowser
SHDocVwCtl.WebBrowser
SHDocVwCtl.WebBrowser
SHDocVwCtl.WebBrowser
frmSearch
modReplaceString_ReplaceString
modGrabBaseDomain_GrabBaseDomain
__vbaAryMove
__vbaVar2Vec
__vbaAryLock
__vbaAryUnlock
modIeGuid_GetGUID
__vbaVarCopy
__vbaVarTstLt
modUpdateApplicationFiles_UpdateApplicationFiles
open
.exe
.fil
__vbaLbound
__vbaAryConstruct
__vbaGenerateBoundsError
__vbaFileOpen
__vbaLineInputStr
__vbaFileClose
modSearchEngineFunctions_StoreListInMemory
modSearchEngineFunctions_isParamSearchTarget
querystring
name_query
stichwort
pattern
suchen
suchstr
search_string
searchstr
keys
words
word
show
host
searchfor
search
keyword
keywords
term
terms
query
as_epq
modSearchEngineFunctions_isURLTarget
searchterm
modSearchEngineFunctions_SetUpSearch
modRegistry_KeyExists
modRegistry_SaveKey
modRegisterUser_postGuiVars
prop
checkin
speed
modRegisterUser_RegUser
StringFromGUID24
CoCreateGuid
spif.fil
spif.ini
qd.aspx
rc.aspx
ri.aspx
ss/client/
ss/client/rinfo/
ss/client/search/
__vbaRedim
__vbaVarMove
__vbaErase
modLogic_setSearchEngineInfo
SOFTWARE\Classes\CLSID\
modLogic_initForm
modLogic_initLogic
modLogic_LoadDatFile
modDumbPops_NavToDPPage
modDumbPops_CheckDumbPops
__vbaUbound
__vbaVarTstGt
__vbaDerefAry1
__vbaI2ErrVar
__vbaAryDestruct
__vbaVarCat
__vbaPowerR8
modDecrypt_UnSetBit
modDecrypt_SetBit
modDecrypt_IsBitSet
modDecrypt_BitEncrypt
modCountSubstrings_CountSubstrings
__vbaVarOr
__vbaInStrVar
modSearchEngineFunctions_isBrowserTitleValid
__vbaBoolVarNull
forbidden
__vbaLenBstr
modInternetGetFile_InternetGetFile
InternetOpenA
re.aspx
URLDownloadToFileA
urlmon
__vbaFixstrConstruct
__vbaLsetFixstr
modINIManipulation_WriteIni
modINIManipulation_ReadIni
modGetScreenRes_isBrowserSizeValid
modGetScreenRes_GetScreenRes
__vbaRecUniToAnsi
__vbaStrToAnsi
__vbaRecAnsiToUni
__vbaStrToUnicode
FileExists
FindClose
qr.aspx
errLine
errFunc
errDes
__vbaNew
clsIESearch_m_ie_BeforeNavigate2
about
clsIESearch_IOleCommandTarget_QueryStatus
FindFirstFileA
clsIESearch_IObjectWithSite_SetSite
clsIESearch_IObjectWithSite_GetSite
clsIESearch_Class_Initialize
IEDockingWindow
m_ie_BeforeNavigate2
IOleCommandTarget_QueryStatus
CLSIDFromString4
RtlMoveMemory
GpIOleCommandTarget
clsDW_IeSnk
clsDW_InternetExplorer
clsDW_SetSize
clsDW_Show
clsDW_NegotiateBorderSpace
Class_Initialize
clsDW_IObjectWithSite_SetSite
clsDW_IObjectWithSite_GetSite
clsDW_IDockingWindow_ShowDW
clsDW_IDockingWindow_ResizeBorderDW
clsDW_IDockingWindow_GetWindow
clsDW_IDockingWindow_ContextSensitiveHelp
clsDW_IDockingWindow_CloseDW
clsDW_Class_Terminate
clsDW_Initialize
__vbaSetSystemError
modConnectionType_IsNetConnectViaModem
modConnectionType_IsNetConnectViaLAN
modConnectionType_GetNetConnectString
InternetGetConnectedState
Wininet
__vbaOnError
__vbaLateIdCall
__vbaObjSet
__vbaFreeObj
__vbaStrCopy
__vbaFreeStr
__vbaHresultCheckObj
__vbaStrMove
__vbaFreeStrList
__vbaFreeVar
string
__vbaExitProc
__vbaObjSetAddref
__vbaCastObj
__vbaAptOffset
__vbaNew2
__vbaLateIdSt
__vbaFailedFriend
__vbaLateMemCallLd
__vbaObjVar
__vbaFreeObjList
__vbaFreeVarList
__vbaHresultCheckNonvirt
__vbaLateIdCallLd
IeSnk
InternetExplorer
IObjectWithSite_SetSite
IObjectWithSite_GetSite
FIDockingWindow_ShowDW
IDockingWindow_ResizeBorderDW
IDockingWindow_GetWindow
IDockingWindow_ContextSensitiveHelp
__vbaVarDup
IDockingWindow_CloseDW
Class_Terminate
Initialize
ShowWindow
MoveWindow
SetWindowLongA
SetParent
GetWindowLongA
sRIObjectWithSite
IOleCommandTarget_Exec
3oVBInternal
3qClass
VBShellLib
UvoC\PROJECTS\BHOSubSearch\_VBSHELL\Vbshell.tlb
IDockingWindow
3qm_ie
__vbaStrVarMove
__vbaVarVargNofree
__vbaInStr
__vbaCastObjVar
__vbaStrCmp
__vbaStrVarCopy
__vbaErrorOverflow
__vbaStrCat
frmSearch_tmpFrameMain_oncontextmenu
frmSearch_tmpFrameMain_onclick
__vbaVarSub
frmSearch_tmpFrame4_oncontextmenu
frmSearch_tmpFrame4_onclick
frmSearch_tmpFrame3_oncontextmenu
frmSearch_tmpFrame3_onclick
frmSearch_tmpFrame2_oncontextmenu
frmSearch_tmpFrame2_onclick
frmSearch_tmpFrame1_oncontextmenu
frmSearch_tmpFrame1_onclick
href
_main
target
frmSearch_DockingWindow
frmSearch_IeSnk
frmSearch_InternetExplorer
frmSearch_wb_ie_TitleChange
frmSearch_wb_ie_ProgressChange
__vbaStrErrVarCopy
frmSearch_wb_ie_DocumentComplete
Title
frmSearch_wb_ie_BeforeNavigate2
GetSystemMetrics
soft
Uninstall
version
search
clear
frmSearch_lblClose_Click
frmSearch_IE_SEARCH_TitleChange
roff
loff
frmSearch_IE_SEARCH_DocumentComplete
Document
contentWindow
frmSearch_IE_SEARCH_BeforeNavigate2
frmSearch_IE_GUID_TitleChange
frmSearch_IE_GUID_DocumentComplete
False
report
Date
install
frmSearch_IE_ER_DocumentComplete
frmSearch_IE_ER_BeforeNavigate2
frmSearch_IE_DYN_TitleChange
frmSearch_IE_DYN_DocumentComplete
ShellExecuteA
shell32.dll
GetDesktopWindow
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyA
RegCloseKey
advapi32.dll
True
WritePrivateProfileStringA
GetPrivateProfileStringA
frmSearch_IE_DYN_BeforeNavigate2
frmSearch_IE_DP_DocumentComplete
frmSearch_IE_DP_BeforeNavigate2
Item
length
frmSearch_IE_CLICK_DocumentComplete
frmSearch_IE_CLICK_BeforeNavigate2
frmSearch_OpenSubSearch
frmSearch_CloseSubSearch
frmSearch_setLogicOn
frmSearch_setSearchQuery
frmSearch_setSubSearchOn
tagName
frmSearch_setSearchEngine
frmSearch_getgetPopOutSide
frmSearch_getWBIEDocHeight
offsetHeight
documentElement
frmSearch_Form_Resize
frmSearch_Form_Unload
frmSearch_Form_Load
blank
about
tmpFrameMain_oncontextmenu
tmpFrameMain_onclick
tmpFrame4_oncontextmenu
tmpFrame4_onclick
tmpFrame3_oncontextmenu
tmpFrame3_onclick
tmpFrame2_oncontextmenu
tmpFrame2_onclick
tmpFrame1_oncontextmenu
tmpFrame1_onclick
wb_ie_TitleChange
wb_ie_ProgressChange
wb_ie_DocumentComplete
wb_ie_BeforeNavigate2
lblClose_Click
IE_SEARCH_TitleChange
IE_SEARCH_DocumentComplete
IE_SEARCH_BeforeNavigate2
IE_GUID_TitleChange
IE_GUID_DocumentComplete
IE_ER_DocumentComplete
IE_ER_BeforeNavigate2
IE_DYN_TitleChange
IE_DYN_DocumentComplete
IE_DYN_BeforeNavigate2
IE_DP_DocumentComplete
IE_DP_BeforeNavigate2
IE_CLICK_DocumentComplete
IE_CLICK_BeforeNavigate2
Form_Resize
Form_Unload
Form_Load
Frame1
Form
C\WINNT\system32\SHDOCVW.DLL
Mwb_ie
lblTitle
tmpFrame2
lblClose
tmpFrame4
tmpFrame3
tmpFrame1
C\WINNT\system32\MSHTML.TLB
tmpFrameMain
zC\WINNT\System32\shdocvw.oca
www.fastfind.org
modReplaceString
modGrabBaseDomain
modCreateGUID
modUpdateApplicationFiles
modSearchEngineFunctions
modRegistry
modRegisterUser
modParameters
modLogic
modLoadDataFile
modDumbPops
modDecrypt
modCountSubStrings
modBrowserTitleCheck
modQuickParse
modInternetGetFile
modINIManipulation
modGetScreenRes
modFileExists
modErrorReport
modConnectionType
frmSearch
1\ver28\SUBSEA
WebBrowser
SHDocVwCtl.WebBrowser
ReadyState
PribiE
.reloc
.idata
.data
.text

I just removed pribi using hijackthis from my computer, and it seems ieservice.dll and a couple of other files in the aplication folder got installed at the same time.
ieservice also seems to come from E!?

It seems like pribi takes control of the search assistant in IE and whenever you search for something it opens up the searchtab and displays some results.

HI
I am having the same trouble and have the same folder Pribi with the same contents.
I am so far unable to remove it successfuly and it does hijack my yahoo searches.
I found that the folder IEServices was installed at the same time. It seems IEServices takes over my search engine as well and posts it own result on the right side of the screen while Pribi post its finds on the left side with Yahoo in between them.
I was able to remove IEServices with info found here

http://securityresponse.symantec.com/avcenter/venc/data/adware.fastfind.html

It should be noted that before I could delete the IEServices file I had to delete all the redistry keys first
Hope somebody finds all the registry keys associated with Pribi

There is a link here on its removal:

http://www.mytechsupport.ca/support/topic.asp?TOPIC_ID=4338

and here:

http://forum.aumha.org/viewtopic.php?p=40646

Hope this helps...

Cheers ;D