I can't figure out how to get rid of "msbb.exe".Norton can't delete or repai

I tried to find the file path but I couldn't. :'(

[snapdragin]

Hi JTA, and welcome,

Please follow the instructions here for downloading HijackThis.
We will be able to help you better once we see the log.

http://www.wilderssecurity.com/showthread.php?t=15913

No i'm not talking about hijackthis i've already had that cleaned.(A while ago).I just want to get rid of this file.

[snapdragin]

Hi JTA - The msbb.exe will most likely be in C:\Program Files\Internet Optimizer folder (or one of the subfolders in the Internet Optimizer folder).

You may have to boot your computer into Safe Mode to delete the msbb.exe file. If you do not want the "Internet Optimizer", you can delete that too.

Make sure you have all files and folders viewable.
How to show hidden files and folders

But even though you said you fixed things in HijackThis previously, more spyware may have been downloaded since then, and I do not like to recommend deleting something unless I see "where" it is located. But this is your choice, however, I would still suggest you post a new HJT log to be sure we catch anything that may have entered since the last time you scanned with it.

snap

Logfile of HijackThis v1.97.7
Scan saved at 9:14:06 PM, on 3/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 15 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink Pop-Up Blocker\Pnel.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink Pop-Up Blocker\Pnel.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download using Download &Express - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37979.4444444444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[snapdragin]

Hi JTA,

I am not seeing the 'msbb.exe' file in your log. What program did you scan with that alerted you to it?

I am wondering if it may just be in your System Restore.
You can purge your old restore points by turning System Restore off, rebooting your computer, then doing another scan and see the program that alerted you before, alerts you again.

You can fix these in HijackThis, but before you begin please move HijackThis into a folder of it's own. HijackThis creates backups in the folder it is in, and in a Temp folder those backups will be easily lost.

Place a check beside the following items, and with ALL browsers and open windows closed (except HijackThis) click on *Fix checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

(If you did not set these yourself, then include them to be fixed too)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


Turn OFF System Restore.
1. On the Desktop, right-click My Computer.
2. Click Properties.
3. Click the System Restore tab.
4. Check the box beside "Turn off System Restore".
5. Click Apply, and then click OK.
6. Restart the computer. (You must restart your computer to clear the old Restore Points)

To Turn System Restore back ON.
1. Follow the above Steps 1 to 3
2. UNcheck the box beside "Turn off System Restore".
3. Click Apply, and then click OK.
4. Restart your computer and set a new Restore Point.

Once you have cleaned out the old restore points by rebooting your computer, then be sure and creat a new Restore Point.
******
How To Create a Restore Point:
http://www.microsoft.com/windowsxp/pro/using/howto/gethelp/systemrestore.asp

After cleaning the old restore points, let us know if you are still being alerted about the msbb.exe file.

snap

[Primrose]

I think also that Norton found it in your system restore " system volume info" folder only and this is why and how.
**********


What is System Restore?

One of the new features of Windows Me and Windows XP is System Restore. This feature, which is enabled by default, is used by Windows to restore files on your computer in case they become damaged. If you experience a problem with your system that is caused by software, System Restore gives you the opportunity to go back to a point where things were working correctly.

Windows XP stores this information in the SYSTEM VOLUME***information folder. These folders are updated when the computer restarts.

NOTE: Both the _RESTORE folder in WinME and the System volume information folder in Win XP are marked with the hidden attribute, and, by default, Windows is set to not display such files or folders.

Even after you have found a virus and your AV has cleaned your PC you still might get an indication you still have the virus but it can not be deleted in these folders.

Problem is..the system restore also has a copy of all those virus and trojans that have infected your system. They are in a compressed mode...your ANTIVIRUS knows they are there but can not help you get rid of them, so you must do it manually.

*****


But if you think you also have some symptoms because of that MSBB.EXE then you could look here.


How To Remove MSBB.EXE


http://www.annoyances.org/exec/forum/win95/r1032875472


but when you are infected with it your hijack log usually looks like this..



http://www.computercops.biz/modules....wtopic&p=76070

I fixed the msbb.exe problem.I found it in the registry and deleted it.

[Primrose]

Quote:

quoting: JTA link=board=17;threadid=24003;start=0#msg141567 date=1078802662]
I fixed the msbb.exe problem.I found it in the registry and deleted it.

Great...are you going to tell us where you found it and the path ?

I think it's like ^^^^ said.I think it was in a past restore point.But I found it in the registry here:regedit<HKEY_CURRENT_USER<Software<Microsoft<Search Assistant<ACMru<5603.

I never found the file path,but I nkow Its gone because after I deleted it I ran Norton and it didn't detect anything.

[Primrose]

OK thanks..that makes sense then...You were trying to find this MSBB.EXE to remove it. In that process you tried to find it on your PC before you even posted and you searched for it

When you do that your MRU keep that serach name. And that is what you did find.


Registry MRU Locations

[MRU-Most Recent Used]

XP Search Files
HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603



http://www.mvps.org/sramesh2k/RegistryMRU.htm