I can't figure out how to get rid of "msbb.exe".Norton can't delete or repai

Discussion in 'adware, spyware & hijack cleaning' started by JTA, Mar 8, 2004.

Thread Status:
Not open for further replies.
  1. JTA
    Offline

    JTA Guest

    I tried to find the file path but I couldn't. :'(
  2. snapdragin
    Offline

    snapdragin Administrator

    Re:I can't figure out how to get rid of "msbb.exe".Norton can't delete or re

    Hi JTA, and welcome,

    Please follow the instructions here for downloading HijackThis.
    We will be able to help you better once we see the log. :)

    http://www.wilderssecurity.com/showthread.php?t=15913
  3. JTA
    Offline

    JTA Guest

    Re:I can't figure out how to get rid of "msbb.exe".Norton can't delete or re

    No :p i'm not talking about hijackthis i've already had that cleaned.(A while ago).I just want to get rid of this file.
  4. snapdragin
    Offline

    snapdragin Administrator

    Re:I can't figure out how to get rid of "msbb.exe".Norton can't delete or re

    Hi JTA - The msbb.exe will most likely be in C:\Program Files\Internet Optimizer folder (or one of the subfolders in the Internet Optimizer folder).

    You may have to boot your computer into Safe Mode to delete the msbb.exe file. If you do not want the "Internet Optimizer", you can delete that too.

    Make sure you have all files and folders viewable.
    How to show hidden files and folders

    But even though you said you fixed things in HijackThis previously, more spyware may have been downloaded since then, and I do not like to recommend deleting something unless I see "where" it is located. But this is your choice, however, I would still suggest you post a new HJT log to be sure we catch anything that may have entered since the last time you scanned with it.

    snap
  5. JTA
    Offline

    JTA Guest

    Re:I can't figure out how to get rid of "msbb.exe".Norton can't delete or re

    Logfile of HijackThis v1.97.7
    Scan saved at 9:14:06 PM, on 3/8/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 15 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink Pop-Up Blocker\Pnel.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink Pop-Up Blocker\Pnel.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Download using Download &Express - C:\Program Files\Download Express\Add_Url.htm
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37979.4444444444
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  6. snapdragin
    Offline

    snapdragin Administrator

    Re:I can't figure out how to get rid of "msbb.exe".Norton can't delete or re

    Hi JTA,

    I am not seeing the 'msbb.exe' file in your log. What program did you scan with that alerted you to it?

    I am wondering if it may just be in your System Restore.
    You can purge your old restore points by turning System Restore off, rebooting your computer, then doing another scan and see the program that alerted you before, alerts you again.

    You can fix these in HijackThis, but before you begin please move HijackThis into a folder of it's own. HijackThis creates backups in the folder it is in, and in a Temp folder those backups will be easily lost.

    Place a check beside the following items, and with ALL browsers and open windows closed (except HijackThis) click on *Fix checked:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =


    (If you did not set these yourself, then include them to be fixed too)
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


    Turn OFF System Restore.
    1. On the Desktop, right-click My Computer.
    2. Click Properties.
    3. Click the System Restore tab.
    4. Check the box beside "Turn off System Restore".
    5. Click Apply, and then click OK.
    6. Restart the computer. (You must restart your computer to clear the old Restore Points)

    To Turn System Restore back ON.
    1. Follow the above Steps 1 to 3
    2. UNcheck the box beside "Turn off System Restore".
    3. Click Apply, and then click OK.
    4. Restart your computer and set a new Restore Point.

    Once you have cleaned out the old restore points by rebooting your computer, then be sure and creat a new Restore Point.
          
    How To Create a Restore Point:
    http://www.microsoft.com/windowsxp/pro/using/howto/gethelp/systemrestore.asp

    After cleaning the old restore points, let us know if you are still being alerted about the msbb.exe file.

    snap
  7. Primrose
    Offline

    Primrose Registered Member

    Re:I can't figure out how to get rid of "msbb.exe".Norton can't delete or re

    I think also that Norton found it in your system restore " system volume info" folder only and this is why and how.
    **********


    What is System Restore?

    One of the new features of Windows Me and Windows XP is System Restore. This feature, which is enabled by default, is used by Windows to restore files on your computer in case they become damaged. If you experience a problem with your system that is caused by software, System Restore gives you the opportunity to go back to a point where things were working correctly.

    Windows XP stores this information in the SYSTEM VOLUME   information folder. These folders are updated when the computer restarts.

    NOTE: Both the _RESTORE folder in WinME and the System volume information folder in Win XP are marked with the hidden attribute, and, by default, Windows is set to not display such files or folders.

    Even after you have found a virus and your AV has cleaned your PC you still might get an indication you still have the virus but it can not be deleted in these folders.

    Problem is..the system restore also has a copy of all those virus and trojans that have infected your system. They are in a compressed mode...your ANTIVIRUS knows they are there but can not help you get rid of them, so you must do it manually.

    *****


    But if you think you also have some symptoms because of that MSBB.EXE then you could look here.


    How To Remove MSBB.EXE


    http://www.annoyances.org/exec/forum/win95/r1032875472


    but when you are infected with it your hijack log usually looks like this..



    http://www.computercops.biz/modules.php?name=Forums&file=viewtopic&p=76070
  8. JTA
    Offline

    JTA Guest

    Re:I can't figure out how to get rid of "msbb.exe".Norton can't delete or re

    I fixed the msbb.exe problem.I found it in the registry and deleted it.
  9. Primrose
    Offline

    Primrose Registered Member

    Re:I can't figure out how to get rid of "msbb.exe".Norton can't delete or re

    Great...are you going to tell us where you found it and the path ?
  10. JTA
    Offline

    JTA Guest

    Re:I can't figure out how to get rid of "msbb.exe".Norton can't delete or re

    I think it's like ^^^^ said.I think it was in a past restore point.But I found it in the registry here:regedit<HKEY_CURRENT_USER<Software<Microsoft<Search Assistant<ACMru<5603.

    I never found the file path,but I nkow Its gone because after I deleted it I ran Norton and it didn't detect anything.
  11. Primrose
    Offline

    Primrose Registered Member

    Re:I can't figure out how to get rid of "msbb.exe".Norton can't delete or re

    OK thanks..that makes sense then...You were trying to find this MSBB.EXE to remove it. In that process you tried to find it on your PC before you even posted and you searched for it ;)

    When you do that your MRU keep that serach name. And that is what you did find.


    Registry MRU Locations

    [MRU-Most Recent Used]

    XP Search Files
    HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603



    http://www.mvps.org/sramesh2k/RegistryMRU.htm
Thread Status:
Not open for further replies.