Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

LBTSERV.EXE


  • Please log in to reply
10 replies to this topic

#1 Doug E Fresh

Doug E Fresh

  • Members
  • 224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey/Miami
  • Local time:02:09 AM

Posted 16 May 2009 - 02:43 PM

This site has identified it as undesirable under the 'Startup List' tab, yet when I do further research on Google, only one other site I've come across has identified it as a WORM. It shows up as part of Logitech Setpoint, used with my wireless mouse. This is the only Logitech Service listed on my computer. http://img196.imageshack.us/img196/164/services.jpg
I'm not sure what to do. Is this a legit service or not? How do I know for sure?

Any help is appreciated, thanks.

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:02:09 AM

Posted 16 May 2009 - 09:27 PM

I found one other site that says it is
http://www.prevx.com/filenames/75654593230...BTSERV.EXE.html

Do you use a Logitech bluetooth mouse?

Edited by garmanma, 16 May 2009 - 09:27 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Doug E Fresh

Doug E Fresh
  • Topic Starter

  • Members
  • 224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey/Miami
  • Local time:02:09 AM

Posted 17 May 2009 - 12:33 PM

I found one other site that says it is
http://www.prevx.com/filenames/75654593230...BTSERV.EXE.html

Do you use a Logitech bluetooth mouse?



Ha. As a matter of fact that's the exact site I had stumbled on. I do use a Logitech wireless mouse, but it's USB. I don't think it's bluetooth enabled. Here are the specs: http://www.logitech.com/index.cfm/mice_poi...87&cl=US,EN

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 AM

Posted 17 May 2009 - 03:56 PM

Hello Doug.

Let's take a closer look at those services.

Create and Run Batch Script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "code".
    @ECHO OFF
    IF EXIST Report.txt DEL Report.txt
    FOR %%a in ("LBTServ" "Logitech Inc") DO (
    	SET "ServiceName=%%~a"
    	CALL :ProcessTheService
    )
    START NOTEPAD Report
    EXIT
    DEL %0
    :ProcessTheService
    REG.EXE QUERY "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\%ServiceName%" /v ImagePath >nul 2>&1
    IF NOT %ErrorLevel%==0 (
    	ECHO Service "%ServiceName%" not found.>>Report.txt
    ) ELSE (
    	ECHO "%ServiceName%":>>Report.txt
    	REG.EXE QUERY "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\%ServiceName%" /v ImagePath | FINDSTR.EXE /i "imagepath" >>Report.txt
    )
    GOTO :EOF
    :EOF
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input Look.bat
  • Hit OK.
When done properly, the icon should look like Posted Image.

Double click Look.bat. If you are using Windows Vista, right click the icon and select "Run as Administrator".

A notepad will open in a moment. Please copy the contents of the notepad into your next reply.

With Regards,
The Panda

#5 Doug E Fresh

Doug E Fresh
  • Topic Starter

  • Members
  • 224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey/Miami
  • Local time:02:09 AM

Posted 17 May 2009 - 05:17 PM

Thanks for your reply. This is what it came up with.

"LBTServ":
ImagePath REG_EXPAND_SZ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
Service "Logitech Inc" not found.


Not sure whether or not I did something wrong.

#6 Doug E Fresh

Doug E Fresh
  • Topic Starter

  • Members
  • 224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey/Miami
  • Local time:02:09 AM

Posted 17 May 2009 - 05:23 PM

C:\PROGRAM FILES\COMMON FILES\LOGISHRD\BLUETOOTH\LBTSERV.EXE

That's the location of the file on my computer.

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 AM

Posted 17 May 2009 - 05:26 PM

Hello Doug.

You did that right.

That is the location of the legitiment version of the file. If you want to check, you can send the file to an online scanner.

Submit File to Online Scanner
  • Open VirusTotal Online Scanner or VirSCAN. If one site is busy or down, try the other
  • At the top of the page you'll see a box. Paste in the following line(s) or browse to the file (do one line at a time).
  • C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
  • Click Submit.
  • Wait for the scan to finish.
  • Copy Scanner Results into your next reply.
With Regards,
The Panda

Edited by PropagandaPanda, 17 May 2009 - 05:26 PM.


#8 Doug E Fresh

Doug E Fresh
  • Topic Starter

  • Members
  • 224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey/Miami
  • Local time:02:09 AM

Posted 17 May 2009 - 05:29 PM

Scanner results : All Scanners reported not find malware!
Time : 2009/05/17 18:25:37 (EDT)

Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.0.0.32 20090517233123 2009-05-17
-
2.055
AhnLab V3 2009.05.17.00 2009.05.17 2009-05-17
-
0.690
AntiVir 8.2.0.168 7.1.3.217 2009-05-17
-
0.374
Antiy 2.0.18 20090517.2427008 2009-05-17
-
0.017
Arcavir 2009 200905171029 2009-05-17
-
0.059
Authentium 5.1.1 200905171502 2009-05-17
-
1.377
AVAST! 4.7.4 090517-0 2009-05-17
-
0.011
AVG 8.5.286 270.12.32/2119 2009-05-18
-
3.327
BitDefender 7.81008.2989655 7.25468 2009-05-18
-
2.772
CA (VET) 9.0.0.143 31.6.6507 2009-05-16
-
7.749
ClamAV 0.95 9364 2009-05-16
-
0.029
Comodo 3.9 1170 2009-05-17
-
0.694
CP Secure 1.1.0.715 2009.05.17 2009-05-17
-
9.148
Dr.Web 4.44.0.9170 2009.05.17 2009-05-17
-
4.580
F-Prot 4.4.4.56 20090517 2009-05-17
-
1.610
F-Secure 5.51.6100 2009.05.16.01 2009-05-16
-
0.062
Fortinet 2.81-3.117 10.399 2009-05-17
-
0.213
GData 19.5270/19.334 20090517 2009-05-17
-
3.940
Ikarus T3.1.01.49 2009.05.17.72731 2009-05-17
-
3.230
JiangMin 11.0.706 2009.05.17 2009-05-17
-
1.881
Kaspersky 5.5.10 2009.05.17 2009-05-17
-
0.050
KingSoft 2009.2.5.15 2009.5.17.21 2009-05-17
-
0.488
McAfee 5.3.00 5618 2009-05-17
-
2.903
Microsoft 1.4602 2009.05.18 2009-05-18
-
4.536
mks_vir 2.01 2009.05.16 2009-05-16
-
3.254
Norman 6.01.05 6.01.00 2009-05-15
-
4.006
nProtect 20090517.01 3708563 2009-05-17
-
5.305
Panda 9.05.01 2009.05.16 2009-05-16
-
1.618
Quick Heal 10.00 2009.05.15 2009-05-15
-
1.205
Rising 20.0 21.29.62.00 2009-05-17
-
0.775
Sophos 2.86.0 4.41 2009-05-18
-
2.354
Sunbelt 5140 5140 2009-05-17
-
0.990
Symantec 1.3.0.24 20090517.004 2009-05-17
-
0.057
The Hacker 6.3.4.1 v00326 2009-05-16
-
0.640
Trend Micro 8.700-1004 6.134.22 2009-05-17
-
0.030
VBA32 3.12.10.5 20090516.1854 2009-05-16
-
1.965
ViRobot 20090515 2009.05.15 2009-05-15
-
0.414
VirusBuster 4.5.11.10 10.105.29/1379275 2009-05-18
-
1.704
Note: this file has been scanned before. Therefore, this file's scan result will not be stored in the database

Edited by Doug E Fresh, 17 May 2009 - 05:36 PM.


#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 AM

Posted 17 May 2009 - 05:33 PM

Hello Doug.

Yes, that is a legit Logitech file.

The worm file would be located in C:\Windows, not that path.

With Regards,
The Panda

#10 Doug E Fresh

Doug E Fresh
  • Topic Starter

  • Members
  • 224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey/Miami
  • Local time:02:09 AM

Posted 17 May 2009 - 05:36 PM

OK, cool. Thanks for your help! Those are awesome links by the way. Bookmarked them both. =]

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 AM

Posted 17 May 2009 - 05:50 PM

You are welcome. Glad we could help.

The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users