Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pup.Bitspirit and Hijack.DisplayProperties


  • Please log in to reply
5 replies to this topic

#1 uk23

uk23

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 01 February 2010 - 06:45 PM

Greetings, I am new here!
Well, I have windows 7 Dell Computer with Norton 360 installed and actively working. I don't see anything wrong with my PC. However, I decided to run MalwareBytes antimalware program, just in case.
I just scanned my PC with malwareBytes antimalware, and it has found Pup.Bitspirit and Hijack properties. Now, I do have BitSpirit legitimate one installed on my PC as a Torrent downloader.
Norton 360 hasn't detected anything. MalwareBytes found these, which I posted below.HERE'S AN UPDATE: I have uninstalled BitSpirit and Malwarebytes no longer shows-- (PUP.BitSpirit). Was rhis BirSpirit Torrent save anyway to use? Please help! What's my next step?Please see below:
Malwarebytes' Anti-Malware 1.44
Database version: 3674
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/1/2010 5:12:14 PM
mbam-log-2010-02-01 (17-12-08).txt

Scan type: Quick Scan
Objects scanned: 98827
Time elapsed: 1 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ByteLinker (PUP.BitSpirit) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by uk23, 01 February 2010 - 09:38 PM.


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:50 PM

Posted 01 February 2010 - 09:24 PM

You will have to manually de-select them from the Remove list
The Ignore list is only for the paid-for version
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 uk23

uk23
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 01 February 2010 - 09:47 PM

I am sorry , but I didn't understand. How do I manually De-select them? I have not selected them for Removal. They are checked on malwareBytes scan results.I have Uninstalled BitSpirit using ad/remove program. So, PUP. Bitspirit no longer shows on Malwarebytes scan. The scans that you saw above were of heuristic results. What do I do with this now? HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
I have a question , perhaps, not very related to this problem, but P2P software such as BitSpirit might propagate viruses and spywares in the websites that one download movies from (i.e. YouTube). Should I even consider downloading another Torrent software, if so which one?

You will have to manually de-select them from the Remove list
The Ignore list is only for the paid-for version



#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:50 PM

Posted 02 February 2010 - 07:07 PM

When I said "You will have to manually de-select them from the Remove list" I was under the assumption you wanted to keep Pup.Bitspirit
Deselect means uncheck the box in the remove list


Should I even consider downloading another Torrent software

I do not use them for the reason they are a breeding ground for infections
You're downloading packets from God knows where and from God knows who

It isn't the torrent program as much as it is the material that is downloaded that causes the problem [copyrighted songs and programs]
Almost all Linux programs are distributed that way
Bittorrent would probably be the safest of the lot

Remove selected items in mbam
reboot the computer
Update mbam and run a FULL scan
Please post the results
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 uk23

uk23
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 02 February 2010 - 08:26 PM

Thank you so much for replying!
I have uninstalled BitSpirit. Also, for the item Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Norton 360 Technical support reports, " The Registry entry which is being displayed by Malware bytes is false positive that is the reason Norton product has not been detected it.Please add the above registry entry to Malware bytes white list".

Below, please find result of a full system scan:

Malwarebytes' Anti-Malware 1.44
Database version: 3681
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/2/2010 7:22:16 PM
mbam-log-2010-02-02 (19-22-13).txt

Scan type: Full Scan (C:\|)
Objects scanned: 196047
Time elapsed: 20 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by garmanma, 03 February 2010 - 06:38 PM.


#6 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:50 PM

Posted 03 February 2010 - 06:40 PM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0)

This is a false positive. You do not have to worry about it

If there are no longer signs of malware then please....

Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

-------------------------------

Tips to protect yourself against malware and reduce the potential for re-infection:
• "Simple and easy ways to keep your computer safe".
• "How did I get infected?, With steps so it does not happen again!".
• "Hardening Windows Security - Part 1 & Part 2".
• "IE Recommended Minimal Security Settings" - "How to Secure Your Web Browser".

• Avoid gaming sites, underground web pages, pirated software, crack sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users