Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


AI Project Updater: Installing....

  • Please log in to reply
4 replies to this topic

#1 ShaggyMuffin


  • Members
  • 1 posts
  • Local time:05:05 AM

Posted 06 May 2011 - 03:46 PM


I recently got this window pop called "AI Project Updater Installing:" that would occur every start up and seems to be stuck in its progress bar and cannot be closed in the conventional "close" button or the "x". I researched it and it there doesn't seem to be much information on what this is, why it pops up and how to stop it from popping up. If there is anyone that is dealing with this issue, this post may be of some help.

The reason I am posting this is because I believe I have found out generally what it is and that it might not be a malicious thing like some are treating it to be. Ive scanned the system with MalwareBytes in regular boot and in Safe Mode and it did not find anything. With the "AI Project Updater Installing:" window still open, it can be seen in the Windows Task Manager under applications, which gets me to lean towards this not being a malicious object. To find out where it was coming from, I right clicked the Application "AI Project Updater" and clicked "Go To Process". It took me to the process tab in Windows Task Manager and highlighted the process called "messenger.exe". If you "End Process", it will close the window and it wont pop back up, but it will show up when the system is restarted or rebooted. I decided to check the Startup procedure when you run msconfig. With System Configuration Utility open, under the Startup tab you will find messenger listed. When I traced it's location, it directed to Program Files\Common Files\Microsoft Shared\Web Components\messenger.exe. I scanned this Common Files folder and all its contents with MalwareBytes but came back with nothing malicious. So I simply unchecked "messenger" from the startup list and everything runs just fine. I have read though, that many other malicious viruses and trojans mask themselves as messenger.exe and if located in a system32 file, it could be a malicious one.

Figured this would be food for thought if anyone is searching for information on the "AI Project Updater Installing" window.

Edited by hamluis, 07 May 2011 - 07:28 AM.
Moved from XP to Am I Infected.

BC AdBot (Login to Remove)


#2 hamluis



  • Moderator
  • 56,130 posts
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:05 AM

Posted 07 May 2011 - 07:26 AM

We appreciate your response...but your conclusions may not necessarily be valid and I'm sure that we would rather error on the side of safety...and let the malware personnel determine if it is or isn't such.


#3 bradders1


  • Members
  • 9 posts
  • Local time:07:05 AM

Posted 08 May 2011 - 06:24 AM


I have been having the "AI Project updater: Installing..." problem, and after following the advice given, it does remove the popup from appearing everytime i boot up.

My only concern is that with my laptop, running Malwarebytes, or a virus scanner, nearly always finds infected files. No matter how many times i have run the Malwarebytes program and 'remove' the items, the next time i boot up and scan again, it finds more. What is more, these files seem to be the same each time. My virus canner keeps finding "Trojan.Gen" and quarantining this.

I have posted my latest Malwarebytes log for you to look at...

Malwarebytes' Anti-Malware

Database version: 6531

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08/05/2011 12:23:52
mbam-log-2011-05-08 (12-23-52).txt

Scan type: Full scan (C:\|)
Objects scanned: 234904
Time elapsed: 46 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\fjlfixbubud.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{07588A81-6C32-116A-1F8F-8685EA777F4D} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07588A81-6C32-116A-1F8F-8685EA777F4D} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07588A81-6C32-116A-1F8F-8685EA777F4D} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07588A81-6C32-116A-1F8F-8685EA777F4D} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aujpvdjfnkv (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jhvouvxmeuhl (Trojan.Agent) -> Value: jhvouvxmeuhl -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\sbradley\local settings\Temp\drivers_pack_v4.55.63_fix.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\drivers_pack_v4.55.63_fix.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fjlfixbubud.dll (Trojan.Agent) -> Delete on reboot.

I have previously started my own post regarding this problem, but no responses as yet.


#4 Ralph_Miller


  • Members
  • 2 posts
  • Local time:08:05 PM

Posted 23 May 2011 - 04:51 AM

I think this is from a Google cookie(Adsense) Opt out here: http://www.google.com/privacy/ads/

#5 Ralph_Miller


  • Members
  • 2 posts
  • Local time:08:05 PM

Posted 23 May 2011 - 05:35 AM

Look here:C:\Program Files\Common Files\microsoft shared\Web Components\(delete whatever is here, probably "messenger") I used "Unlocker"(great tool, free download)
This worked for me. I hope it helps you.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users