Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Good Morning


  • Please log in to reply
5 replies to this topic

#1 peterjay

peterjay

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 08 March 2006 - 03:38 AM

Hello, everyone. Found this useful looking resource in a search for information on bu_.exe. Any ideas, anyone?

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:06:40 AM

Posted 08 March 2006 - 09:48 AM

Welcome to BC!
Doublecheck the name and then search the BC Startup Database. From the looks of it, there is a strong possibility it is malware of some sort.
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#3 peterjay

peterjay
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 09 March 2006 - 03:32 AM

Thanks for the quick response.
This little program, or whatever it is, was holding up a reboot of my machine the other day. It's usually online 24/7 but I'd just installed an upgrade. There was no reference in the BC database and only three references in Google, none of which is that helpful. Checking the processes running in Task Manager just now I can't see it and a search of my hard drives does not bring it to light. Perhaps it's just gone away????

#4 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:05:40 AM

Posted 09 March 2006 - 04:21 AM

I found a HJT log that makes a reference to Bu_.exe. It appear to be related to SpyFalcon.

WARNING! DO NOT ACT ON THIS LOG! IT IS FOR REFERNCE ONLY!!!!

I will provide the link..


http://board.protecus.de/t21922.htm

[HKEY_USERS\S-1-5-21-1960408961-789336058-1708537768-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Programme\\SpyFalcon\\spyfalcon.exe"="Anti- spyware and adware"
"C:\\Programme\\SpyFalcon\\uninst.exe"="SpyFalcon Software Installer"
"C:\\DOKUME~1\\ShOrTy\\LOKALE~1\\Temp\\~nsu.tmp\\Au_.exe"="SpyFalcon Software Installer"
"C:\\WINDOWS\\TEMP\\sa55.exe"="SpyFalcon Software Installer"
"C:\\WINDOWS\\TEMP\\saDF.exe"="SpyFalcon Software Installer"
"C:\\WINDOWS\\TEMP\\sa12C.exe"="SpyFalcon Software Installer"
"C:\\DOKUME~1\\ShOrTy\\LOKALE~1\\Temp\\sa13.exe"="SpyFalcon Software Installer"
"C:\\DOKUME~1\\ShOrTy\\LOKALE~1\\Temp\\sa29.exe"="SpyFalcon Software Installer"
"C:\\DOKUME~1\\ShOrTy\\LOKALE~1\\Temp\\sa4E.exe"="SpyFalcon Software Installer"
"C:\\DOKUME~1\\ShOrTy\\LOKALE~1\\Temp\\~nsu.tmp\\Bu_.exe"="SpyFalcon Software Installer"
"C:\\DOKUME~1\\ShOrTy\\LOKALE~1\\Temp\\sa65.exe"="SpyFalcon Software Installer"
"C:\\DOKUME~1\\ShOrTy\\LOKALE~1\\Temp\\sa70.exe"="SpyFalcon Software Installer"
"C:\\DOKUME~1\\ShOrTy\\LOKALE~1\\Temp\\sa89.exe"="SpyFalcon Software Installer"


"2007 & 2008 Windows Shell/User Award"

#5 peterjay

peterjay
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 09 March 2006 - 06:07 PM

Thanks, acklan:
It was that site (via Google) that led me to BC as it happens. I can get by in German as far as renting a car or booking a room is concerned but following registry clean-up procedures in that language raises my anxiety levels a touch! No sign of Falcon lurking anywhere in my system so perhaps one or other of the spyware programs I'm running has done the trick.
Thanks again.

#6 yano

yano

    I can see what you post!


  • Members
  • 6,469 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 AM

Posted 12 March 2006 - 10:05 PM

:thumbsup: to BC! peterjay.

Good Luck,
yano :flowers:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users