Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bu._exe Au._exe and adwcleaner


  • Please log in to reply
7 replies to this topic

#1 ====

====

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 31 May 2014 - 01:06 PM

Hello I'm new here; I was sent here from mozillazine.org where I posted this:

 

My problem is as follows: I used adwcleaner and it listed pref.js and, since the latest adware update, a key called HKCU\Software\AppDataLow\Software.

Each time I delete this via adwarecleaner it reappears the next time I use Firefox.
Now, everytime I uninstall Firefox, Adwarecleaner doesn't show anything anymore.

BUT under AppData/Roaming I find this "nsu.tmp" folder and it contains bu_.exe and au_.exe.
They are called "FirefoxHelpers" and sometimes I can delete the files but not the empty folder.

My computer expert said this could be a sign of the programme trying to copy itself somewhere else, but he didn't know whether these exe were dangerous or not, or if this was just the rest of some adware. An external virus scan didn't show anything, but he said it could be a programme that downloaded data everytime I use the internet and therefore can't be detected.

What are these exe files and can I safely reinstall Firefox.

 

 

And I got this reply:

 

Hi,
A very quick Google resulted in the fact that you may have a real nasty on board.
I suggest the you go to the "Bleeping Computer" site, register & post all the details there.

 

 

 

Thanks in advance!

 



BC AdBot (Login to Remove)

 


m

#2 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 AM

Posted 31 May 2014 - 03:33 PM

PREFS.JS - Not pref.js is a required file for the operation of firefox. It stores your preferences.

BU_.EXE - This is the "Mozilla Maintenance Service Installer" that was installed when you installed Firefox. It is part of Firefox.

AU_.EXE - This is the automatic updater part of Adobe Flash Player.

The next time you run adwcleaner a screen capture of it would be helpful. Two of the three files are AOK. The other one is marginal. I say marginal, just in case you meant PREFS.JS.

Best of luck.

Edited by scotty_ncc1701, 31 May 2014 - 03:34 PM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:04 AM

Posted 31 May 2014 - 08:30 PM

Just adding....
 
au_.exe is used by some uninstallers. This one creates a temporary folder (nsu.tmp) when you uninstall something with this uninstaller. It is safe.
You can clear it out by cleaning the Temp folder.

Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 ====

====
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 03 June 2014 - 10:40 AM

Thank you both for your replies!

 

 

Posted 31 May 2014 - 10:33 PM

PREFS.JS - Not pref.js is a required file for the operation of firefox. It stores your preferences.

BU_.EXE - This is the "Mozilla Maintenance Service Installer" that was installed when you installed Firefox. It is part of Firefox.

AU_.EXE - This is the automatic updater part of Adobe Flash Player.

The next time you run adwcleaner a screen capture of it would be helpful. Two of the three files are AOK. The other one is marginal. I say marginal, just in case you meant PREFS.JS.

Best of luck.
 

Yes I meant Prefs.js, sorry about the typo. I'm sorry but I don't know what AOK means.

 

 

Just adding....

au_.exe is used by some uninstallers. This one creates a temporary folder (nsu.tmp) when you uninstall something with this uninstaller. It is safe.
You can clear it out by cleaning the Temp folder.

 

Sometimes I could delete the whole folder, sometimes just the files and not the empty folder, as it was "still being used".

This last time I could delete the whole folder without a problem.

 

I want to reinstall Firefox, do I still have to follow your instructions?

 

One last question (sorry), even without firefox being installed adwarecleaner still lists HKCU\Software\AppDataLow\Software.

What is this? I can't even find AppDataLow, just AppData\Local and AppData\LocalLow



#5 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 AM

Posted 03 June 2014 - 11:37 AM

Maybe this will help: http://blog.didierstevens.com/2010/09/07/integrity-levels-and-dll-injection/

 

Best of luck.


Edited by scotty_ncc1701, 03 June 2014 - 11:37 AM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:04 AM

Posted 03 June 2014 - 08:54 PM

You can ask the developer (Xplode) a question, report an issue or suggestion at his home site: AdwCleaner Feedback <- there is a drop down menu at the top right to "Select language" (English)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 ====

====
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 06 June 2014 - 06:34 PM

Thank you



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:04 AM

Posted 06 June 2014 - 07:07 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users