BulletProof software

[mgm]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

a couple of months ago I installed Norton Anti-Virus. Now when ever I run
Ad-Aware, BulletProof Spy detector places shortcuts in a new folder on my
desktop.

Is anyone here familiar with BulletProof? Is this part of a Norton suite?
Do I have to be concerned about the security of my XP pro box?

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"mgm" <mgmombo@hotmail.com> wrote in message
news:%235IxkrYjFHA.3336@tk2msftngp13.phx.gbl...
>a couple of months ago I installed Norton Anti-Virus. Now when ever I run
> Ad-Aware, BulletProof Spy detector places shortcuts in a new folder on my
> desktop.
>
> Is anyone here familiar with BulletProof? Is this part of a Norton suite?
> Do I have to be concerned about the security of my XP pro box?
>
>

BulletProof has nothing to do with Norton AV.

Do you have a firewall running?

What spyware utility do you use?

What adware utility do you use?

What type of hijack software are you using?

Are all of your utilities kept updated?


Antivirus programs protect against viruses. What you have is not a virus,
but is some type of adware or spyware.


Bobby

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Yupp the answer is:buy a better antispyware application!

BulletProof software has nothing to do with Symantec norton antivirus!

Go to http://www.sunbeltsoftware.com/CounterSpy.cfm

They get their antispyware definitions from microsoft themselves!

Quote:
How Come Microsoft Updates Sunbelt's CounterSpy With Spyware Definitions?
Sunbelt is not "licensing the code from Microsoft". Microsoft acquired our
anti-spyware business partner Giant Software. In short, Giant's original code
was the start for both CounterSpy and Windows AntiSpyware but each has taken
its own development path and Sunbelt and Microsoft each own their own code.
Microsoft shares their spyware definitions with Sunbelt, but Sunbelt uses the
threat information differently. Microsoft states on its website:
"Anti-spyware solutions require definition updates-signatures of known
spyware and other unwanted software-that are necessary to keep the solutions
up-to-date. Because of a legal agreement between Sunbelt Software and Giant
that preceded the Microsoft acquisition, Microsoft will provide spyware
signature updates to Sunbelt through July 2007."


"NoNoBadDog!" wrote:

>
> "mgm" <mgmombo@hotmail.com> wrote in message
> news:%235IxkrYjFHA.3336@tk2msftngp13.phx.gbl...
> >a couple of months ago I installed Norton Anti-Virus. Now when ever I run
> > Ad-Aware, BulletProof Spy detector places shortcuts in a new folder on my
> > desktop.
> >
> > Is anyone here familiar with BulletProof? Is this part of a Norton suite?
> > Do I have to be concerned about the security of my XP pro box?
> >
> >
>
> BulletProof has nothing to do with Norton AV.
>
> Do you have a firewall running?
>
> What spyware utility do you use?
>
> What adware utility do you use?
>
> What type of hijack software are you using?
>
> Are all of your utilities kept updated?
>
>
> Antivirus programs protect against viruses. What you have is not a virus,
> but is some type of adware or spyware.
>
>
> Bobby
>
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Get rid of it.

Bullet Proof Spyware a.k.a. BPS Spyware & Adware Remover

[[BPS Spyware & Adware Remover
bulletproofsoft.com
spywarecops.com

false positives work as goad to purchase; company is known adware
distributor; exploits name SpywareBlaster; Ad-aware rip-off; Spybot S&D
rip-off; old version was same app as Real AdWareRemoverGold, Spyware Nuker,
& TZ Spyware Adware Remover; new version uses "Spyware Cops" or "Spy
Striker" front end [A: 6-26-04 / U: 3-25-05] ]]
From...
Spyware Warrior: Rogue/Suspect Anti-Spyware Products & Web Sites
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Get one or all of these...

2) SpywareBlaster
[[SpywareBlaster doesn't scan and clean for spyware - it prevents it from
ever being installed.
The most important step you can take is to secure your system. And
SpywareBlaster is the most powerful protection program available.]]
http://www.javacoolsoftware.com/spywareblaster.html

3) Spybot S & D (More for the advanced user)
http://www.safer-networking.org/index.php?lang=en&page=download

4) HijackThis (More for the advanced user)
http://www.spywareinfo.com/~merijn/downloads.html

4a) HijackThis (direct download)
http://aumha.org/downloads/hijackthis.zip

5) Bazooka Adware and Spyware Scanner v1.13
http://www.kephyr.com/spywarescanner/index.html?source=appvisit

6) ToolbarCop
http://www.mvps.org/sramesh2k/toolbarcop.htm

7) Ad-aware SE Personal
http://www.lavasoft.de/support/download/

Download, install, run, update and run again; one or all. They are all
good, FREE utilities. Make sure you update every program, even if you
just downloaded it. You must have the latest updates. Without updates,
you have a gun without ammo. You also need to use more than one
anti scumware program. One program will *not* catch everything.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:%235IxkrYjFHA.3336@tk2msftngp13.phx.gbl,
mgm <mgmombo@hotmail.com> hunted and pecked:
> a couple of months ago I installed Norton Anti-Virus. Now when ever I run
> Ad-Aware, BulletProof Spy detector places shortcuts in a new folder on my
> desktop.
>
> Is anyone here familiar with BulletProof? Is this part of a Norton suite?
> Do I have to be concerned about the security of my XP pro box?

 

[mgm]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I run Spybot S&D nightly, I run Adaware nightly. They remove the
Bulletproof junk but it keeps coming back.
I'm sick of it. It doesn't appear in the add/remove programs list and it's
application folder doesn't have an uninstall exe. How the devil do I get
rid of the mess?

I run winXP pro sp2 behind a hardware & software firewall (zonealarm pro),
Norton Anti-Virus and the above mentioned legit spy/ad utilities. All are
updated to latest defs.

"Wesley Vogel" <123WVogel955@comcast.net> wrote in message
news:%238gtcHajFHA.2484@TK2MSFTNGP15.phx.gbl...
> Get rid of it.
>
> Bullet Proof Spyware a.k.a. BPS Spyware & Adware Remover
>
> [[BPS Spyware & Adware Remover
> bulletproofsoft.com
> spywarecops.com
>
> false positives work as goad to purchase; company is known adware
> distributor; exploits name SpywareBlaster; Ad-aware rip-off; Spybot S&D
> rip-off; old version was same app as Real AdWareRemoverGold, Spyware
Nuker,
> & TZ Spyware Adware Remover; new version uses "Spyware Cops" or "Spy
> Striker" front end [A: 6-26-04 / U: 3-25-05] ]]
> From...
> Spyware Warrior: Rogue/Suspect Anti-Spyware Products & Web Sites
> http://www.spywarewarrior.com/rogue_anti-spyware.htm
>
> Get one or all of these...
>
> 2) SpywareBlaster
> [[SpywareBlaster doesn't scan and clean for spyware - it prevents it from
> ever being installed.
> The most important step you can take is to secure your system. And
> SpywareBlaster is the most powerful protection program available.]]
> http://www.javacoolsoftware.com/spywareblaster.html
>
> 3) Spybot S & D (More for the advanced user)
> http://www.safer-networking.org/index.php?lang=en&page=download
>
> 4) HijackThis (More for the advanced user)
> http://www.spywareinfo.com/~merijn/downloads.html
>
> 4a) HijackThis (direct download)
> http://aumha.org/downloads/hijackthis.zip
>
> 5) Bazooka Adware and Spyware Scanner v1.13
> http://www.kephyr.com/spywarescanner/index.html?source=appvisit
>
> 6) ToolbarCop
> http://www.mvps.org/sramesh2k/toolbarcop.htm
>
> 7) Ad-aware SE Personal
> http://www.lavasoft.de/support/download/
>
> Download, install, run, update and run again; one or all. They are all
> good, FREE utilities. Make sure you update every program, even if you
> just downloaded it. You must have the latest updates. Without updates,
> you have a gun without ammo. You also need to use more than one
> anti scumware program. One program will *not* catch everything.
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:%235IxkrYjFHA.3336@tk2msftngp13.phx.gbl,
> mgm <mgmombo@hotmail.com> hunted and pecked:
> > a couple of months ago I installed Norton Anti-Virus. Now when ever I
run
> > Ad-Aware, BulletProof Spy detector places shortcuts in a new folder on
my
> > desktop.
> >
> > Is anyone here familiar with BulletProof? Is this part of a Norton
suite?
> > Do I have to be concerned about the security of my XP pro box?
>

 

[Malke]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

mgm wrote:

> I run Spybot S&D nightly, I run Adaware nightly. They remove the
> Bulletproof junk but it keeps coming back.
> I'm sick of it. It doesn't appear in the add/remove programs list and
> it's
> application folder doesn't have an uninstall exe. How the devil do I
> get rid of the mess?
>
> I run winXP pro sp2 behind a hardware & software firewall (zonealarm
> pro), Norton Anti-Virus and the above mentioned legit spy/ad
> utilities. All are updated to latest defs.
>
Run your scans in Safe Mode. You should probably include scanning with
HijackThis. Post your log in *one* of the following forums (not here,
please). Be sure to read the posting FAQ of whatever forum you choose.

http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
another tutorial
http://aumha.net/viewforum.php?f=30
http://castlecops.com/forum67.html
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/

Malke
--
MS-MVP Windows User/Shell
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic"

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I can't find anything about removing/uninstalling BPS Spyware & Adware
Remover. All I can find is plenty of folks threatening to sue the makers of
BPS Spyware & Adware Remover.

Look in C:\Program Files or %homedrive%\Program Files for anything related
to BPS.

I have no idea what the *.exe file, if there is one, is for BPS.

Run Spybot S&D, click on Mode in the top Toolbar and make sure that Advanced
Mode is selected. Then, in the left hand pane, click on Tools and click on
System Startup. In the right hand pane, right click and select Copy to
Clipboard. Paste that into a message and post back and we'll see what we
can find.

[[System startup
This tool lists all programs that are started at Windows startup. If those
items are in the database coming with Spybot-S&D, it will display some more
information about them. It also allows you to disable (and enable) items, as
well as delete them, change them or insert new items.]]

Also, when you run Ad-Aware, when you see the Scan Log you can right click
and select Copy to Clipboard after selecting the relevant text or Ctrl + A
to select all the text and Ctrl + C to copy the text. Paste that into a
message and post back and we'll see what we can find.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:u5$o3MajFHA.3336@tk2msftngp13.phx.gbl,
mgm <mgmombo@hotmail.com> hunted and pecked:
> I run Spybot S&D nightly, I run Adaware nightly. They remove the
> Bulletproof junk but it keeps coming back.
> I'm sick of it. It doesn't appear in the add/remove programs list and
> it's application folder doesn't have an uninstall exe. How the devil do
> I get rid of the mess?
>
> I run winXP pro sp2 behind a hardware & software firewall (zonealarm pro),
> Norton Anti-Virus and the above mentioned legit spy/ad utilities. All are
> updated to latest defs.
>
> "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
> news:%238gtcHajFHA.2484@TK2MSFTNGP15.phx.gbl...
>> Get rid of it.
>>
>> Bullet Proof Spyware a.k.a. BPS Spyware & Adware Remover
>>
>> [[BPS Spyware & Adware Remover
>> bulletproofsoft.com
>> spywarecops.com
>>
>> false positives work as goad to purchase; company is known adware
>> distributor; exploits name SpywareBlaster; Ad-aware rip-off; Spybot S&D
>> rip-off; old version was same app as Real AdWareRemoverGold, Spyware
>> Nuker, & TZ Spyware Adware Remover; new version uses "Spyware Cops" or
>> "Spy Striker" front end [A: 6-26-04 / U: 3-25-05] ]]
>> From...
>> Spyware Warrior: Rogue/Suspect Anti-Spyware Products & Web Sites
>> http://www.spywarewarrior.com/rogue_anti-spyware.htm
>>
>> Get one or all of these...
>>
>> 2) SpywareBlaster
>> [[SpywareBlaster doesn't scan and clean for spyware - it prevents it from
>> ever being installed.
>> The most important step you can take is to secure your system. And
>> SpywareBlaster is the most powerful protection program available.]]
>> http://www.javacoolsoftware.com/spywareblaster.html
>>
>> 3) Spybot S & D (More for the advanced user)
>> http://www.safer-networking.org/index.php?lang=en&page=download
>>
>> 4) HijackThis (More for the advanced user)
>> http://www.spywareinfo.com/~merijn/downloads.html
>>
>> 4a) HijackThis (direct download)
>> http://aumha.org/downloads/hijackthis.zip
>>
>> 5) Bazooka Adware and Spyware Scanner v1.13
>> http://www.kephyr.com/spywarescanner/index.html?source=appvisit
>>
>> 6) ToolbarCop
>> http://www.mvps.org/sramesh2k/toolbarcop.htm
>>
>> 7) Ad-aware SE Personal
>> http://www.lavasoft.de/support/download/
>>
>> Download, install, run, update and run again; one or all. They are all
>> good, FREE utilities. Make sure you update every program, even if you
>> just downloaded it. You must have the latest updates. Without updates,
>> you have a gun without ammo. You also need to use more than one
>> anti scumware program. One program will *not* catch everything.
>>
>> --
>> Hope this helps. Let us know.
>>
>> Wes
>> MS-MVP Windows Shell/User
>>
>> In news:%235IxkrYjFHA.3336@tk2msftngp13.phx.gbl,
>> mgm <mgmombo@hotmail.com> hunted and pecked:
>>> a couple of months ago I installed Norton Anti-Virus. Now when ever I
>>> run Ad-Aware, BulletProof Spy detector places shortcuts in a new folder
>>> on my desktop.
>>>
>>> Is anyone here familiar with BulletProof? Is this part of a Norton
>>> suite? Do I have to be concerned about the security of my XP pro box?

 

[map]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I no longer trust Microsofts adware difinitions.
http://www.spywareinfo.com/newsletter/archives/2005/july20.php

--
Mike Pawlak



Daniel - Rookeycompany wrote:
> Yupp the answer is:buy a better antispyware application!
>
> BulletProof software has nothing to do with Symantec norton antivirus!
>
> Go to http://www.sunbeltsoftware.com/CounterSpy.cfm
>
> They get their antispyware definitions from microsoft themselves!
>
> Quote:
> How Come Microsoft Updates Sunbelt's CounterSpy With Spyware
> Definitions? Sunbelt is not "licensing the code from Microsoft".
> Microsoft acquired our anti-spyware business partner Giant Software.
> In short, Giant's original code was the start for both CounterSpy and
> Windows AntiSpyware but each has taken its own development path and
> Sunbelt and Microsoft each own their own code. Microsoft shares their
> spyware definitions with Sunbelt, but Sunbelt uses the threat
> information differently. Microsoft states on its website:
> "Anti-spyware solutions require definition updates-signatures of
> known spyware and other unwanted software-that are necessary to keep
> the solutions up-to-date. Because of a legal agreement between
> Sunbelt Software and Giant that preceded the Microsoft acquisition,
> Microsoft will provide spyware signature updates to Sunbelt through
> July 2007."
>
>
> "NoNoBadDog!" wrote:
>
>>
>> "mgm" <mgmombo@hotmail.com> wrote in message
>> news:%235IxkrYjFHA.3336@tk2msftngp13.phx.gbl...
>>> a couple of months ago I installed Norton Anti-Virus. Now when
>>> ever I run Ad-Aware, BulletProof Spy detector places shortcuts in a
>>> new folder on my desktop.
>>>
>>> Is anyone here familiar with BulletProof? Is this part of a Norton
>>> suite? Do I have to be concerned about the security of my XP pro
>>> box?
>>>
>>>
>>
>> BulletProof has nothing to do with Norton AV.
>>
>> Do you have a firewall running?
>>
>> What spyware utility do you use?
>>
>> What adware utility do you use?
>>
>> What type of hijack software are you using?
>>
>> Are all of your utilities kept updated?
>>
>>
>> Antivirus programs protect against viruses. What you have is not a
>> virus, but is some type of adware or spyware.
>>
>>
>> Bobby

 

[Malke]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Daniel - Rookeycompany wrote:

> All the tools you guys are talking about, sd boot,
> Ad-Aware,SpywareBlaster, ToolbarCop and so -Yes i've been there using
> them all!! But they are not as good as the Counterspy i wrote about
> since it does all the things in one stroke:
>
(snip very long post about CounterSpy)

CounterSpy is good, but it costs money. All the antispyware tools we
recommend to end users are free. In addition, you do need more than one
tool to remove many types of malware. After the end user has cleaned up
his/her machine, if s/he wants to spend the money on CounterSpy that is
of course his/her choice.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

mgm:

If I were you, I'd learn how to remove spyware, adware, virus, etc manually
because not every one is going to be caught by every tool out there. Of
course try to find a tool to remove it for you, but when that fails, there
is only manual, especially if you want if off instead of waiting for a def
update. After all there is always a lag time between release of a
spyware/adware/virus/worm/etc and the tools ability to remove it. Use
Ad-Aware, Spybot S&D, etc, but also make sure you know what is running on
that machine and what might not belong. Blind trust in those companies to
find everything out there is a HUGE mistake.

To do this manually, you can use several tools. Most of them I've gotten
from www.sysinternals.com (not associated, just like their tools). Here is
a list of the ones I use:

1. Process Manager -- Task Manager replacement that shows alot more
information (like what is running inside those svchost.exe's)
2. SigCheck -- Check to see what files in your Windows and Windows/System32
etc directories have no signitures or unverifiable signitures (WARNING:
Some Microsoft files still do not have sigs so use tool to highlight
possible hoax programs, but make sure you don't go deleting everything it
finds)
3. AutoRuns -- You have probably used MSConfig. This is much more advanced
and usful for finding that program and where it is starting from.
4. PortMon -- What ports on your machine are listening for connections and
what programs they belong to.

If you cannot find the program with these, then you have bigger
problems.....

Scott

"mgm" <mgmombo@hotmail.com> wrote in message
news:%235IxkrYjFHA.3336@tk2msftngp13.phx.gbl...
>a couple of months ago I installed Norton Anti-Virus. Now when ever I run
> Ad-Aware, BulletProof Spy detector places shortcuts in a new folder on my
> desktop.
>
> Is anyone here familiar with BulletProof? Is this part of a Norton suite?
> Do I have to be concerned about the security of my XP pro box?
>
>

 

[mgm]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Amen to Scott and a big thank you to all you contributed.
If anyone can offer some added input after reviewing the logs, it would be
greatly appreciated. Thanks..mgm

I have NAV 2005, spybot s&d, Adaware, ZoneAlarm Pro(all updated) and all
XP's latest and grestest patch/update software running behind a hardware
firewall (router) and STILL got the BulletProof mess.

After checking my application event logs, I noted that the BPS mess begins
executing at 4:15 AM everyday. Adaware and Spybot also auto execute in the
wee hrs. 2:15 and 3AM.
By checking the event log, I got BPS CLSID and found it in the registry.
With this ID I hope to let SpyBlaster block it from executing tomorrow am.
Wesley Vogel requested some logs, so here they are. I hope they can help
others to clean up or, better yet, avoid the mess
Application event log:
>>>>Event Type: Warning
Event Source: MsiInstaller
Event Category: None
Event ID: 1004
Date: 7/21/2005
Time: 4:15:02 AM
User: XXXXX\Administrator
Computer: XXXXX
Description:
Detection of product '{0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E}', feature
'SpywareRemover', component '{23332A7D-C96D-4A86-830C-71CBE466BA78}' failed.
The resource 'C:\Program
Files\BulletProofSoft.com\SpywareRemover\LSPFix.exe' does not exist.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Management\ARPCache\{0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E}<<<<<<

Initial SpyBot run that "fixed" BulletProof" (removed)
>>>>BPS Spyware Remover: System file (File, fixed)
C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe

BPS Spyware Remover: System file (File, fixed)
C:\Program
Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe

BPS Spyware Remover: Program directory (Directory, fixed)
C:\Program Files\BulletProofSoft.com\SpywareRemover\

BPS Spyware Remover: Program group (Directory, fixed)
C:\Documents and Settings\All Users\Start
Menu\Programs\BulletProofSoft.com

BPS Spyware Remover: Shared DLL (1 apps) (Registry value, fixed)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\P
rogram Files\BulletProofSoft.com\SpywareRemover\Spyware.exe

BPS Spyware Remover: Shared DLL (1 apps) (Registry value, fixed)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\P
rogram
Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe<<<<<<<<<
<<<

Initial Spybot Startup list (this and the initial scan was done from
SafeMode) I recognize all processes here.
>>>>Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 58992
MD5: e5f9b0314442ea5816518c64b02f10a2

Located: HK_LM:Run, DeviceDiscovery
command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
file: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
size: 229437
MD5: 7eef9e578d2aa3d562d074bfdfe56825

Located: HK_LM:Run, HP Component Manager
command: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
file: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 241664
MD5: f5f1a8cdd473d55f9bf6fe23f715b0fa

Located: HK_LM:Run, HP Software Update
command: "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
file: C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 6ad9dcb0257b10ea458165f70634dabc

Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
file: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
size: 188416
MD5: b25f66fdaa5a0389500c8a9e0433e5a5

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 741376
MD5: a4ae9ba1e10cb9f6c0949c4db91a1f72

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 77824
MD5: 6351b9d79370a6795921fa3c3950ded6

Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common
iles\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: b8e684df9a97497edd2f87444a6307fb

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: Startup (common), ZoneAlarm Pro.lnk
command: C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
file: C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
size: 422984
MD5: 3b2d0ab3d2dbc4cbbd6b9cd9be59a799

Located: Startup (disabled), Acrobat Assistant (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
file: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
size: 217193
MD5: 78bfe3201ada2fe02d1e35d2488e5f55

Located: Startup (disabled), Adobe Gamma Loader (DISABLED)
command: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
file: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a

Located: Startup (disabled), Microsoft Office (DISABLED)
command: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
file: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: Startup (disabled), ZoneAlarm Pro (DISABLED)
command: C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe -nopopup
file: C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
size: 422984
MD5: 3b2d0ab3d2dbc4cbbd6b9cd9be59a799<<<<<
"Wm. Scott Miller" <Scott.Miller@spamkillerwvinsurance.gov> wrote in message
news:%23KnT1ijjFHA.576@tk2msftngp13.phx.gbl...
> mgm:
>
> If I were you, I'd learn how to remove spyware, adware, virus, etc
manually
> because not every one is going to be caught by every tool out there. Of
> course try to find a tool to remove it for you, but when that fails, there
> is only manual, especially if you want if off instead of waiting for a def
> update. After all there is always a lag time between release of a
> spyware/adware/virus/worm/etc and the tools ability to remove it. Use
> Ad-Aware, Spybot S&D, etc, but also make sure you know what is running on
> that machine and what might not belong. Blind trust in those companies to
> find everything out there is a HUGE mistake.
>
> To do this manually, you can use several tools. Most of them I've gotten
> from www.sysinternals.com (not associated, just like their tools). Here
is
> a list of the ones I use:
>
> 1. Process Manager -- Task Manager replacement that shows alot more
> information (like what is running inside those svchost.exe's)
> 2. SigCheck -- Check to see what files in your Windows and
Windows/System32
> etc directories have no signitures or unverifiable signitures (WARNING:
> Some Microsoft files still do not have sigs so use tool to highlight
> possible hoax programs, but make sure you don't go deleting everything it
> finds)
> 3. AutoRuns -- You have probably used MSConfig. This is much more
advanced
> and usful for finding that program and where it is starting from.
> 4. PortMon -- What ports on your machine are listening for connections
and
> what programs they belong to.
>
> If you cannot find the program with these, then you have bigger
> problems.....
>
> Scott
>
> "mgm" <mgmombo@hotmail.com> wrote in message
> news:%235IxkrYjFHA.3336@tk2msftngp13.phx.gbl...
> >a couple of months ago I installed Norton Anti-Virus. Now when ever I
run
> > Ad-Aware, BulletProof Spy detector places shortcuts in a new folder on
my
> > desktop.
> >
> > Is anyone here familiar with BulletProof? Is this part of a Norton
suite?
> > Do I have to be concerned about the security of my XP pro box?
> >
> >
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

mgm,

You have a bunch of other trash that you do not need running, but we better
stick to BPSSR for now.

Did you try to run Spybot S&D and Ad-Aware in Safe Mode like Malke
suggested? Some malware like to conceal themselves in areas that Windows
protects while using them. Safe mode will prevent those application
accesses, and therefore unprotect the malware.

Did you download, install and run HijackThis in Safe Mode like Malke
suggested?

4) HijackThis
http://www.spywareinfo.com/~merijn/downloads.html

4a) HijackThis (direct download)
http://aumha.org/downloads/hijackthis.zip

HijackThis log tutorial
http://www.spywareinfo.com/~merijn/htlogtutorial.html

HijackThis Log Tutorial
http://www.aumha.org/a/hjttutor.htm

How to use HijackThis to remove Browser Hijackers & Spyware
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#warning

Is there a listing for BulletProofSoft SpywareRemover in Add or Remove
Programs?

Was the MsiInstaller Warning about a failed uninstall? Did you try to
uninstall BPSSR using Add or Remove Programs? If you didn't, try it. Never
mind you mentioned that it wasn't listed. So what caused the MsiInstaller
Warning?

CLSID {0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E} appears to be BPSSR.

Also look for {0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E} in
%appdata%\Microsoft\Installer
or
C:\Documents and Settings\Your Name Here\Application
Data\Microsoft\Installer
and
%windir%\Installer
or
C:\WINDOWS\Installer
And delete the {0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E} folder. This ought to
prevent BPSSR from getting installed again.

Spyware.exe & PopUpWatch.exe would appear to be the BPSSR program. Make
sure that you use Task Manager to *KILL* both of these before running Spybot
S&D, etc.

Open Task Manager...
Ctrl + Shift + Esc | Processes tab | Click on the Image name header to
alphabetize the list | Locate Spyware.exe & PopUpWatch.exe | Right click
each one | End Process | Answer YES to the Warning that popsup | Make sure
that there isn't more than one of each running | Close Task Manager

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:%23mhAN5mjFHA.1444@TK2MSFTNGP10.phx.gbl,
mgm <mgmombo@hotmail.com> hunted and pecked:
> Amen to Scott and a big thank you to all you contributed.
> If anyone can offer some added input after reviewing the logs, it would be
> greatly appreciated. Thanks..mgm
>
> I have NAV 2005, spybot s&d, Adaware, ZoneAlarm Pro(all updated) and all
> XP's latest and grestest patch/update software running behind a hardware
> firewall (router) and STILL got the BulletProof mess.
>
> After checking my application event logs, I noted that the BPS mess begins
> executing at 4:15 AM everyday. Adaware and Spybot also auto execute in
> the wee hrs. 2:15 and 3AM.
> By checking the event log, I got BPS CLSID and found it in the registry.
> With this ID I hope to let SpyBlaster block it from executing tomorrow am.
> Wesley Vogel requested some logs, so here they are. I hope they can help
> others to clean up or, better yet, avoid the mess
> Application event log:
>>>>> Event Type: Warning
> Event Source: MsiInstaller
> Event Category: None
> Event ID: 1004
> Date: 7/21/2005
> Time: 4:15:02 AM
> User: XXXXX\Administrator
> Computer: XXXXX
> Description:
> Detection of product '{0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E}', feature
> 'SpywareRemover', component '{23332A7D-C96D-4A86-830C-71CBE466BA78}'
> failed. The resource 'C:\Program
> Files\BulletProofSoft.com\SpywareRemover\LSPFix.exe' does not exist.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
> Management\ARPCache\{0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E}<<<<<<
>
> Initial SpyBot run that "fixed" BulletProof" (removed)
>>>>> BPS Spyware Remover: System file (File, fixed)
> C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
>
> BPS Spyware Remover: System file (File, fixed)
> C:\Program
> Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe
>
> BPS Spyware Remover: Program directory (Directory, fixed)
> C:\Program Files\BulletProofSoft.com\SpywareRemover\
>
> BPS Spyware Remover: Program group (Directory, fixed)
> C:\Documents and Settings\All Users\Start
> Menu\Programs\BulletProofSoft.com
>
> BPS Spyware Remover: Shared DLL (1 apps) (Registry value, fixed)
>
>
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\P
> rogram Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
>
> BPS Spyware Remover: Shared DLL (1 apps) (Registry value, fixed)
>
>
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\P
> rogram
>
Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe<<<<<<<<<
> <<<
>
> Initial Spybot Startup list (this and the initial scan was done from
> SafeMode) I recognize all processes here.
>>>>> Located: HK_LM:Run, ccApp
> command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
> file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> size: 58992
> MD5: e5f9b0314442ea5816518c64b02f10a2
>
> Located: HK_LM:Run, DeviceDiscovery
> command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
> file: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
> size: 229437
> MD5: 7eef9e578d2aa3d562d074bfdfe56825
>
> Located: HK_LM:Run, HP Component Manager
> command: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
> file: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
> size: 241664
> MD5: f5f1a8cdd473d55f9bf6fe23f715b0fa
>
> Located: HK_LM:Run, HP Software Update
> command: "C:\Program Files\Hewlett-Packard\HP Software
> Update\HPWuSchd2.exe" file: C:\Program Files\Hewlett-Packard\HP
> Software Update\HPWuSchd2.exe size: 49152
> MD5: 6ad9dcb0257b10ea458165f70634dabc
>
> Located: HK_LM:Run, HPDJ Taskbar Utility
> command: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
> file: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
> size: 188416
> MD5: b25f66fdaa5a0389500c8a9e0433e5a5
>
> Located: HK_LM:Run, NeroFilterCheck
> command: C:\WINDOWS\system32\NeroCheck.exe
> file: C:\WINDOWS\system32\NeroCheck.exe
> size: 155648
> MD5: 3e4c03cefad8de135263236b61a49c90
>
> Located: HK_LM:Run, NvCplDaemon
> command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
> file: C:\WINDOWS\system32\RUNDLL32.EXE
> size: 33280
> MD5: da285490bbd8a1d0ce6623577d5ba1ff
>
> Located: HK_LM:Run, nwiz
> command: nwiz.exe /install
> file: C:\WINDOWS\system32\nwiz.exe
> size: 741376
> MD5: a4ae9ba1e10cb9f6c0949c4db91a1f72
>
> Located: HK_LM:Run, SoundMan
> command: SOUNDMAN.EXE
> file: C:\WINDOWS\SOUNDMAN.EXE
> size: 77824
> MD5: 6351b9d79370a6795921fa3c3950ded6
>
> Located: HK_LM:Run, Symantec NetDriver Monitor
> command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
> file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
> size: 100056
> MD5: f9418981ee4d7e995d359833adab59d5
>
> Located: HK_LM:Run, TkBellExe
> command: "C:\Program Files\Common
> iles\Real\Update_OB\realsched.exe" -osboot
> file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> size: 180269
> MD5: b8e684df9a97497edd2f87444a6307fb
>
> Located: HK_CU:Run, ctfmon.exe
> command: C:\WINDOWS\system32\ctfmon.exe
> file: C:\WINDOWS\system32\ctfmon.exe
> size: 15360
> MD5: 24232996a38c0b0cf151c2140ae29fc8
>
> Located: Startup (common), Adobe Reader Speed Launch.lnk
> command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
> file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
> size: 29696
> MD5: deb88aef013dd1eefb462d7cad642166
>
> Located: Startup (common), ZoneAlarm Pro.lnk
> command: C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
> file: C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
> size: 422984
> MD5: 3b2d0ab3d2dbc4cbbd6b9cd9be59a799
>
> Located: Startup (disabled), Acrobat Assistant (DISABLED)
> command: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
> file: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
> size: 217193
> MD5: 78bfe3201ada2fe02d1e35d2488e5f55
>
> Located: Startup (disabled), Adobe Gamma Loader (DISABLED)
> command: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
> file: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
> size: 113664
> MD5: c2ff17734176cd15221c10044ef0ba1a
>
> Located: Startup (disabled), Microsoft Office (DISABLED)
> command: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
> file: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE
> size: 83360
> MD5: 5bc65464354a9fd3beaa28e18839734a
>
> Located: Startup (disabled), ZoneAlarm Pro (DISABLED)
> command: C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe -nopopup
> file: C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
> size: 422984
> MD5: 3b2d0ab3d2dbc4cbbd6b9cd9be59a799<<<<<
> "Wm. Scott Miller" <Scott.Miller@spamkillerwvinsurance.gov> wrote in
> message news:%23KnT1ijjFHA.576@tk2msftngp13.phx.gbl...
>> mgm:
>>
>> If I were you, I'd learn how to remove spyware, adware, virus, etc
>> manually because not every one is going to be caught by every tool out
>> there. Of course try to find a tool to remove it for you, but when that
>> fails, there is only manual, especially if you want if off instead of
>> waiting for a def update. After all there is always a lag time between
>> release of a spyware/adware/virus/worm/etc and the tools ability to
>> remove it. Use Ad-Aware, Spybot S&D, etc, but also make sure you know
>> what is running on that machine and what might not belong. Blind trust
>> in those companies to find everything out there is a HUGE mistake.
>>
>> To do this manually, you can use several tools. Most of them I've gotten
>> from www.sysinternals.com (not associated, just like their tools). Here
>> is a list of the ones I use:
>>
>> 1. Process Manager -- Task Manager replacement that shows alot more
>> information (like what is running inside those svchost.exe's)
>> 2. SigCheck -- Check to see what files in your Windows and
>> Windows/System32 etc directories have no signitures or unverifiable
>> signitures (WARNING: Some Microsoft files still do not have sigs so use
>> tool to highlight possible hoax programs, but make sure you don't go
>> deleting everything it finds)
>> 3. AutoRuns -- You have probably used MSConfig. This is much more
>> advanced and usful for finding that program and where it is starting
>> from.
>> 4. PortMon -- What ports on your machine are listening for connections
>> and what programs they belong to.
>>
>> If you cannot find the program with these, then you have bigger
>> problems.....
>>
>> Scott
>>
>> "mgm" <mgmombo@hotmail.com> wrote in message
>> news:%235IxkrYjFHA.3336@tk2msftngp13.phx.gbl...
>>> a couple of months ago I installed Norton Anti-Virus. Now when ever I
>>> run Ad-Aware, BulletProof Spy detector places shortcuts in a new folder
>>> on my desktop.
>>>
>>> Is anyone here familiar with BulletProof? Is this part of a Norton
>>> suite? Do I have to be concerned about the security of my XP pro box?

 

[mgm]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Yes, all was done in safe mode and finally the BPS has been removed. All BPS
has been removed and blocked via Spybot and SpywareBlaster... AND most
important, it's really gone. Again, thanks to all for your input
"Wesley Vogel" <123WVogel955@comcast.net> wrote in message
news:epIeMXtjFHA.1968@TK2MSFTNGP14.phx.gbl...
> mgm,
>
> You have a bunch of other trash that you do not need running, but we
> better
> stick to BPSSR for now.
>
> Did you try to run Spybot S&D and Ad-Aware in Safe Mode like Malke
> suggested? Some malware like to conceal themselves in areas that Windows
> protects while using them. Safe mode will prevent those application
> accesses, and therefore unprotect the malware.
>
> Did you download, install and run HijackThis in Safe Mode like Malke
> suggested?
>
> 4) HijackThis
> http://www.spywareinfo.com/~merijn/downloads.html
>
> 4a) HijackThis (direct download)
> http://aumha.org/downloads/hijackthis.zip
>
> HijackThis log tutorial
> http://www.spywareinfo.com/~merijn/htlogtutorial.html
>
> HijackThis Log Tutorial
> http://www.aumha.org/a/hjttutor.htm
>
> How to use HijackThis to remove Browser Hijackers & Spyware
> http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#warning
>
> Is there a listing for BulletProofSoft SpywareRemover in Add or Remove
> Programs?
>
> Was the MsiInstaller Warning about a failed uninstall? Did you try to
> uninstall BPSSR using Add or Remove Programs? If you didn't, try it.
> Never
> mind you mentioned that it wasn't listed. So what caused the MsiInstaller
> Warning?
>
> CLSID {0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E} appears to be BPSSR.
>
> Also look for {0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E} in
> %appdata%\Microsoft\Installer
> or
> C:\Documents and Settings\Your Name Here\Application
> Data\Microsoft\Installer
> and
> %windir%\Installer
> or
> C:\WINDOWS\Installer
> And delete the {0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E} folder. This ought
> to
> prevent BPSSR from getting installed again.
>
> Spyware.exe & PopUpWatch.exe would appear to be the BPSSR program. Make
> sure that you use Task Manager to *KILL* both of these before running
> Spybot
> S&D, etc.
>
> Open Task Manager...
> Ctrl + Shift + Esc | Processes tab | Click on the Image name header to
> alphabetize the list | Locate Spyware.exe & PopUpWatch.exe | Right click
> each one | End Process | Answer YES to the Warning that popsup | Make sure
> that there isn't more than one of each running | Close Task Manager
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:%23mhAN5mjFHA.1444@TK2MSFTNGP10.phx.gbl,
> mgm <mgmombo@hotmail.com> hunted and pecked:
>> Amen to Scott and a big thank you to all you contributed.
>> If anyone can offer some added input after reviewing the logs, it would
>> be
>> greatly appreciated. Thanks..mgm
>>
>> I have NAV 2005, spybot s&d, Adaware, ZoneAlarm Pro(all updated) and all
>> XP's latest and grestest patch/update software running behind a hardware
>> firewall (router) and STILL got the BulletProof mess.
>>
>> After checking my application event logs, I noted that the BPS mess
>> begins
>> executing at 4:15 AM everyday. Adaware and Spybot also auto execute in
>> the wee hrs. 2:15 and 3AM.
>> By checking the event log, I got BPS CLSID and found it in the registry.
>> With this ID I hope to let SpyBlaster block it from executing tomorrow
>> am.
>> Wesley Vogel requested some logs, so here they are. I hope they can help
>> others to clean up or, better yet, avoid the mess
>> Application event log:
>>>>>> Event Type: Warning
>> Event Source: MsiInstaller
>> Event Category: None
>> Event ID: 1004
>> Date: 7/21/2005
>> Time: 4:15:02 AM
>> User: XXXXX\Administrator
>> Computer: XXXXX
>> Description:
>> Detection of product '{0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E}', feature
>> 'SpywareRemover', component '{23332A7D-C96D-4A86-830C-71CBE466BA78}'
>> failed. The resource 'C:\Program
>> Files\BulletProofSoft.com\SpywareRemover\LSPFix.exe' does not exist.
>>
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.
>>
>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
>> Management\ARPCache\{0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E}<<<<<<
>>
>> Initial SpyBot run that "fixed" BulletProof" (removed)
>>>>>> BPS Spyware Remover: System file (File, fixed)
>> C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
>>
>> BPS Spyware Remover: System file (File, fixed)
>> C:\Program
>> Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe
>>
>> BPS Spyware Remover: Program directory (Directory, fixed)
>> C:\Program Files\BulletProofSoft.com\SpywareRemover\
>>
>> BPS Spyware Remover: Program group (Directory, fixed)
>> C:\Documents and Settings\All Users\Start
>> Menu\Programs\BulletProofSoft.com
>>
>> BPS Spyware Remover: Shared DLL (1 apps) (Registry value, fixed)
>>
>>
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\P
>> rogram Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
>>
>> BPS Spyware Remover: Shared DLL (1 apps) (Registry value, fixed)
>>
>>
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\P
>> rogram
>>
> Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe<<<<<<<<<
>> <<<
>>
>> Initial Spybot Startup list (this and the initial scan was done from
>> SafeMode) I recognize all processes here.
>>>>>> Located: HK_LM:Run, ccApp
>> command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
>> file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
>> size: 58992
>> MD5: e5f9b0314442ea5816518c64b02f10a2
>>
>> Located: HK_LM:Run, DeviceDiscovery
>> command: C:\Program Files\Hewlett-Packard\Digital
>> Imaging\bin\hpotdd01.exe
>> file: C:\Program Files\Hewlett-Packard\Digital
>> Imaging\bin\hpotdd01.exe
>> size: 229437
>> MD5: 7eef9e578d2aa3d562d074bfdfe56825
>>
>> Located: HK_LM:Run, HP Component Manager
>> command: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
>> file: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
>> size: 241664
>> MD5: f5f1a8cdd473d55f9bf6fe23f715b0fa
>>
>> Located: HK_LM:Run, HP Software Update
>> command: "C:\Program Files\Hewlett-Packard\HP Software
>> Update\HPWuSchd2.exe" file: C:\Program Files\Hewlett-Packard\HP
>> Software Update\HPWuSchd2.exe size: 49152
>> MD5: 6ad9dcb0257b10ea458165f70634dabc
>>
>> Located: HK_LM:Run, HPDJ Taskbar Utility
>> command: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
>> file: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
>> size: 188416
>> MD5: b25f66fdaa5a0389500c8a9e0433e5a5
>>
>> Located: HK_LM:Run, NeroFilterCheck
>> command: C:\WINDOWS\system32\NeroCheck.exe
>> file: C:\WINDOWS\system32\NeroCheck.exe
>> size: 155648
>> MD5: 3e4c03cefad8de135263236b61a49c90
>>
>> Located: HK_LM:Run, NvCplDaemon
>> command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
>> file: C:\WINDOWS\system32\RUNDLL32.EXE
>> size: 33280
>> MD5: da285490bbd8a1d0ce6623577d5ba1ff
>>
>> Located: HK_LM:Run, nwiz
>> command: nwiz.exe /install
>> file: C:\WINDOWS\system32\nwiz.exe
>> size: 741376
>> MD5: a4ae9ba1e10cb9f6c0949c4db91a1f72
>>
>> Located: HK_LM:Run, SoundMan
>> command: SOUNDMAN.EXE
>> file: C:\WINDOWS\SOUNDMAN.EXE
>> size: 77824
>> MD5: 6351b9d79370a6795921fa3c3950ded6
>>
>> Located: HK_LM:Run, Symantec NetDriver Monitor
>> command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
>> file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
>> size: 100056
>> MD5: f9418981ee4d7e995d359833adab59d5
>>
>> Located: HK_LM:Run, TkBellExe
>> command: "C:\Program Files\Common
>> iles\Real\Update_OB\realsched.exe" -osboot
>> file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
>> size: 180269
>> MD5: b8e684df9a97497edd2f87444a6307fb
>>
>> Located: HK_CU:Run, ctfmon.exe
>> command: C:\WINDOWS\system32\ctfmon.exe
>> file: C:\WINDOWS\system32\ctfmon.exe
>> size: 15360
>> MD5: 24232996a38c0b0cf151c2140ae29fc8
>>
>> Located: Startup (common), Adobe Reader Speed Launch.lnk
>> command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
>> file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
>> size: 29696
>> MD5: deb88aef013dd1eefb462d7cad642166
>>
>> Located: Startup (common), ZoneAlarm Pro.lnk
>> command: C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
>> file: C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
>> size: 422984
>> MD5: 3b2d0ab3d2dbc4cbbd6b9cd9be59a799
>>
>> Located: Startup (disabled), Acrobat Assistant (DISABLED)
>> command: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
>> file: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
>> size: 217193
>> MD5: 78bfe3201ada2fe02d1e35d2488e5f55
>>
>> Located: Startup (disabled), Adobe Gamma Loader (DISABLED)
>> command: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
>> file: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
>> size: 113664
>> MD5: c2ff17734176cd15221c10044ef0ba1a
>>
>> Located: Startup (disabled), Microsoft Office (DISABLED)
>> command: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
>> file: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE
>> size: 83360
>> MD5: 5bc65464354a9fd3beaa28e18839734a
>>
>> Located: Startup (disabled), ZoneAlarm Pro (DISABLED)
>> command: C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe -nopopup
>> file: C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
>> size: 422984
>> MD5: 3b2d0ab3d2dbc4cbbd6b9cd9be59a799<<<<<
>> "Wm. Scott Miller" <Scott.Miller@spamkillerwvinsurance.gov> wrote in
>> message news:%23KnT1ijjFHA.576@tk2msftngp13.phx.gbl...
>>> mgm:
>>>
>>> If I were you, I'd learn how to remove spyware, adware, virus, etc
>>> manually because not every one is going to be caught by every tool out
>>> there. Of course try to find a tool to remove it for you, but when that
>>> fails, there is only manual, especially if you want if off instead of
>>> waiting for a def update. After all there is always a lag time between
>>> release of a spyware/adware/virus/worm/etc and the tools ability to
>>> remove it. Use Ad-Aware, Spybot S&D, etc, but also make sure you know
>>> what is running on that machine and what might not belong. Blind trust
>>> in those companies to find everything out there is a HUGE mistake.
>>>
>>> To do this manually, you can use several tools. Most of them I've
>>> gotten
>>> from www.sysinternals.com (not associated, just like their tools). Here
>>> is a list of the ones I use:
>>>
>>> 1. Process Manager -- Task Manager replacement that shows alot more
>>> information (like what is running inside those svchost.exe's)
>>> 2. SigCheck -- Check to see what files in your Windows and
>>> Windows/System32 etc directories have no signitures or unverifiable
>>> signitures (WARNING: Some Microsoft files still do not have sigs so use
>>> tool to highlight possible hoax programs, but make sure you don't go
>>> deleting everything it finds)
>>> 3. AutoRuns -- You have probably used MSConfig. This is much more
>>> advanced and usful for finding that program and where it is starting
>>> from.
>>> 4. PortMon -- What ports on your machine are listening for connections
>>> and what programs they belong to.
>>>
>>> If you cannot find the program with these, then you have bigger
>>> problems.....
>>>
>>> Scott
>>>
>>> "mgm" <mgmombo@hotmail.com> wrote in message
>>> news:%235IxkrYjFHA.3336@tk2msftngp13.phx.gbl...
>>>> a couple of months ago I installed Norton Anti-Virus. Now when ever I
>>>> run Ad-Aware, BulletProof Spy detector places shortcuts in a new folder
>>>> on my desktop.
>>>>
>>>> Is anyone here familiar with BulletProof? Is this part of a Norton
>>>> suite? Do I have to be concerned about the security of my XP pro box?
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Glad to hear it. Keep having fun.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:%23guCaFujFHA.3568@TK2MSFTNGP10.phx.gbl,
mgm <mgmombo@hotmail.com> hunted and pecked:
> Yes, all was done in safe mode and finally the BPS has been removed. All
> BPS has been removed and blocked via Spybot and SpywareBlaster... AND most
> important, it's really gone. Again, thanks to all for your input
> "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
> news:epIeMXtjFHA.1968@TK2MSFTNGP14.phx.gbl...
>> mgm,
>>
>> You have a bunch of other trash that you do not need running, but we
>> better
>> stick to BPSSR for now.
>>
>> Did you try to run Spybot S&D and Ad-Aware in Safe Mode like Malke
>> suggested? Some malware like to conceal themselves in areas that Windows
>> protects while using them. Safe mode will prevent those application
>> accesses, and therefore unprotect the malware.
>>
>> Did you download, install and run HijackThis in Safe Mode like Malke
>> suggested?
>>
>> 4) HijackThis
>> http://www.spywareinfo.com/~merijn/downloads.html
>>
>> 4a) HijackThis (direct download)
>> http://aumha.org/downloads/hijackthis.zip
>>
>> HijackThis log tutorial
>> http://www.spywareinfo.com/~merijn/htlogtutorial.html
>>
>> HijackThis Log Tutorial
>> http://www.aumha.org/a/hjttutor.htm
>>
>> How to use HijackThis to remove Browser Hijackers & Spyware
>> http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#warning
>>
>> Is there a listing for BulletProofSoft SpywareRemover in Add or Remove
>> Programs?
>>
>> Was the MsiInstaller Warning about a failed uninstall? Did you try to
>> uninstall BPSSR using Add or Remove Programs? If you didn't, try it.
>> Never
>> mind you mentioned that it wasn't listed. So what caused the
>> MsiInstaller Warning?
>>
>> CLSID {0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E} appears to be BPSSR.
>>
>> Also look for {0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E} in
>> %appdata%\Microsoft\Installer
>> or
>> C:\Documents and Settings\Your Name Here\Application
>> Data\Microsoft\Installer
>> and
>> %windir%\Installer
>> or
>> C:\WINDOWS\Installer
>> And delete the {0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E} folder. This ought
>> to
>> prevent BPSSR from getting installed again.
>>
>> Spyware.exe & PopUpWatch.exe would appear to be the BPSSR program. Make
>> sure that you use Task Manager to *KILL* both of these before running
>> Spybot
>> S&D, etc.
>>
>> Open Task Manager...
>> Ctrl + Shift + Esc | Processes tab | Click on the Image name header to
>> alphabetize the list | Locate Spyware.exe & PopUpWatch.exe | Right click
>> each one | End Process | Answer YES to the Warning that popsup | Make
>> sure that there isn't more than one of each running | Close Task Manager
>>
>> --
>> Hope this helps. Let us know.
>>
>> Wes
>> MS-MVP Windows Shell/User
>>
>> In news:%23mhAN5mjFHA.1444@TK2MSFTNGP10.phx.gbl,
>> mgm <mgmombo@hotmail.com> hunted and pecked:
>>> Amen to Scott and a big thank you to all you contributed.
>>> If anyone can offer some added input after reviewing the logs, it would
>>> be
>>> greatly appreciated. Thanks..mgm
>>>
>>> I have NAV 2005, spybot s&d, Adaware, ZoneAlarm Pro(all updated) and all
>>> XP's latest and grestest patch/update software running behind a hardware
>>> firewall (router) and STILL got the BulletProof mess.
>>>
>>> After checking my application event logs, I noted that the BPS mess
>>> begins
>>> executing at 4:15 AM everyday. Adaware and Spybot also auto execute in
>>> the wee hrs. 2:15 and 3AM.
>>> By checking the event log, I got BPS CLSID and found it in the registry.
>>> With this ID I hope to let SpyBlaster block it from executing tomorrow
>>> am.
>>> Wesley Vogel requested some logs, so here they are. I hope they can
>>> help others to clean up or, better yet, avoid the mess
>>> Application event log:
>>>>>>> Event Type: Warning
>>> Event Source: MsiInstaller
>>> Event Category: None
>>> Event ID: 1004
>>> Date: 7/21/2005
>>> Time: 4:15:02 AM
>>> User: XXXXX\Administrator
>>> Computer: XXXXX
>>> Description:
>>> Detection of product '{0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E}', feature
>>> 'SpywareRemover', component '{23332A7D-C96D-4A86-830C-71CBE466BA78}'
>>> failed. The resource 'C:\Program
>>> Files\BulletProofSoft.com\SpywareRemover\LSPFix.exe' does not exist.
>>>
>>> For more information, see Help and Support Center at
>>> http://go.microsoft.com/fwlink/events.asp.
>>>
>>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
>>> Management\ARPCache\{0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E}<<<<<<
>>>
>>> Initial SpyBot run that "fixed" BulletProof" (removed)
>>>>>>> BPS Spyware Remover: System file (File, fixed)
>>> C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
>>>
>>> BPS Spyware Remover: System file (File, fixed)
>>> C:\Program
>>> Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe
>>>
>>> BPS Spyware Remover: Program directory (Directory, fixed)
>>> C:\Program Files\BulletProofSoft.com\SpywareRemover\
>>>
>>> BPS Spyware Remover: Program group (Directory, fixed)
>>> C:\Documents and Settings\All Users\Start
>>> Menu\Programs\BulletProofSoft.com
>>>
>>> BPS Spyware Remover: Shared DLL (1 apps) (Registry value, fixed)
>>>
>>>
>>
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\P
>>> rogram Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
>>>
>>> BPS Spyware Remover: Shared DLL (1 apps) (Registry value, fixed)
>>>
>>>
>>
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\P
>>> rogram
>>>
>>
Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe<<<<<<<<<
>>> <<<
>>>
>>> Initial Spybot Startup list (this and the initial scan was done from
>>> SafeMode) I recognize all processes here.
>>>>>>> Located: HK_LM:Run, ccApp
>>> command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
>>> file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
>>> size: 58992
>>> MD5: e5f9b0314442ea5816518c64b02f10a2
>>>
>>> Located: HK_LM:Run, DeviceDiscovery
>>> command: C:\Program Files\Hewlett-Packard\Digital
>>> Imaging\bin\hpotdd01.exe
>>> file: C:\Program Files\Hewlett-Packard\Digital
>>> Imaging\bin\hpotdd01.exe
>>> size: 229437
>>> MD5: 7eef9e578d2aa3d562d074bfdfe56825
>>>
>>> Located: HK_LM:Run, HP Component Manager
>>> command: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
>>> file: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
>>> size: 241664
>>> MD5: f5f1a8cdd473d55f9bf6fe23f715b0fa
>>>
>>> Located: HK_LM:Run, HP Software Update
>>> command: "C:\Program Files\Hewlett-Packard\HP Software
>>> Update\HPWuSchd2.exe" file: C:\Program Files\Hewlett-Packard\HP
>>> Software Update\HPWuSchd2.exe size: 49152
>>> MD5: 6ad9dcb0257b10ea458165f70634dabc
>>>
>>> Located: HK_LM:Run, HPDJ Taskbar Utility
>>> command: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
>>> file: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
>>> size: 188416
>>> MD5: b25f66fdaa5a0389500c8a9e0433e5a5
>>>
>>> Located: HK_LM:Run, NeroFilterCheck
>>> command: C:\WINDOWS\system32\NeroCheck.exe
>>> file: C:\WINDOWS\system32\NeroCheck.exe
>>> size: 155648
>>> MD5: 3e4c03cefad8de135263236b61a49c90
>>>
>>> Located: HK_LM:Run, NvCplDaemon
>>> command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
>>> file: C:\WINDOWS\system32\RUNDLL32.EXE
>>> size: 33280
>>> MD5: da285490bbd8a1d0ce6623577d5ba1ff
>>>
>>> Located: HK_LM:Run, nwiz
>>> command: nwiz.exe /install
>>> file: C:\WINDOWS\system32\nwiz.exe
>>> size: 741376
>>> MD5: a4ae9ba1e10cb9f6c0949c4db91a1f72
>>>
>>> Located: HK_LM:Run, SoundMan
>>> command: SOUNDMAN.EXE
>>> file: C:\WINDOWS\SOUNDMAN.EXE
>>> size: 77824
>>> MD5: 6351b9d79370a6795921fa3c3950ded6
>>>
>>> Located: HK_LM:Run, Symantec NetDriver Monitor
>>> command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
>>> file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
>>> size: 100056
>>> MD5: f9418981ee4d7e995d359833adab59d5
>>>
>>> Located: HK_LM:Run, TkBellExe
>>> command: "C:\Program Files\Common
>>> iles\Real\Update_OB\realsched.exe" -osboot
>>> file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
>>> size: 180269
>>> MD5: b8e684df9a97497edd2f87444a6307fb
>>>
>>> Located: HK_CU:Run, ctfmon.exe
>>> command: C:\WINDOWS\system32\ctfmon.exe
>>> file: C:\WINDOWS\system32\ctfmon.exe
>>> size: 15360
>>> MD5: 24232996a38c0b0cf151c2140ae29fc8
>>>
>>> Located: Startup (common), Adobe Reader Speed Launch.lnk
>>> command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
>>> file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
>>> size: 29696
>>> MD5: deb88aef013dd1eefb462d7cad642166
>>>
>>> Located: Startup (common), ZoneAlarm Pro.lnk
>>> command: C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
>>> file: C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
>>> size: 422984
>>> MD5: 3b2d0ab3d2dbc4cbbd6b9cd9be59a799
>>>
>>> Located: Startup (disabled), Acrobat Assistant (DISABLED)
>>> command: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
>>> file: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
>>> size: 217193
>>> MD5: 78bfe3201ada2fe02d1e35d2488e5f55
>>>
>>> Located: Startup (disabled), Adobe Gamma Loader (DISABLED)
>>> command: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
>>> file: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
>>> size: 113664
>>> MD5: c2ff17734176cd15221c10044ef0ba1a
>>>
>>> Located: Startup (disabled), Microsoft Office (DISABLED)
>>> command: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
>>> file: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE
>>> size: 83360
>>> MD5: 5bc65464354a9fd3beaa28e18839734a
>>>
>>> Located: Startup (disabled), ZoneAlarm Pro (DISABLED)
>>> command: C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe -nopopup
>>> file: C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
>>> size: 422984
>>> MD5: 3b2d0ab3d2dbc4cbbd6b9cd9be59a799<<<<<
>>> "Wm. Scott Miller" <Scott.Miller@spamkillerwvinsurance.gov> wrote in
>>> message news:%23KnT1ijjFHA.576@tk2msftngp13.phx.gbl...
>>>> mgm:
>>>>
>>>> If I were you, I'd learn how to remove spyware, adware, virus, etc
>>>> manually because not every one is going to be caught by every tool out
>>>> there. Of course try to find a tool to remove it for you, but when
>>>> that fails, there is only manual, especially if you want if off
>>>> instead of waiting for a def update. After all there is always a lag
>>>> time between release of a spyware/adware/virus/worm/etc and the tools
>>>> ability to remove it. Use Ad-Aware, Spybot S&D, etc, but also make
>>>> sure you know what is running on that machine and what might not
>>>> belong. Blind trust in those companies to find everything out there
>>>> is a HUGE mistake.
>>>>
>>>> To do this manually, you can use several tools. Most of them I've
>>>> gotten
>>>> from www.sysinternals.com (not associated, just like their tools).
>>>> Here is a list of the ones I use:
>>>>
>>>> 1. Process Manager -- Task Manager replacement that shows alot more
>>>> information (like what is running inside those svchost.exe's)
>>>> 2. SigCheck -- Check to see what files in your Windows and
>>>> Windows/System32 etc directories have no signitures or unverifiable
>>>> signitures (WARNING: Some Microsoft files still do not have sigs so use
>>>> tool to highlight possible hoax programs, but make sure you don't go
>>>> deleting everything it finds)
>>>> 3. AutoRuns -- You have probably used MSConfig. This is much more
>>>> advanced and usful for finding that program and where it is starting
>>>> from.
>>>> 4. PortMon -- What ports on your machine are listening for connections
>>>> and what programs they belong to.
>>>>
>>>> If you cannot find the program with these, then you have bigger
>>>> problems.....
>>>>
>>>> Scott
>>>>
>>>> "mgm" <mgmombo@hotmail.com> wrote in message
>>>> news:%235IxkrYjFHA.3336@tk2msftngp13.phx.gbl...
>>>>> a couple of months ago I installed Norton Anti-Virus. Now when ever I
>>>>> run Ad-Aware, BulletProof Spy detector places shortcuts in a new
>>>>> folder on my desktop.
>>>>>
>>>>> Is anyone here familiar with BulletProof? Is this part of a Norton
>>>>> suite? Do I have to be concerned about the security of my XP pro box?