File description : Buddy
Location: C:\WINDOWS\gfidzdury.exe
remote name : btg.btgrab.com
Searching for a way to remove this one.
Made a large safe-mode scan, and no one detected it.
If you know of any removal procedure for this, please help me !
Thanks
Submit the .exe to Jotti, to see alternative names for it (virusscan.jotti.org/). Then post the results here.
Service load: 0% 100%
File: gfidzdury.exe
Status: INFECTED/MALWARE (Note: only non-destructive malware has been found. Considering the non-destructive nature of samples like these - although they can be a pain -, results will not be stored in the database.)
MD5 cb6d412aef50c3e19ccd5900ad85d0b3
Packers detected: PE_PATCH, UPX
Scanner results
AntiVir Found TR/Buddy.F
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found Adware.BBuddy-13
Dr.Web Found not a virus Adware.BetterInternet
F-Prot Antivirus Found nothing
Fortinet Found W32/BUDDY.F-tr
Kaspersky Anti-Virus Found not-a-virus:AdWare.BetterInternet
mks_vir Found .Bargainbuddy.M05
NOD32 Found nothing
Norman Virus Control Found nothing
VBA32 Found AdWare.BetterInternet
OK, this is not a virus, but adware.
It’s technical details are here: http://www.symantec.com/avcenter/venc/data/adware.betterinternet.html. (for BetterInternet)
Here: http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html (forBargainBuddy)
Jotti will give Alwil (avast) a sample of it now that you submited it, so they might add it soon.
But best way is to use an anti-spyware to remove it:
a-squared and/or AdAware and/or Microsoft Antispyware.
Links are at my website.
Nothing works.
Made a safe mode scan with all my programs, and it still come back.
The adaware-better internet removal tool didn’t found anything too.
Maybe this is some kind of new threat.
try to open REGEDIT and search for “buddy”. You have a tracking spyware. Search also for the cookies you have in your browser cache and in TEMP. Use CCleaner and download the trial version of PestPatrol. Remember to disable the system recovery before launching every scan at reboot.
Download HijackThis.zip - HiJackThis Tutorial
For an on-line scan of your Hijackthis log file try here http://hijackthis.de/index.php
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.