PDA

View Full Version : buildbirdaim/Mode2Phone/fxjddnkn



realchaos1
2006-11-15, 10:42
ok i've been ranting about this on the boards for a while now. I wanna make sure you guys get this.

Every once and a while my CPU will bog down and a file called buildbirdaim.exe will show up in the Task Manager Processes sucking up % of the CPU. I'll also hear a commercial play in the background out of no where and a pop-up with IE will show up about Registery Clean Up.

see: http://forums.spybot.info/showthread.php?t=8901

I appologies for posting a bunch of threads. I was hoping someone would either delete or move then to the appropriate forum after I messed up.

When I snooped around and did a search for "buildbirdaim" I found a pf file hidden away, see: http://forums.spybot.info/showpost.php?p=52944&postcount=5

I started taking a look at my msconfig and found files in the startup that I did not recognize. Mode2Phone.exe and fxjddnkn.exe located under 'C:\Documents and Settings\R-109\Application Data\intermoveaudio' showed up.

So I decided to look in that folder and found that everything was hanging out, including buildbirdaim.exe

I took the Mode2Phone.exe and fxjddnkn.exe out of the msconfig and left the files along (because i wanted to further discuss this with the Spybot community). I restarted and thought all was good until my computer started bogging down yet again.

Not kool, I ended task to buildbirdaim.exe (again) and checked msconfig. Mode2Phone.exe was sitting there checked as if it had a mind of its own.

So I would like to send these files to detections(AT)spybot.info

I will also include the link to this thread. I sent one earlier of the pf file. I want you guys to deal with this so Spybot can make an update. I will leave the infected files on my computer until Spybot S&D can address it.

:spider: god speed!

teacup61
2006-11-17, 06:24
Hello realchaos1,

Let's see if my suspicions are correct about the audio you're hearing. Please do the following for me. :)

Go to Start > Run and paste in the following line:

regedit /e c:\reg.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components"

Click OK.

Go to Start > Run and paste in the following:

c:\reg.txt

Click OK.

A notepad should open, please paste the contents of the notepad into your next reply.

Also :

* Click here (http://www.thespykiller.co.uk/files/HJTsetup.exe) to download HJTsetup.exe
Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


Thank you! :)
tea

tashi
2006-11-26, 09:16
:scratch:
This topic is closed due to lack of a response to helper, if you need it re-opened please send me a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.