upapp - what is it

Hello. My first venture into trouble shooting through a forum but, having followed the instructions in one thread and the <READ & RUN ME FIRST Before Asking for Support> page - seemingly resulting in successfully getting rid of whatever was causing my PC to search for a spyware associated file "ibm00003.exe" (for which, many thanks), Major Geeks looks like he is the man to help. So, I thought I'd repeat a question that I have seen asked elsewhere and to which two very diiferent answers seem to be posted in various places on the web.

Whilst checking for Malware programs to delete in Control Panel \ Add or Remove programs, I noticed "upapp" listed. I cannot find it anywhere else on my PC, I know I didn't install it knowingly and I have no idea what it does or where is came from. As I cannot find it anywhere and at 45 Mb I am suspicious of it. One posting I have read says it is something nasty left behind by Spyware; two others say it is associate with an HP printer (checks for updates). I cannot find any sign of it within any HP directory and so believe it must be nasty - but would like to be sure before I hit the delete key.

Any confirmation one way or the other?

Many thanks

Morlo

 

Many thanks for reply.

One of my on-line access bank accounts had been accessed without authorisation and I just changed the passwords etc a couple of days ago - at least now I might know how it happened - so thanks for this.

Anyway, logs from BitDefender, Panda and HJT are attached, as is also the log from the RegEdit search (file name: sOutTmp162210 - upapp Reg Edit search.txt)

Hope some of this makes sense to you - it doesn't to me

Regards

Morlo

 

The log files don't seem to have attached - try again

Morlo

 

I am clearly having troubvle attaching these files ... here goes again

Morlo

 

Many thanks

Yes, I do have an HP printer. I will leave upapp alone then.

As for the rest, I'll do as recommended and post results on completion.

Regards

Morlo

 

Hi again

Norton quarantine and trash can emptied

Ewido run and log attached

Hoster run as instructed

HJT re-run and new log attached

Thanks again

Morlo

 

Good morning

Thanks for the message to Ross - my dear 16 year old son who, like most teenagers, is sure he knows best and cannot be told otherwise. I think this exercise is actually teaching him something about internet security and perhaps the risks of getting something nasty through the wires are not just fairy tales told him by his elders!

I had indeed goofed on emptying the Norton recycle bin (I had uninstalled my old N utilities when I got NIS 2006 as they were incompatible - and the Norton recyled bin icon disappeared at that time - so I had to empty manually).

Hoster - I'd overlooked that it was set as Read Only. So I set to Writable and re-ran. No O1 lines now in HJT log. Does this mean we're getting there? I hope so as my wife is twitching about internet banking.

Should I have done another BitDefender scan?

Regards

Morlo

 

Hi

I deleted the offending archive file but it has appeared again in C:\ recycler - as seen in attached BitDefender log. Before I go ahead and delete this and four other files / folders in recycler dated today and two days ago, am I right in assuming they can be deleted?

I am confused by the other log reults -
C:\System Volume
Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP1\A0000227.MSI=>(Quarantine-2)=>(Embedded
CAB)=>loadadv458.exe

This looks like something in quarantine - can I just delete this and items like it?

Lastly, I tried to download & install F-Secure's Backlight. I had to disable all the anti-Spyware programs I have installed over the last few days (SpyCatcher - recommended by SpyWare Warrior who I linked to from Major Geeks - in particular, would not let it download). And once I had downloaded it would not install without my uninstalling Norton Internet security 2006 and Ad-Aware. Since both of these are known to me I was unhappy about doing so and so have been unable to run Backlight. Will this be a serious shortcoming?

Morlo

 

Thanls again

Will get on it. Lots of unistalling and installing - and work to interfere! - so will take a little time. Will post results a.s.a.p.

Morlo

 

Big troubles.

I uninstalled NIS and AdAware, disabled Anit SpyWare and installed F-Secure and then trouble began. PC failed to boot properly - got stuck in constant reboot loop showing error screen in attached jpeg. Error screen only appeared long enough for me to take digital photo, not even enough time to write down any of the detail. It took over an hour to manage to interupt the re-boot loop enough to get into safe mode and uninstall F-secure. I think machine has rebooted correctly now but am sending this from a different machine.

Having looked again at the F-secure site, I think I downloaded the Internet Security Suite not the Blacklight Beta version - can you confirm that it is Blacklight Beta I need? Thanks

Morlo

 

Hello again

Success! Sorry for being an idiot getting mixed up between Backlight and the full blown F-secure internet security. Backlight was no problem at all. So, I have:
- empitied recycle and N-protect bins

- run backlight - log attached (it showed results from Spy Catcher which I installed on recommendation from spyWare Warrior which I linked to from Major Geeks at http://www.spywarewarrior.com/rogue_anti-spyware.htm#rec - which I assume is OK

- re-run BitDefender - log attached which I assume means clean

Yes, have sorted passwords with banks via phone. The fraud team from the bank I said appeared to have had unauthorised access on my sign-in confirmed that there had been several attempts including a successful one which came just a few days after they had upgraded their security - which prevented money transfer. A lucky break. It was traced to a town in the north of England.

And yes, Norton Internet Security does indeed have a firewall. (My wireless network router also has a firewall). However, What NIS 2004 did not have - which I did not realise until I upraded to NIS 2006 in November - was any Anti-Spyware. So I suspect that most or all of the infections have been around for a while and it was only after upgrading to NIS 2006 and installing MS AntiSpyware at roughly the same time that I began to detect and delete - leading to the error message about ibm00003.exe which started me on this road.

Hope all is now clean and well?

Regards

Morlo

 

Hurray

Very many thanks for all your help. I am way ahead of you with your last post - already done the System Restore action and I have followed the "How to protect from malware" advice page - including shifting to Firefox (which I find I prefer to IE anyway). My son - remember him? the probable source of most of the spyware - is now urging me to throw the PC out the window and buy a Mac. He could be right!

I have also just completed a long e-mail to a bunch of friends telling them of my recent trials and troubles and giving them the links to enable them to check out their own computer sucurity.

Once again, many thanks - and believe me, we'll be trying hard to keep the machine nice and clean.

Best wishes,

Morlo