Bastapi.exe--what IS this thing?

Hi everyone, I'm new to this forum. I'm hoping someone will be able to help me!

I use a computer at work to read webcomics and check emails when no one else is on it, because I don't have much else to do. Lately, a TON of popups have been appearing as I surf the net. Every now and then, a message pops up, telling me that bastapi.exe has performed an illegal operation, and that it has to close down. I don't notice any significant changes in system functioning as I use the computer, but something tells me that bastapi can't be good.

Since this is not my computer and my coworker is not keen on letting me install opera or firefox, I was hoping that someone could get me a fairly invisible form of protection for this computer. I have a feeling that if something goes wrong with her system, my coworker will blame it all on me...and all I've done is visited a few websites!

I have installed spybot as well as ad aware, and they aren't doing the job for either bastapi or the incessant popups. Thank you all for helping me!

-Danielle-

 

Hi,

I have come up with the same issue. A lingering "bastapi.exe" app that eats away at most of the system's resources, that just will not go away. If I try to kill the process, it starts itself up again.

I found bastapi.exe to live in c:\winnt\registration
However, upon deletion, it puts the file back!

Also, there are entries in the registry. search for "run once" or "run", or even "bastapi.exe". Delete the keys calling bastapi.exe, and they come back upon reboot! Very sticky. Just keeps coming back.

The trick is to do it all in safemode. At least, it did that for me. Booting into safemode showed that bastapi.exe still loaded, BUT, when killed, deleted from c:\winnt\registration, and from the registry, it doesn't come back. After one reboot, nothing had returned. This was done on a win2k box, with sp4.

-paul

 

Yeah, I found this on a school computer. We can't boot to safe mode, so I was able to delete it by removing the system and hidden flags; and then killing the process and deleting the file in rapid succession.

It made a rather large file which I suspect to be some sort of a key logger or data siphon.

I submitted everything but that file to mcaffee and symantec.

 

I just got a reply back from mcaffee; they say that it is in fact adware, and they sent me an update to get their virus software to block it. In that update is the keyword 'adware-virtumondo' -- you can find some useful information on that with google.