Results 1 to 13 of 13
  1. #1
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Los Angeles Area, California, USA
    Posts
    7,453
    Thanks
    0
    Thanked 0 Times in 0 Posts

    BonziBuddy & Pest Patrol

    I have the free version of Pest Patrol (as well as Spybot, SpywareBlaster, & AdAware). Pest Patrol shows almost a dozen registry entries that it says are BonziBuddy. I ran PP two weeks ago & it showed about 4 entries, which I deleted. I went to Pest Patrol Pest Info to read about it. I have none of the files that they describe, only the registry entries.

    It also lists C:Windowssetup1.exe as Adware, although setup1.exe properties show it's the Visual Basic 6.0 setup toolkit from Microsoft. It lists a cookie that expired in 2001 (although IE Cookie Viewer lists it's status as active & I seem to have gotten it about a week ago).

    Is anyone running Pest Patrol &, if so, does it give false positives? I've attached the log of entries, if anyone is interested, as it's too long to post. I'm torn between getting the paid version that will delete entries or just ignore it.
    Thanks,

  2. #2
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: BonziBuddy & Pest Patrol

    Phil

    Philosophically speaking (and originally that was accidental!), it seems a Good Idea to remove all the rubbish associated with a virus/trojan/adware/pestilential exploit from the registry and the file system. But in practice, all that happens are that this residual data takes up (some) disk space, and doesn't do any other harm. In most instances, the "virus fixes/removal tools" put out by the antivirus companies simply remove anything that can be executed, leaving lots of registry entries and non-executable files lying around. Spybot and Ad-aware try to do a better job, I think!

    I suspect it's down to whether or not you think it necessary to run a registry cleaning tool...

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  3. #3
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Los Angeles Area, California, USA
    Posts
    7,453
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: BonziBuddy & Pest Patrol

    Hi John:
    I ran a few registry cleaning tools, but the "Bonzi" entries are still there. I put Bonzi in quotes because they are entries like:
    HKEY_LOCAL_MACHINEsoftwareclassesinterface{065e6fd 3-1bf9-11d2-bae8-00104b9e0792}
    & I don't know what's putting them back in. AdAware & Spybot do not detect them, so I'm still <img src=/S/confused.gif border=0 alt=confused width=15 height=20>

  4. #4
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    20,613
    Thanks
    2
    Thanked 625 Times in 558 Posts

    Re: BonziBuddy & Pest Patrol

    Phil,
    If you want to track it down try Sysinternals Regmon. Be prepared for voluminous output.

    Joe

  5. #5
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: BonziBuddy & Pest Patrol

    Phil

    Programs like SpywareBlaster and SpywareGuard will stop ActiveX stuff from being installed, but if it;s there already...

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  6. #6
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Los Angeles Area, California, USA
    Posts
    7,453
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: BonziBuddy & Pest Patrol

    Hi Joe:
    Thanks. I already have Regmon, but I confess that I have a lot of trouble using it. For example, I run it (& yes, there are voluminous strings) & then search for one of the registry keys (like HKEY_LOCAL_MACHINEsoftwareclassesinterface{065e6fd 3-1bf9-11d2-bae8-00104b9e0792}). It doesn't find it, which means it's not being accessed at the time. But I don't know how this helps & or what to do from there.

  7. #7
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: BonziBuddy & Pest Patrol

    <P ID="edit" class=small>(Edited by jscher2000 on 02-Aug-04 12:34. )</P>I don't have anything like that in my registry. Can you export that key to a .txt file (just override the .reg extension) and post it? Searching the GUID on Google Web provides numerous links to PestPatrol's site, but nothing else, which is extremely odd. The manual removal instructions are rather long, but perhaps it's worth taking a look?

    Added: I see you already know about that page. If entries come back, perhaps something in the Run section is adding them???

  8. #8
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Los Angeles Area, California, USA
    Posts
    7,453
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: BonziBuddy & Pest Patrol

    Hi Jefferson:
    OK. I've attached a .txt file for one of the Bonzi entries. There are 17 of them that are similar (I posted the keys in a text file in my first post). I've checked all my entries for startup & there's nothing new in any of them. I pretty much run a bare bones startup.

    I just thought of something. My daughter just started using a Disney Jungle Book CD on my computer (she has a Mac). I wonder if that did anything. Other than that, I haven't been doing anything unusual except updating IE, Avant Browser, & Firefox.

  9. #9
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: BonziBuddy & Pest Patrol

    Thanks, Phil. I should have realized that you never get the answer from one key and have to dig through all the numeric references. Good grief! Anyway, if it somehow infected a CD and gets installed when you use it, that's going to be tough to crack.

  10. #10
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    20,613
    Thanks
    2
    Thanked 625 Times in 558 Posts

    Re: BonziBuddy & Pest Patrol

    Phil,
    Strange that Regmon doesn't catch it. My best hint would be to rid your machine of one or more of the keys that you know will reoccur. Then try to narrow down the time frame and activity. If it is consistently reproducible you should be able to use Regmon then to trap it. I know that's a lot of work but sometimes tedious time cunsuming effort is the only way.

    Joe

  11. #11
    Plutonium Lounger
    Join Date
    Dec 2000
    Location
    Sacramento, California, USA
    Posts
    16,775
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: BonziBuddy & Pest Patrol

    Phil,

    Those are interface keys, and I've seen the same things on a machine with Belarc Advisor installed. Unfortunately, PestPatrol has gotten carried away lately with identifying files as spyware if any known spyware app installs them, whether or not they are also used in legitimate applications. I got a positive hit on two Sheridan controls that SpeedFerret 4.1 uses because something called InternetAlert also installs them. I got hits on a couple of legitimate licensed libraries that we use ourselves in our apps because somebody nasty also uses them. Some of the registrykeys for SpeedFerret also show up as BonziBuddy, so I finally just excluded those keys from the search until they can get it right. In the case of SpeedFerret, allowing PestPatrol to remove the keys broke the application big time. That's when I started looking up each registry key identified as a pest before allowing it to be removed.
    Charlotte

  12. #12
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Los Angeles Area, California, USA
    Posts
    7,453
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: BonziBuddy & Pest Patrol

    Thanks Everyone:
    I have Belarc Advisor, but haven't used it for some time. As a practical matter, I think I have two choices: either ignore it unless something funny happens or get the paid version of Pest Patrol. If I do the latter, I can delete the entries and, if something breaks, I can restore. Charlotte, they are interface keys, but I don't know what that does.

    I took a look a the log that I keep of everything I do to my computer (well, almost everything) & I deleted the"Bonzi" keys on 7/10. I noted at the time that PP listed my setup for Avant Browser as spyware, & I know that is not true. The next time I ran PP they were back & in between I installed a few Critical Updates, upgraded Firefox, Spyware Blaster, & Avant Browser. I can't believe that any of those installed spyware.

    Thanks again for all the ideas. I think I'll wait awhile & see if anything bad happens.

  13. #13
    Plutonium Lounger
    Join Date
    Dec 2000
    Location
    Sacramento, California, USA
    Posts
    16,775
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: BonziBuddy & Pest Patrol

    I *have* the paid version of PestPatrol, and it does the same thing. <img src=/S/shrug.gif border=0 alt=shrug width=39 height=15> If you reinstall software that uses those keys, they'll come back and PestPatrol will find them again. That's why I suggested excluding the specific keys it finds once you confirm what they belong to.
    Charlotte

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •