User User name Password  
Saturday 1.2.2025 / 17:33
Search AfterDawn Forums:        In English   Suomeksi   På svenska > forums > software, operating systems and more > windows - virus and spyware problems > ai project updater: insatlling...
Show topics
AI Project Updater: Insatlling...
  Jump to:
Posted Message
30. April 2011 @ 09:56 _ Link to this message    Send private message to this user   

I have a feeling that my system may be infected with a virus or malware.

Everytime i start my system up, i have a pop up that starts called "AI Project Updater:Installing...". I have no idea what it is related to, but it comes up every time i boot it. It remains there for about 10 minutes, and then disappers.

I cannot close it, etc, but have a feeling it isnt supposed to be there!

I ran Malwarebytes, ad-aware and virus scan, but it still keeps coming back.

Any ideas would be very welcome..

Thanks in advance!

AfterDawn Addict
30. April 2011 @ 16:38 _ Link to this message    Send private message to this user   
Run msconfig to see if it's listed and see if it gives any information, then Google it.
1. May 2011 @ 05:27 _ Link to this message    Send private message to this user   
Originally posted by attar:
Run msconfig to see if it's listed and see if it gives any information, then Google it.
I ran the config, but nothing is listed under any of the tabs.

Yesterday, i ran my Malwarebytes again, and it found a few infected files which i have removed since. Virus scanner shows nothing still.

When i booted up this morning, the AI Project updater came on again ....

When i open a new tab in Internet Explorer, i get ad popups such as

I have a feeling its virus/malware related .. any other scanners i could use?

Sorry i cant give anymore information!
AfterDawn Addict
1. May 2011 @ 08:04 _ Link to this message    Send private message to this user   
Do you have a Restore Point that predates this problem.
1. May 2011 @ 08:22 _ Link to this message    Send private message to this user   
After looking on the web yesterday, I turned off my restore point, but yes, it would predate the problem. At the moment, my restore point is not enabled.

AfterDawn Addict
1. May 2011 @ 10:08 _ Link to this message    Send private message to this user   
No restore point and scanning doesn't show anything.
Hijackthis might show what's causing it - but interpreting the results is kind of technical.
You can run it and post the log here and someone might be able to help.

In the meantime you might want to post at the Videohelp site and ask for assistance.
1. May 2011 @ 10:15 _ Link to this message    Send private message to this user   
I have run a new Malware scan and the log is below. There were some infected files, and everytime i run Malwarebytes, there are always infected files now ...

Malwarebytes' Anti-Malware

Database version: 6482

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01/05/2011 11:19:32
mbam-log-2011-05-01 (11-19-32).txt

Scan type: Full scan (C:\|)
Objects scanned: 237048
Time elapsed: 49 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\fjlfixbubud.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{07588A81-6C32-116A-1F8F-8685EA777F4D} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07588A81-6C32-116A-1F8F-8685EA777F4D} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07588A81-6C32-116A-1F8F-8685EA777F4D} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07588A81-6C32-116A-1F8F-8685EA777F4D} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aujpvdjfnkv (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jhvouvxmeuhl (Trojan.Agent) -> Value: jhvouvxmeuhl -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Stuart\local settings\Temp\drivers_pack_v4.55.63_fix.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\drivers_pack_v4.55.63_fix.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fjlfixbubud.dll (Trojan.Agent) -> Quarantined and deleted successfully.
1. May 2011 @ 10:19 _ Link to this message    Send private message to this user   
Originally posted by attar:
No restore point and scanning doesn't show anything.
Hijackthis might show what's causing it - but interpreting the results is kind of technical.
You can run it and post the log here and someone might be able to help.

In the meantime you might want to post at the Videohelp site and ask for assistance.
Here is the log file from the Hijakthis scan:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:17:59, on 01/05/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Web Components\messenger.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\GTCO CalComp InterWrite\IWStarter.exe
C:\Documents and Settings\sbradley\Local Settings\Temp\Password .exe
C:\Program Files\SMART Board Software\SMARTBoardTools.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\SMART Board Software\Aware.exe
C:\Program Files\SMART Board Software\Marker.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit0.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [messenger.exe] C:\Program Files\Common Files\Microsoft Shared\Web Components\messenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: 3.2.lnk = C:\Program Files\ 3\program\quickstart.exe
O4 - Global Startup: InterWrite Starter.lnk = ?
O4 - Global Startup: Password .lnk = C:\Documents and Settings\sbradley\Local Settings\Temp\Password .exe
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Board Software\SMARTBoardTools.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B987F89-9FA1-41A2-B966-9E3884135D18}: NameServer =,
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

End of file - 9174 bytes
AfterDawn Addict
1. May 2011 @ 11:39 _ Link to this message    Send private message to this user   
Try booting into safe mode and run malwarebytes.

You can post the HiJackthis log here.
2. May 2011 @ 05:36 _ Link to this message    Send private message to this user   
Originally posted by attar:
Try booting into safe mode and run malwarebytes.

You can post the HiJackthis log here.

Posted on the forums you mentioned, but no joy yet.

Just thought i would add a little more detail. I keep running the malwarebytes scan, and it keeps coming up with the same files, even though it tells me it has removed them. The last log i di is posted below:

Malwarebytes' Anti-Malware

Database version: 6490

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/05/2011 10:26:37
mbam-log-2011-05-02 (10-26-37).txt

Scan type: Full scan (C:\|F:\|)
Objects scanned: 238789
Time elapsed: 50 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jhvouvxmeuhl (Trojan.Agent) -> Value: jhvouvxmeuhl -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Stuart\local settings\Temp\drivers_pack_v4.55.63_fix.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\drivers_pack_v4.55.63_fix.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fjlfixbubud.dll (Trojan.Agent) -> Delete on reboot.

The four files it found were found in the previous scan as well. Not sure if that helps any, but thought i would mention it.

4. May 2011 @ 03:19 _ Link to this message    Send private message to this user   
I have the same problem with the same infected files. My anti-virus and malwarebytes says they quarantined and removed it already but everytime I scan its still there. And this annoying AI PROJECT UPDATE keeps on popping out when I turn on my laptop. I think its a new breed of malware of some sort.

We definitely need help!
5. May 2011 @ 09:36 _ Link to this message    Send private message to this user   
I have the same problem with the same infected files.

We definitely need help!

This message has been edited since posting. Last time this message was edited on 5. May 2011 @ 09:41

5. May 2011 @ 09:40 _ Link to this message    Send private message to this user   
Im having the same problem... I dont want to see this same old AI project Updater popping up again, I need your help guys, Please this is really killing me HELP !!!!!
7. May 2011 @ 09:39 _ Link to this message    Send private message to this user   

Just an update..

Still no joy removing what ever it is .. Computer now occasionally starts up, boots as normal, then shows a blue screen and restarts itself... a repetative cycal. It doenst however do this all the time, just sometimes...

Really stuck guys!

Anyone else had any joy?
AfterDawn Addict
7. May 2011 @ 10:30 _ Link to this message    Send private message to this user   
10. May 2011 @ 05:09 _ Link to this message    Send private message to this user   
me to any know yet, been trying to delete it now for over 8 weeks, it think it came down with a key gen, but not 100% sure, anyone help?
23. May 2011 @ 05:45 _ Link to this message    Send private message to this user   
This is from a Google cookie. Opt-out here:
23. May 2011 @ 06:30 _ Link to this message    Send private message to this user   
It was still there, so I used Task manager to find it and removed with Unlocker(great tool, free download) look here: C:\Program Files\Common Files\microsoft shared\Web Components\messenger(?).
All the really great minds here, but I found this despite them.

23. May 2011 @ 08:49 _ Link to this message    Send private message to this user   
Help! I'm also with this sittuation! I open the msconfig and dissable all related with messenger.exe... it was in the same path as the friend above said! I already run my antivirus, it's got something but the problem still persisting!

I also see regedit and delete all related with messenger.exe... but nothing!

Please, any tips? Thanks...
1. June 2011 @ 13:57 _ Link to this message    Send private message to this user   
I am having this issue as well. Has anyone figured out how to resolve this issue? I run my Malware and i delete thei nfected files. Also My microsoft security essentials does not work either. I tried to keep enabling it but it doesnt allow me. Please help!! I am about to throw my laptop out of the window
6. June 2011 @ 12:02 _ Link to this message    Send private message to this user   
Hello everyone!

Everyone who has this problem, I was going to 'msconfig' and in the Boot tab, I have disselected the following things:

- messenger
- msmsgs

And I choose Close, the computer asked me if I would reboot, and I say Yes.
After reboot, no problem with AI Project Installer.

But if you want that you can never startup one of those, if it does the same for you as for me, then I recommend EasyCleaner, search for it on Google. Install it, and click on the Boot button. There you can remove the startup stuff.

Hope I helped you out,
Suspended due to non-functional email address
25. June 2011 @ 20:45 _ Link to this message    Send private message to this user   
i guess this haunting ai project updater has its origin in ares. i uninstalled ares but searching gave as result that the folder was still present. now i disabled messenger.exe in the msconfig.exe and hope i will get rid of it then.
24. September 2011 @ 08:50 _ Link to this message    Send private message to this user   
press ctrl + alt + del, task manager appears, click on-aplications, there appears to''run''of the updater, right click on it and press the-go to trial, is the process, right click on process and press on-open the file location windows executable opens a problem that you delete with shift + del but first we turn to open task manager where our process and press end Process''''then delete the file. sorry for my English
18. December 2011 @ 18:47 _ Link to this message    Send private message to this user   
Hi All,

Just a quick one to say i had this issue. Removed it from MSCONFIG the located it under C:\Program Files x86\Common Files\microsoft shared\Web Components\messenger. And deleted all the folder by using Shift + Delete. Restart and presto. Run AVG and Malwares just to be sure. > forums > software, operating systems and more > windows - virus and spyware problems > ai project updater: insatlling...

Digital video: | AfterDawn Forums
Gaming: | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian |
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork