Possible new virus "Profilesbyte.exe"

Hi,
I recently went to a friends house to remove 3 new Trojans on their computer (Windows/Me) and took notice of two entries in the registry that captured my curisoity: "Win32byte.exe and Msinet.ocx "...

I also noticed that every time I rebooted the computer from disabling and re-enabling system restore, that Spy Sweeper would detect the following trying to change the home page www.profilesbyte.com).

In my search to find more information, information has pointed in the direction of potential trojan/viruses from this site www.profilesbyte.com and loading the two entries I mentioned in my first paragraph into the registry.

It supposedly hijacks your home page, edits your Instant Messenger and creates other computer problems. At this time I am under the impression that there is no immediate fix other than too remove the registry entries. I will try and post any information that I find and request the same from anyone who may have additional knowledge or information...

 

Hi Pete,
I was fortunate enough to have found that information through google before posting it.

After I was able to remove the three trojans (unrelated to this possible virus I thinK) that is when Spy Sweeper popped up with the home page warning. There did not seem to be any problems with the home page being hijacked as I was able to access their regular home page (which is Comcast) a few times.

What did bring my attention to a possible problem still existing on this particular computer was a message popping up from their AOL Instant Messenger refrencing something to do with working on-line (I failed to write it down). Along with the Spy Sweeper warning. Before making any decisions I did my homework, came up with the info I posted. Before removing the entries I mentioned from the registry, I was hoping to find more info as well as bring this to everyone's attention...

 

Attn: PeteC

Update...I went into the registry under Hkey_Local_Machine (software, microsoft,windows,current version then run) and located msbootini and deleted it. Upon rebooting the computer, spy sweeper no longer was prompting it's warning message about the home page.

AOL which was also displaying the following message: "The AIM hyperlink you've clicked on may require you to be on-line to work. Please log on first" was no longer appearing as well.

Everything appears to be working properly and functioning well...I will try to continue to post any more info that comes available on this for future refrences. Once again, I am thankful for the help...

 

Not a new viri, adware , they even admit it

profilesbyte.com/licence.html

Bla Bla Bla
Looks like so in a hjt log
O4 - HKLM\..\Run: [msbootini] c:\win32byte.exe
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - profilesbyte.com/spyrus/win32byte.exe

By the way Spywareblaster would have stoped it.

Also it seamed to set my history to be save for 10 day's


Regseeker cleaned this up >

[HKEY_USERS\.DEFAULT\Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Misc]
"help "= "C:\\win32byte.exe "

[HKEY_CURRENT_USER\Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Misc]

[HKEY_CLASSES_ROOT\CLSID\{A4C4671C-499F-101B-BB78-00AA00383CBB}]
@= "VBA Collection Object "

[HKEY_CLASSES_ROOT\CLSID\{A4C4671C-499F-101B-BB78-00AA00383CBB}\InprocServer32]
@=" "

 

Hi Lonny,
Thanks for the update...I however have dealt with adware, spyware, etc, etc and this one was the first I've heard of anyways that can hijack or atleast change your home page, cause connection problems, edit your prefrences in AOL/AIM, create registry entries (and whatever else it does) and be called "adware "...But I have always learn to expect the unexpected.

I know when I listed my first post on this that I was not sure if it was a new virus or not, and am thankful for yours and PeteC assistance with verifying what it is. But as long as everyone is onto it, I'm happy...