Limited Time!
Totally FREE Web Design!
Click here!

Parasite: BroadcastPC

This record last updated Tue Sep 20 2005 00:34:14

PLEASE NOTE: Due to the overwhelming extent of this problem and the unbelievable volume of email we have received, we regret that we cannot respond to questions about browser parasites at this time. If you have attempted to contact us about this parasite please accept our apology for not responding. "Thank you's" are always appreciated ;-)

Description

BroadcastPC is adware from Flashpoint Media implemented as a process run at Windows startup. When a network connection is present, it downloads video files bit-by-bit from its controlling server. When finished, it plays them back at arbitrary moments (breaking into whatever you were doing at the time).

Variants

BroadcastPC/RVP: original version, stored in C:\Program Files\RVP\bpc.exe (regardless of whether the real Program Files folder is actually called C:\Program Files.)

BroadcastPC/BTV: update stored in C:\Program Files\BTV\btv.exe. Typically supplied with BroadcastPC/RegB, a process stored in C:\Program Files\Common Files\Java\breg.exe that also runs at startup, guarding against removal of the main software by reinstalling it if damaged, and btvclean.exe, which removes older variants of BroadcastPC on the first startup after installation.

BroadcastPC/Bcpc: update stored in C:\Program Files\Bcpc\bcpc.exe. Guard process BroadcastPC/RegBc in the Java folder is renamed to bcre.exe; cleaner process is renamed bcpc_c.exe.

BroadcastPC/BPT: update stored in C:\Program Files\Bpt\bpt.exe. Guard process BroadcastPC/RegRe in the Java folder is renamed to bptre.exe; cleaner process is renamed bpt_c.exe.

Other processes in the Common Files\Java folder are likely to be similar guard and cleaner processes belonging to the FlashTrack parasite, which is written and controlled by the same company.

Also known as

BPC.

Distribution

Bundled by many free applications, including file-sharing software such as Grokster. Also silently installed by the Autostartup, FavoriteMan/MMView and WildMedia parasites.

What it does

Advertising

Yes. The videos are typically movie trailers downloaded from amex.isprime.com. The default Windows Media Player skin is also often changed to a custom skin for the film in question without asking. (Which is invariably unusably big ’n’ ugly!)

Privacy violation

No.

Security issues

Yes. Can silently download and execute arbitrary unsigned code as well as video files, as directed by its controlling server report.broadcastpc.tv. This has been used to install the FlashTrack parasite.

Stability problems

None known.

Removal

The RVP variant may have a working uninstall entry named ‘RVP’ in the Control Panel’s Add/Remove Programs list. Contrary to the claims at broadcastpc.tv, no other variant has been seen to provide an uninstaller.

Manual removal

Open the registry (click ‘Start’, choose ‘Run’, enter ‘regedit’) and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. On the right, delete the entry ‘RVP’ pointing to bpc.exe (RVP variant), ‘BTV’ pointing to btv.exe (BTV variant), ‘BCPC’ pointing to Bcpc.exe (Bcpc variant), ‘BPT’ pointing to Bpt.exe (BPT variant), or ‘Breg’, pointing to breg.exe (RegB variant), bcre.exe (RegBc variant) or bptre.exe (RegRe variant).

Also check the RunOnce subkey: if the computer has not yet been restarted since the installation you may find ‘BtvC’ pointing at btvclean.exe or ‘bcpc_c’ pointing at bcpc_c.exe or bpt_c.exe; these entries can also be deleted.

Restart the computer and you should then be able to remove the entire ‘RVP’, ‘BTV’, ‘Bcpc’ or ‘BPT’ folder from the Program Files folder, along with the guard files from the Program Files\Common Files\Java folder. It is also worth cleaning out the temporary folder, which may be full of video files. Enter ‘%Temp%’ in an Explorer window’s address bar to view this folder.

You can also open the registry (Start->Run->regedit) and open the key HKEY_LOCAL_MACHINE\Software. Delete the subkey ‘RVP’, ‘BTV’, ‘BCPC’ or ‘BPT’ to clean up if you like.