What is CapeStarling.exe?
CapeStarling.exe is part of TODO: <Product name> and developed by TODO: <Company name> according to the CapeStarling.exe version information.
CapeStarling.exe's description is "TODO: <File description>"
CapeStarling.exe is usually located in the 'c:\users\%USERNAME%\appdata\local\birds\' folder.
None of the anti-virus scanners at VirusTotal reports anything malicious about CapeStarling.exe.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Vendor and version information [?]
The following is the available information on CapeStarling.exe:
| Property | Value |
|---|---|
| Product name | TODO: <Product name> |
| Company name | TODO: <Company name> |
| File description | TODO: <File description> |
| Internal name | CapeStar.exe |
| Original filename | CapeStar.exe |
| Legal copyright | Copyright (C) 2015 |
| Product version | 1.0.0.3 |
| File version | 1.0.0.3 |
Here's a screenshot of the file properties when displayed by Windows Explorer:
| Product name | TODO: <Product name> |
| Company name | TODO: <Company name> |
| File description | TODO: <File description> |
| Internal name | CapeStar.exe |
| Original filename | CapeStar.exe |
| Legal copyright | Copyright (C) 2015 |
| Product version | 1.0.0.3 |
| File version | 1.0.0.3 |
Digital signatures [?]
CapeStarling.exe is not signed.
VirusTotal report
None of the 55 anti-virus programs at VirusTotal detected the CapeStarling.exe file.
Hashes [?]
| Property | Value |
|---|---|
| MD5 | af4458d0e57b9547d58313f726fc20e0 |
| SHA256 | f773990bca5ce0093df87eecb46adae25998972e0ff66d4cb6f0f26af6974a05 |
Error Messages
These are some of the error messages that can appear related to capestarling.exe:
capestarling.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
capestarling.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.
TODO:
has stopped working.
End Program - capestarling.exe. This program is not responding.
capestarling.exe is not a valid Win32 application.
capestarling.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.
What will you do with the file?
To help other users, please let us know what you will do with the file:
What did other users do?
The poll result listed below shows what users chose to do with the file. 98% have voted for removal. Based on votes from 168 users.
NOTE: Please do not use this poll as the only source of input to determine what you will do with the file.
Malware or legitimate?
If you feel that you need more information to determine if your should keep this file or remove it, please read this guide.
And now some shameless self promotion ;)
Hi, my name is Roger Karlsson. I've been running this website since 2006. I want to let you know about the FreeFixer program. FreeFixer is a freeware tool that analyzes your system and let you manually identify unwanted programs. Once you've identified some malware files, FreeFixer is pretty good at removing them. You can download FreeFixer here. It runs on Windows 2000/XP/2003/2008/2016/2019/Vista/7/8/8.1/10. Supports both 32- and 64-bit Windows.
If you have questions, feedback on FreeFixer or the freefixer.com website, need help analyzing FreeFixer's scan result or just want to say hello, please contact me. You can find my email address at the contact page.
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
Spybot S&D, malwarebytes, adwcleaner, none reported this.
Some sort of malware, makes popups appear whenever you click in your web browser. often asks for your facebook password.
To remove:
Go to your start menu, run, msconfig
click the startup tab, disable birds from startup.
Click the "general" tab in msconfig, select diagnostic startup, click apply, restart.
After restarting open up file explorer, navigate to your users folder usually "C:\Users"
Check every user in the system for a directory in appdata\local\birds
EG: C:\Users\Bob\Appdata\Local\Birds
Delete if found.
run msconfig again, in the "general" tab revert back to normal startup, apply.
Run "regedit"
Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Delete the "Birds" registry entry.
Restart.
# 31 Jul 2015, 9:46
Sam writes
i'll add a few things to what Tucker wrote:
- besides infecting your web browser , you will also get some pop-ups (windows 10 on my machine) stating a script
error on line 62 etc ...
- Another folder called MSBirds can be found in the same directory, i.e C:\Users\<User Name>\Appdata\Local\
Also delete if found.
- When in regedit, search for everything containing Capestarling , there are a few keys other than the ones in Run
Delete everything you find.
# 20 Aug 2015, 1:31
Tucker writes
@Sam, your infection seems to be slightly different from mine.
I double checked everything you said and nothing showed up for me, maybe its a difference in Windows versions? (You on 10, me on 8.1)
# 20 Aug 2015, 9:03
Sam writes
@Tucker apparently so , i had two different "Birds" processes running on system startup and each one originated in a different folder , Birds and MSBirds.
Perhaps as you said it is due to different windows versions.
Cheers.
# 20 Aug 2015, 9:16
John Q writes
@Tucker & @ Sam,
Thanks, your methodology worked!
Also learning a bit about how to use MSCONFIG and REGEDIT. Makes TOTAL logical sense.
# 20 Aug 2015, 22:28
Johan writes
Thanks guys, I had both birdies and with your advizes I managed to remove them both :-)
# 21 Aug 2015, 10:19
Don writes
WIndows 10 are located in C:\Users\<username>\Local\ - (without appdata) - you will be looking for 2 .dll files within Birds folder. ( Mine are located on a de-activated users profile.)
# 5 Sep 2015, 7:48
Don writes
Wish you could edit comments: On windows 10 or after 9/5/15 you need to search your registry for "Birds" not "CapeStarling", found in multiple places. Pro-Tip: Only delete full folders where Birds or MSBirds are the full name of the Folder. - Also is it wierd that it only attached itself to Chrome?
# 5 Sep 2015, 8:12
paul writes
the source of the virus for me was downloading a winrar password cracker...this is a virus report i found
https://www.hybrid-analysis.com/sample/58edf4606a0e41f8bdf49bba787e1c425d5e99c8771fc80cb93dfe51dcbe9212?environmentId=1
# 6 Sep 2015, 23:09
Rahd writes
This program is most annoying and should be considered a spyware and keylogger it also visibly slowed my performance on my pc it had 3 folders on my pc MSbirds Birds and then an extra folder I found called Cassowary which is also a bird thats how I recognized it.
# 14 Sep 2015, 6:28
ArSHAw writes
source of the virus was: Winrar Password Remover & Unlocker.
# 29 Sep 2015, 8:28
Tucker writes