Avast WEBforum
Other => Viruses and worms => Topic started by: Gullymar on January 19, 2014, 05:29:46 PM
-
Hey guys,
I recently had a scan via Avast where Win32:bprotect-d trj was detected. I wasn't able to remove it nor to block or repair.
Attached I have the mbam, OTL and aswMBR-Logs. Can you help me? Do you need further information?
Best regards beforehand!
-
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) ((http://www.mcshield.net/personal/magna86/Images/FRST_canned.png)) by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
-
Hi thanks, see attached the FRST.txt.
Best regards
-
Download attached fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
====================================================================
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
- Click on the Scan button.
- After the scan has finished click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
- Post logfile will also be saved in the C:\AdwCleaner folder.
=============================================================
Download TDSSKiller (http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe) and save it to your desktop
Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.
- Under Additional options check the boxes next to:
- Verify Driver Digital Signature;
- Detect TDLFS file system
- Use KSN to scan objects
- Press Start Scan
- If Suspicious object is detected, the default action will be Skip, click on Continue.
- If Malicious objects are found, select Cure.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please post the contents of that log in your next reply.
-
Hey,
thanks for the quick reply. Have done it all, please see the attached logs.
Best regards
-
Run FRST and attach fresh report. Tell me how is the situation now?
-
Hey,
I made a scan with FRST, attached you find the log. Anything unusual?
Best regards
-
Report looks clean, do you still have a warning?
-
Hey,
thanks no don't have a warning anymore. If it looks clear I'll now wait and see and if the problem seems to continue I'll catch up with you. Thank you very much for the help.
Best regards
-
Please download DelFix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix) by "Xplode" to your Desktop.
Run the tool and check the following boxes below;
- Remove disinfection tools
- Create registry backup
- Purge System Restore
Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
> I don't need DelFix log report.
-
I too have this virus and have been following your instructions, here are my log reports but the TDSSKiller didnt produce a log file for me to attach, it did say that no threats were found however.
-
Attached are the second reports after following the instructions
-
Hi,
Please download zoek.zip or zoek.rar by smeenk ((http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png)) from here (http://'http://hijackthis.nl/smeenk') or here (http://'http://home.kpn.nl/stefsmeenk/zoek.exe') and save it to your Desktop.
Unpack the archive...
- Close any open browsers
- Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this (http://'http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html') or this (http://'http://www.bleepingcomputer.com/forums/topic114351.html') Instruction.
- Double click on zoek.exe to run the tool .
Please wait for the tool to start...
- Copy the text present inside the code box below and paste it into the large window in the zoek tool:
StandardSearch;
- Click on (http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png) button.
Please wait until a logreport will open (this can be after reboot)
- Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"
-
its saying web page not available, none of those links work
-
Try here
http://hijackthis.nl/smeenk/
-
Ok thats completed attached is the report
-
Re-run Zoek with this script
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r
"AppInit_DLLs"=-;r
c:\\progra~3\\browse~1;fs
autoclean;
emptyalltemp;
-
ok thats completed
-
what do i need to do now?
-
Does the problem still persist
-
the problem was when I was running a boot scan using avast, it came up with the infected file but wouldnt allow me to do anything but abort the boot scan, shall i try that again? If so it should take about 20 mins to get to the 9% complete before it reaches where the problem was
-
You can try if you wish :)
-
Hi, i ran the scan and that was fine, it did flag up some other malware but that was able to be quarantined, so it worked, however i did try to run a system restore this morning from system image and it came up with the error (see attached).
I dont know if that is because of the said Virus this whole post is about or not
-
Good, let's fix System Restore
Please download Farbar Service Scanner (http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/) and run it on the computer with the issue.- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
-
heres the log
-
System Restore looks good, can you take the picture of message that appears when you run System Restore.
-
am having issues with the screen shot being too large a file to attach, but the attached document is a copy of the exact wording from the error.
This is followed by directions to try and restore again but to a different point or go to advanced recovery
-
Why would you do System Restore?
-
to see if the problem has resolved, as in did that virus cause this issue for it not to restore?
How can I tell if my computer is ok to use again for sensitive info?
Would it be easier to just create a new point if all traces of that virus has gone?
-
We can do it by following procedure. It will remove previous restore points and will create new one.
• The following will implement some post-cleanup procedures:
=> Please download DelFix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix) by Xplode to your Desktop.
Run the tool and check the following boxes below;
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Remove disinfection tools
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Create registry backup
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
-
Excellent. I really really appreciate your help over the last 24 hours. You have been great (an patient i must add given my novice knowledge of computer software).
Thank you so much
:D
Mark
-
Can you help me TwinHeadedEagle with the Win32:bprotect-d trj please?
I attached both files : FRST.txt and Adittion.txt
best regards
-
Please start a new topic. Thanks.
-
Can you help me TwinHeadedEagle with the Win32:bprotect-d trj please?
See: http://forum.avast.com/index.php?topic=147121.0
-
Hi!
Unfortunately, I have a problem - after following the instructions, Avast boot scanning still finds the same Bprotect-D virus :(
So, please, help me.
Here are the FRST logs after the last scan with the still-existing virus.
-
Start a new topic in V&W and post your logs there: https://forum.avast.com/index.php?action=post;board=4.0