Avast WEBforum

Other => Viruses and worms => Topic started by: stephenob16 on March 12, 2014, 02:02:38 AM

Title: Win32 BProtect-D Trojan
Post by: stephenob16 on March 12, 2014, 02:02:38 AM

Hey, Ive been having a lot of problems recently and when I did a boot time scan it showed up that I had this virus and couldnt delete it.

Thank You

Title: Re: Win32 BProtect-D Trojan
Post by: stephenob16 on March 12, 2014, 02:04:07 AM

This is my aswMBR log. It got stuck while scanning Spotify Launcher, dont know why. Cheers

Title: Re: Win32 BProtect-D Trojan
Post by: magna86 on March 12, 2014, 02:30:27 AM

Hi stephenob16,

First, we will directly hit with powerful ComboFix and then we're targeting all other junk using Zoek.



---     ---     ---
ComboFix
---     ---


1. Please download ComboFix by sUBs from here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) and save it to your Desktop.
If you are unsure how ComboFix works please read this guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) carefully.
Note: ComboFix must be downloaded to your Desktop.

--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html) or this (http://www.bleepingcomputer.com/forums/topic114351.html) Instruction.

Instructions how to disable avast:

• Right click on the avast! system tray icon ((http://www.mcshield.net/pg/images/avast5.png)) in the lower right corner of the screen and scroll up to avast! shield controls;
  
• In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.
- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.
ComboFix shall also create addition log. Please attach it to your reply.
C:\Qoobox\ComboFix-quarantined-files.txt



---     ---     ---
Zoek
---     ---






Please download zoek.zip or zoek.rar by smeenk ((http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png)) from here (http://hijackthis.nl/smeenk) or here (http://home.kpn.nl/stefsmeenk/zoek.exe) and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html) or this (http://www.bleepingcomputer.com/forums/topic114351.html) Instruction.
  
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:

Code: [Select]

Uninstall-List;
EmptyFoldersCheck;Delete
EmptyCLSID;
AutoClean;


• Click on (http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png) button.
  Please wait until a logreport will open (this can be after reboot)
  
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"
  

Title: Re: Win32 BProtect-D Trojan
Post by: stephenob16 on March 12, 2014, 01:34:25 PM

Okey dokey, here are those logs.

Title: Re: Win32 BProtect-D Trojan
Post by: stephenob16 on March 12, 2014, 02:37:03 PM

Do I need to do anything else or am I sorted do you think?

Title: Re: Win32 BProtect-D Trojan
Post by: magna86 on March 12, 2014, 03:20:16 PM

Hi stephenob16,

Logs looks good actually. Both, CF and Zoek did a great thinks in cleaning.



Re-run Zoek tool as you did before but this time use this script:

Code: [Select]

c:\windows\system32\NV;VS
c:\users\Stephen\AppData\Local\{2A82324E-1E3C-4E88-A68A-8BA11B0417FE};VS
c:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP;F
Yontoo 1.10.03;U
When zoek finish his work, attach here the fresh created zoek log.



---     ---     ---   

Quote

... I did a boot time scan it showed up that I had this virus and couldnt delete it.

I would like to see what avast has been detected in his boot time scan. Please attach here his aswBoot.txt logreprot.

C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt