bprotect-d trj

[bolledon]

Hi,

I have some trouble removing bprotect-d from a computer.
I followed the first 3 steps of this topic http://forum.avast.com/index.php?PHPSESSID=h3u8vnir6vrtfufbk480r1jp64&topic=53253.0

I have attached the mbam log, the OTL log is to big to attach (971 kb). I Will devide the OTL log in chunks an attach to a following post. It seems like this log is so long due to previous installations of windows 7.

I have tried to run aswMBR.exe a few times and it does start to scan but it stops after a short while. I  attached a printscreen.


Any help would be greatly appreciated.


Kind regards,

Wouter

[Pondus]

Malware experts are notified, it may take some hours before they are online.....

You can upload OTL log to a fileshare site and give download link here

[argus]

Hi,


Please download Farbar Recovery Scan Tool () by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[bolledon]

Thanks for the fast replies!


Here is the link to my OTL log

http://qshare.com/get/1324331/OTL.Txt.html


I will use the Farbar recovery tool and report back.

[bolledon]

I have attached the 2 txt file the Farbar recovery tool created

[argus]

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]

Start
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1387810332&from=cor&uid=HitachiXHTS547575A9E384_J2140059DBVBEADBVBEAX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1387810332&from=cor&uid=HitachiXHTS547575A9E384_J2140059DBVBEADBVBEAX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1387810332&from=cor&uid=HitachiXHTS547575A9E384_J2140059DBVBEADBVBEAX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1387810332&from=cor&uid=HitachiXHTS547575A9E384_J2140059DBVBEADBVBEAX&q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1387810332&from=cor&uid=HitachiXHTS547575A9E384_J2140059DBVBEADBVBEAX&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1387810332&from=cor&uid=HitachiXHTS547575A9E384_J2140059DBVBEADBVBEAX&q={searchTerms}
C:\Users\Vivian\ib2013_win_setup.exe
C:\Users\Vivian\AppData\Local\Temp\BackupSetup.exe
C:\Users\Vivian\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Vivian\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Vivian\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Vivian\AppData\Local\Temp\vlc-2.1.3-win32.exe
Task: {3FA06F8A-B072-400D-ACBD-AC73DDF55DB9} - System32\Tasks\UpdaterEX => C:\Users\Vivian\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Vivian\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

[bolledon]

Thanks again!

[argus]

Please download zoek.zip or zoek.rar by smeenk () from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:

Code: [Select]

filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;

• Click on button.
  Please wait until a logreport will open (this can be after reboot)
  
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"
  

[bolledon]

zoek-results attached

[argus]

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:

Code: [Select]

C:\Windows\tasks\Adobe Flash Player Updater.job;f
bopakagnckmlgajfccecajhnimjiiedh;chr
emptyalltemp;
autoclean;
emptyclsid;
ipconfig /flushdns >> %temp%\log.txt;b
 

• Click on button.
  Please wait until a logreport will open (this can be after reboot)
  
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"
  

[bolledon]

Zoek results attached

[argus]

Ok, do you have a problem now?

[bolledon]

I have no problems anymore with the computer.

The actions provided by you have removed malware. By performing a boot scan I discovered that there was still a bprotect-d trj on the computer. It was within a previous installation of windows (I removed it completely). So I think it was other malware that was causing trouble. It has been removed though.

I want to sincerely thank you and everybody that has contributed to this solution.

Kind regards,

Wouter

 

[argus]

• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.