Author Topic: Win32 BProtect-D Trojan  (Read 2914 times)

0 Members and 1 Guest are viewing this topic.

stephenob16

  • Guest
Win32 BProtect-D Trojan
« on: March 12, 2014, 02:02:38 AM »
Hey, Ive been having a lot of problems recently and when I did a boot time scan it showed up that I had this virus and couldnt delete it.

Thank You

stephenob16

  • Guest
Re: Win32 BProtect-D Trojan
« Reply #1 on: March 12, 2014, 02:04:07 AM »
This is my aswMBR log. It got stuck while scanning Spotify Launcher, dont know why. Cheers

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Win32 BProtect-D Trojan
« Reply #2 on: March 12, 2014, 02:30:27 AM »
Hi stephenob16,

First, we will directly hit with powerful ComboFix and then we're targeting all other junk using Zoek.



---     ---     ---
ComboFix
---     ---


1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
Note: ComboFix must be downloaded to your Desktop.


--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:
  • Right click on the avast! system tray icon () in the lower right corner of the screen and scroll up to avast! shield controls;
  • In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.

- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.

-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.
ComboFix shall also create addition log. Please attach it to your reply.
C:\Qoobox\ComboFix-quarantined-files.txt



---     ---     ---
Zoek
---     ---






Please download zoek.zip or zoek.rar by smeenk () from here or here and save it to your Desktop.
Unpack the archive...
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.

  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...

  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code: [Select]
Uninstall-List;
EmptyFoldersCheck;Delete
EmptyCLSID;
AutoClean;
  • Click on button.
    Please wait until a logreport will open (this can be after reboot)

  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"

stephenob16

  • Guest
Re: Win32 BProtect-D Trojan
« Reply #3 on: March 12, 2014, 01:34:25 PM »
Okey dokey, here are those logs.

stephenob16

  • Guest
Re: Win32 BProtect-D Trojan
« Reply #4 on: March 12, 2014, 02:37:03 PM »
Do I need to do anything else or am I sorted do you think?

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Win32 BProtect-D Trojan
« Reply #5 on: March 12, 2014, 03:20:16 PM »
Hi stephenob16,

Logs looks good actually. Both, CF and Zoek did a great thinks in cleaning.



Re-run Zoek tool as you did before but this time use this script:

Code: [Select]
c:\windows\system32\NV;VS
c:\users\Stephen\AppData\Local\{2A82324E-1E3C-4E88-A68A-8BA11B0417FE};VS
c:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP;F
Yontoo 1.10.03;U

When zoek finish his work, attach here the fresh created zoek log.



---     ---     ---   



Quote
... I did a boot time scan it showed up that I had this virus and couldnt delete it.
I would like to see what avast has been detected in his boot time scan. Please attach here his aswBoot.txt logreprot.

C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt