Author Topic: remover o virus Win32:BProtect-J [Trj]  (Read 11669 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
remover o virus Win32:BProtect-J [Trj]
« on: July 17, 2014, 12:12:20 AM »
Boa tarde. Preciso de ajuda para remover o virus Win32:BProtect-J [Trj]. O Avast somente bloqueia, mas não remove. Como devo proceder?

Grata
Luciana

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6674
  • volunteer
Re: remover o virus Win32:BProtect-J [Trj]
« Reply #1 on: July 17, 2014, 12:17:15 AM »
Boa noite

não garanto que o removedor de malware irá voltar ainda hoje,mas para adiantar

Por favor download Farbar Recovery Scan Tool e salve-o em seu Desktop.
 
Nota: Você precisa executar a versão compatível com seu sistema. Se você não tem certeza de qual versão se aplica ao seu sistema de baixar os dois e tentar executá-los. Apenas um deles será executado no seu sistema, que será a versão correta.
 
  • Botão direito do mouse para executar como administrador (usuários do Windows XP clique em Executar após o recebimento do Aviso de Segurança do Windows - Abrir arquivo). Quando a ferramenta abre clique em yes para aviso de isenção.
  • Selecionar  additions na parte inferior
  • Pressione botão Scan .


  • Ela irá produzir um registro chamado FRST.txt no mesmo diretório que a ferramenta é executado a partir.
  • Por favor, anexar os dois logs gerados.
« Last Edit: July 17, 2014, 12:24:01 AM by jefferson santiag »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: remover o virus Win32:BProtect-J [Trj]
« Reply #2 on: July 17, 2014, 12:18:10 AM »
Tente agendar um escaneamento ao reiniciar e mova o arquivo infectado para Quarentena (mais seguro do que apagá-lo diretamente).
The best things in life are free.

REDACTED

  • Guest
Re: remover o virus Win32:BProtect-J [Trj]
« Reply #3 on: July 17, 2014, 12:29:34 AM »
Já tentei fazer o escaneamento ao iniciar mas não dá certo. Não pega nenhum virus em nenhum escaneamento. Diz que a ameaça é da internet

REDACTED

  • Guest
Re: remover o virus Win32:BProtect-J [Trj]
« Reply #4 on: July 17, 2014, 12:36:15 AM »
seguem anexos solicitados

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6674
  • volunteer
Re: remover o virus Win32:BProtect-J [Trj]
« Reply #5 on: July 17, 2014, 12:58:24 AM »
Aguarde até amanhã   :)

Baixe OTL para o seu desktop

http://oldtimer.geekstogo.com/OTL.exe
link secundário
http://www.itxassociates.com/OT-Tools/OTL.exe
• Dê um duplo clique no ícone para executá-lo. Certifique-se de todas as outras janelas estão fechadas e deixe-o funcionar sem interrupção.






• Selecione todos os usuários

• Sob a caixa de verificação personalizada colar isso em
netsvcs
BASESERVICES
% Systemdrive% \ *. Exe
/ md5start
* serviços.
explorer.exe
winlogon.exe
userinit.exe
svchost.exe
/ md5stop
dir "% systemdrive% \ *" / S / A: L / C
CREATERESTOREPOINT


• Clique no botão Digitalizar Executar. Não altere as configurações salvo disse para fazê-lo. A digitalização vai levar muito tempo.
• Quando a verificação for concluída, ele vai abrir duas janelas notepad. OTL.Txt e Extras.Txt. Estes são salvos no mesmo local OTL.

• anexar  ambos os logs
« Last Edit: July 17, 2014, 01:15:48 AM by jefferson santiag »

REDACTED

  • Guest
Re: remover o virus Win32:BProtect-J [Trj]
« Reply #6 on: July 17, 2014, 01:17:20 AM »
Ok. Farei então amanhã. Obrigada

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6674
  • volunteer
Re: remover o virus Win32:BProtect-J [Trj]
« Reply #7 on: July 17, 2014, 01:18:11 AM »
Ok. Farei então amanhã. Obrigada

De nada. 8)

REDACTED

  • Guest
Re: remover o virus Win32:BProtect-J [Trj]
« Reply #8 on: July 17, 2014, 01:41:56 AM »
anexos

REDACTED

  • Guest
Re: remover o virus Win32:BProtect-J [Trj]
« Reply #9 on: July 17, 2014, 01:07:22 PM »
Olá Jefferson, tem alguma novidade? Hoje ao ligar o computador deu um erro de inicialização. Estou com receio deste trojan.
Grata
Luciana

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: remover o virus Win32:BProtect-J [Trj]
« Reply #10 on: July 17, 2014, 05:16:31 PM »
Você poderia executar os dois programas seguintes e iremos de lá


Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
THEN

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select  additions at the bottom
  • Press Scan button.

  • It will produce a log called FRST.txt in the same directory the tool is run from. 
  • Please attach both logs generated.

REDACTED

  • Guest
Re: remover o virus Win32:BProtect-J [Trj]
« Reply #11 on: July 17, 2014, 07:01:43 PM »
O Avast pegou uma ameaça e mandou para quarentena. E agora não aparece mais a mensagem de ameaça do Avast.

REDACTED

  • Guest
Re: remover o virus Win32:BProtect-J [Trj]
« Reply #12 on: July 17, 2014, 07:02:49 PM »
Significa que está ok? Foi depois dos procedimentos de ontem. Os procedimentos colocados hoje eu não fiz.
Grata

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: remover o virus Win32:BProtect-J [Trj]
« Reply #13 on: July 18, 2014, 10:24:10 PM »
Minhas desculpas, eu não vi que você tinha já os FRST arquivos anexados

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtDtAtD0D0A0A0C0C0FtAzyyDyD0AtN0D0Tzu0SyByDyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=552544294&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtDtAtD0D0A0A0C0C0FtAzyyDyD0AtN0D0Tzu0SyByDyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=552544294&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtDtAtD0D0A0A0C0C0FtAzyyDyD0AtN0D0Tzu0SyByDyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=552544294&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtDtAtD0D0A0A0C0C0FtAzyyDyD0AtN0D0Tzu0SyByDyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=552544294&ir=
BHO: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} ->  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-07-16 19:05 - 2014-06-25 10:25 - 00002392 _____ () C:\Windows\Tasks\dff8eeab-481a-4855-a70f-7bf9c558ebd8-4.job
2014-07-16 19:05 - 2014-06-25 10:25 - 00002390 _____ () C:\Windows\Tasks\c53f80ad-802f-4311-94ad-d1af10002a5a-4.job
2014-07-16 19:05 - 2014-06-25 10:25 - 00002202 _____ () C:\Windows\Tasks\11ecf175-90a7-4397-8c79-1815da75d2d6-4.job
2014-07-16 19:05 - 2014-01-25 11:53 - 00000918 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
2014-07-16 19:05 - 2014-01-25 11:53 - 00000300 _____ () C:\Windows\Tasks\MySearchDial.job
2014-07-16 16:58 - 2014-01-25 11:53 - 00000922 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
2014-07-16 16:53 - 2014-01-25 11:53 - 00000300 _____ () C:\Windows\Tasks\SaveSense.job
2014-07-16 15:30 - 2014-07-16 14:12 - 00000000 ____D () C:\Users\Todos os Usuários\MFAData
2014-07-16 15:30 - 2014-07-16 14:12 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-16 14:58 - 2014-06-20 08:15 - 00000000 ____D () C:\Program Files\003
2014-06-26 19:09 - 2014-01-20 16:16 - 00000000 ____D () C:\Users\Luciana\AppData\Roaming\newnext.me
2014-06-26 19:09 - 2014-01-20 16:16 - 00000000 ____D () C:\Users\Luciana\AppData\Local\genienext
2014-06-26 19:09 - 2014-01-20 16:16 - 00000000 ____D () C:\Program Files\Mobogenie
2014-06-25 16:29 - 2014-06-25 10:24 - 00000000 ____D () C:\Program Files\globalUpdate
2014-06-25 10:58 - 2014-06-25 10:58 - 00000000 ____D () C:\Users\Todos os Usuários\2308189059
2014-06-25 10:58 - 2014-06-25 10:58 - 00000000 ____D () C:\ProgramData\2308189059
2014-06-25 10:36 - 2014-06-20 08:18 - 00000000 ____D () C:\Users\Luciana\AppData\Roaming\systweak
2014-06-25 10:24 - 2014-06-25 10:24 - 00000000 ____D () C:\Users\Luciana\AppData\Local\globalUpdate
2014-06-25 10:15 - 2014-06-25 10:15 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-06-25 10:13 - 2014-06-25 10:13 - 00000000 ____D () C:\Users\Luciana\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
C:\ProgramData\FileSplitUpLoad.dll
C:\Users\Todos os Usuários\FileSplitUpLoad.dll
Task: {6CDD94F0-5233-4E52-87DB-2DB66CBBCB49} - \MySearchDial No Task File <==== ATTENTION
Task: {C7D526B9-546C-400B-8EB5-A56878ABDA43} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [2014-01-25] (SaveSense) <==== ATTENTION
Task: {C8D8AFD3-6CBA-4C34-B5F5-DA71D3F21794} - System32\Tasks\11ecf175-90a7-4397-8c79-1815da75d2d6-4 => C:\Program Files\Object Browser\11ecf175-90a7-4397-8c79-1815da75d2d6-4.exe
Task: {D8B685D5-7013-4645-98B2-D5AFC100F3C7} - System32\Tasks\dff8eeab-481a-4855-a70f-7bf9c558ebd8-4 => C:\Program Files\iWebar\dff8eeab-481a-4855-a70f-7bf9c558ebd8-4.exe <==== ATTENTION
Task: {FEADC18E-32B4-406D-9C19-26CCD0DEEF9E} - System32\Tasks\c53f80ad-802f-4311-94ad-d1af10002a5a-4 => C:\Program Files\Sense\c53f80ad-802f-4311-94ad-d1af10002a5a-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\11ecf175-90a7-4397-8c79-1815da75d2d6-4.job => C:\Program Files\Object Browser\11ecf175-90a7-4397-8c79-1815da75d2d6-4.exe
Task: C:\Windows\Tasks\c53f80ad-802f-4311-94ad-d1af10002a5a-4.job => C:\Program Files\Sense\c53f80ad-802f-4311-94ad-d1af10002a5a-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\dff8eeab-481a-4855-a70f-7bf9c558ebd8-4.job => C:\Program Files\iWebar\dff8eeab-481a-4855-a70f-7bf9c558ebd8-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Luciana\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\SaveSense.job => C:\Users\Luciana\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:

 
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

REDACTED

  • Guest
Re: remover o virus Win32:BProtect-J [Trj]
« Reply #14 on: July 18, 2014, 10:54:16 PM »
anexo