Win32:BProtect -G, Win32:BProtet-H discovered with scanning
- Thread starter babskie
- Start date
- Mar 8, 2013
- 22,627
First, go to Control Panel and uninstall following (skip lines that cannot be uninstalled):
- BitGuard
- Freecorder Toolbar
- Java 7 Update 51
Latest versions of Java available here --> http://www.java.com/en/
Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Open FRST, and click Fix. Attach me that report after it is finished.
Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- BitGuard
- Freecorder Toolbar
- Java 7 Update 51
Latest versions of Java available here --> http://www.java.com/en/
***** NEXT *****
Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Open FRST, and click Fix. Attach me that report after it is finished.
***** NEXT *****
Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
- Click on the Scan button.
- After the scan has finished click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
- Post logfile will also be saved in the C:\AdwCleaner folder.
- Jun 24, 2014
- 5
have uninstalled programs best possible and installed Java, latest.
attached are fixlog.txt, and two adwcleaner reports just in case.
I was pleased to see 4 entries of BProtect and something for BitGuard as well that were hopefully deleted with adwcleaner.
Feeling confidant.
attached are fixlog.txt, and two adwcleaner reports just in case.
I was pleased to see 4 entries of BProtect and something for BitGuard as well that were hopefully deleted with adwcleaner.
Feeling confidant.
- Mar 8, 2013
- 22,627
- Jun 24, 2014
- 5
Real time scan with Avast free version stated all was good, however, it is unable to scan a slowly increasing number of files because they are password protected archives? There are now about 35 or 40 or these password protected archived files. I do not think that I am the one password protecting them?
Began a boot scan until it was past the places the viruses were discovered before. 4 were found, none could be fixed, moved to vault, repaired or deleted. The word archive was mentioned.....
They are located here:
C:\user\babskie\AppData\local\MicrosoftWindows......followed by
Temp Int.Files\Content.IES\DH1HQCIA\pack1.7zI >bprotect.exe is infected by Win32:BProtect-F [TRJ]
Win64:Adware-B [ADW]
Temp Int.Files\Content.IES\DH1HQCIA\pack1.7zI >loader.dll Win32:BProtect-G [TRJ]
Temp Int.Files\Content.IES\DH1HQCIA\pack1.7zI >protector.dll Win32:Bprotect-H [TRJ]
please note, after the terms 7z it is a straight vertical line.
Not sure if any of this is important, I also may have not been 100% accurate in copying the symbols....but it IS close. A camera shot can be taken if it is important to send to you.....
Internet Explorer isn't used much, preferring Firefox, and IE could not be located in the add/remove programs....I may have attempted to remove it in the past to free up disk space.... It is still on the computer in a 64bit version....
It still isn't possible to log onto Pinterest and a credit card banking site still won't "work" to make a payment but I'm wondering if these might be privacy/security issues..... Mainly concerned with getting the archived files, especially if they contain a virus, gone.
Thank you.
Began a boot scan until it was past the places the viruses were discovered before. 4 were found, none could be fixed, moved to vault, repaired or deleted. The word archive was mentioned.....
They are located here:
C:\user\babskie\AppData\local\MicrosoftWindows......followed by
Temp Int.Files\Content.IES\DH1HQCIA\pack1.7zI >bprotect.exe is infected by Win32:BProtect-F [TRJ]
Win64:Adware-B [ADW]
Temp Int.Files\Content.IES\DH1HQCIA\pack1.7zI >loader.dll Win32:BProtect-G [TRJ]
Temp Int.Files\Content.IES\DH1HQCIA\pack1.7zI >protector.dll Win32:Bprotect-H [TRJ]
please note, after the terms 7z it is a straight vertical line.
Not sure if any of this is important, I also may have not been 100% accurate in copying the symbols....but it IS close. A camera shot can be taken if it is important to send to you.....
Internet Explorer isn't used much, preferring Firefox, and IE could not be located in the add/remove programs....I may have attempted to remove it in the past to free up disk space.... It is still on the computer in a 64bit version....
It still isn't possible to log onto Pinterest and a credit card banking site still won't "work" to make a payment but I'm wondering if these might be privacy/security issues..... Mainly concerned with getting the archived files, especially if they contain a virus, gone.
Thank you.
- Jun 24, 2014
- 5
TwinHeadedEagle, the RAR file containing three of the identified BProtect archived files has been located. It was necessary to show hidden files and type the address in. At the level of Pack1 it is possible to delete it as it is in WinRar. Any reason not to?
Not able to upload .bmp taken with Gadwin print screen
Not able to copy/paste?
http://we.tl/gUgIOoenLn is the link for WeTransfer -- I placed 2 screen shots, one of the file folder with 3 of the trojans and then one level above of Pack 1 which I think I'd like to delete.
Will continue to search for the one with Win64:Adware-B [adw]
Not able to upload .bmp taken with Gadwin print screen
Not able to copy/paste?
http://we.tl/gUgIOoenLn is the link for WeTransfer -- I placed 2 screen shots, one of the file folder with 3 of the trojans and then one level above of Pack 1 which I think I'd like to delete.
Will continue to search for the one with Win64:Adware-B [adw]
- Mar 8, 2013
- 22,627
Don't worry about these, these files are just temporary files and cannot harm your PC. We're going to clean them now:
Please download CCleaner.
Then, unless you have some other issue, we can finish, your PC is now clean.
Please download CCleaner.
- Double-click to run setup, then follow the installation process.
- When installation is over, CCleaner will open.
- Click on Run Cleaner button, and wait until program finishes.
- Your temporary files are now emptied.
Then, unless you have some other issue, we can finish, your PC is now clean.
Thank you, over 4GB temp files removed including the password protected trojan ones.
- Mar 8, 2013
- 22,627
For future protection I can recommend you:
- Adblock --> https://adblockplus.org/en/chrome
- Unchecky --> http://unchecky.com/
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
- Adblock --> https://adblockplus.org/en/chrome
- Unchecky --> http://unchecky.com/
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Similar threads
- Locked
