Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: System File infected with TR/BProtector.Gen

14 Apr 2014   #11
Rixterz

Windows 7 Ultimate x86
 
 

Oh, I'm sorry! I completely misunderstood your original question

I thought you were showing a list of running processes so someone can see if there is malware running or such.

A really good tool that I use quite often is Norton Power Eraser. When you run it, accept the license agreement, click "Advanced", and then click "Scan Now" beside "System Scan". It'll pick up basically anything and it recently got rid of Win32\Shellcode.A for me - enjoy


My System SpecsSystem Spec
.
14 Apr 2014   #12
Mual

Windows 7 Professional 64 bit SP 1
 
 

Quote   Quote: Originally Posted by Rixterz View Post
Oh, I'm sorry! I completely misunderstood your original question

I thought you were showing a list of running processes so someone can see if there is malware running or such.

A really good tool that I use quite often is Norton Power Eraser. When you run it, accept the license agreement, click "Advanced", and then click "Scan Now" beside "System Scan". It'll pick up basically anything and it recently got rid of Win32\Shellcode.A for me - enjoy
Is it save to do so, or should I backup all the files I need before doing this?
My System SpecsSystem Spec
14 Apr 2014   #13
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by Mual View Post
Quote   Quote: Originally Posted by Rixterz View Post
Oh, I'm sorry! I completely misunderstood your original question

I thought you were showing a list of running processes so someone can see if there is malware running or such.

A really good tool that I use quite often is Norton Power Eraser. When you run it, accept the license agreement, click "Advanced", and then click "Scan Now" beside "System Scan". It'll pick up basically anything and it recently got rid of Win32\Shellcode.A for me - enjoy
Is it save to do so, or should I backup all the files I need before doing this?
Since you ran the tools mentioned in cottonball's post, it would be best if you leave things alone until you hear back from cottonball on what to do next. Running an automated tool (like Norton Power Eraser) might change/negate the files that you attached to post #8.

In threads like this, it is best to pick one person to follow during the infection cleanup process. The exception being, cottonball and Jacee have a good feel for how the tools that they suggest interact. If both of them enter an infection cleanup thread, then you can safely follow both.

After you complete the cleanup process, we can work on uninstalling some old flawed software that you probably should not have installed.
My System SpecsSystem Spec
.

14 Apr 2014   #14
Rixterz

Windows 7 Ultimate x86
 
 

As there are important system files infected rather than just extra malicious files being put there, it's best to dump all of your needed files elsewhere and then just let NPE sort the infected ones out.

-Rixterz
My System SpecsSystem Spec
14 Apr 2014   #15
derekimo

Microsoft Community Contributor Award Recipient

 
 

Quote   Quote: Originally Posted by Rixterz View Post
As there are important system files infected rather than just extra malicious files being put there, it's best to dump all of your needed files elsewhere and then just let NPE sort the infected ones out.

-Rixterz
https://security.symantec.com/nbrt/npe.aspx

Quote:
Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. If you accidentally remove a legitimate program, you can run Norton Power Eraser to review past repair sessions and undo them.
I think sticking to the advice and guidance of cottonball would be best.
My System SpecsSystem Spec
14 Apr 2014   #16
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by derekimo View Post
Quote   Quote: Originally Posted by Rixterz View Post
As there are important system files infected rather than just extra malicious files being put there, it's best to dump all of your needed files elsewhere and then just let NPE sort the infected ones out.

-Rixterz
https://security.symantec.com/nbrt/npe.aspx

Quote:
Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. If you accidentally remove a legitimate program, you can run Norton Power Eraser to review past repair sessions and undo them.
I think sticking to the advice and guidance of cottonball would be best.
Assumes that the OS will boot ;-(

I agree, wait for cottonball.

@Rixterz,
Our comments are not meant to discourage you from helping in threads... but the infection of system files (if that is indeed what the OP has) is best handled slowly, by less automated tools.
My System SpecsSystem Spec
14 Apr 2014   #17
derekimo

Microsoft Community Contributor Award Recipient

 
 

Quote   Quote: Originally Posted by UsernameIssues View Post
Assumes that the OS will boot ;-(

Exactly.
My System SpecsSystem Spec
14 Apr 2014   #18
Rixterz

Windows 7 Ultimate x86
 
 

OK, it was just a suggestion. At least it's best for me.
My System SpecsSystem Spec
14 Apr 2014   #19
cottonball

Windows 7 Home Premium
 
 

Mual,

As far as Zoek goes, try running it from Safe Mode:

Restart the computer.
Tap the F8 key to open the Windows Advanced Options Menu
Select: Safe Mode
Press: Enter

On the files showing in the Avira AV scan, they look like legit files, but, let's not take that for granted.

Please submit the following files for analysis to VirusTotal:
http://www.virustotal.com/
Use the 'Choose File' button to navigate to the location of one of the files:

taskeng.exe
nvxdsync.exe
oodag.exe

In the Choose file to upload prompt, select the file, then, click the 'Open' button.
The file is now displayed in the blank box of VirusTotal
Click: Scan It, and wait for the results.
If you get a message saying: 'File has already been analyzed', click: Reanalyze file now

Once scanned, please provide the link to the results page in your reply.

Next, run the other two files through VT and post the results.
My System SpecsSystem Spec
16 Apr 2014   #20
Mual

Windows 7 Professional 64 bit SP 1
 
 

Quote   Quote: Originally Posted by UsernameIssues View Post
Quote   Quote: Originally Posted by Mual View Post
Quote   Quote: Originally Posted by Rixterz View Post
Oh, I'm sorry! I completely misunderstood your original question

I thought you were showing a list of running processes so someone can see if there is malware running or such.

A really good tool that I use quite often is Norton Power Eraser. When you run it, accept the license agreement, click "Advanced", and then click "Scan Now" beside "System Scan". It'll pick up basically anything and it recently got rid of Win32\Shellcode.A for me - enjoy
Is it save to do so, or should I backup all the files I need before doing this?
Since you ran the tools mentioned in cottonball's post, it would be best if you leave things alone until you hear back from cottonball on what to do next. Running an automated tool (like Norton Power Eraser) might change/negate the files that you attached to post #8.

In threads like this, it is best to pick one person to follow during the infection cleanup process. The exception being, cottonball and Jacee have a good feel for how the tools that they suggest interact. If both of them enter an infection cleanup thread, then you can safely follow both.

After you complete the cleanup process, we can work on uninstalling some old flawed software that you probably should not have installed.
Yes indeed. Since that cottonball have replied. I should follow his method for now.

Quote   Quote: Originally Posted by derekimo View Post
Quote   Quote: Originally Posted by Rixterz View Post
As there are important system files infected rather than just extra malicious files being put there, it's best to dump all of your needed files elsewhere and then just let NPE sort the infected ones out.

-Rixterz
https://security.symantec.com/nbrt/npe.aspx

Quote:
Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. If you accidentally remove a legitimate program, you can run Norton Power Eraser to review past repair sessions and undo them.
I think sticking to the advice and guidance of cottonball would be best.
Quote   Quote: Originally Posted by cottonball View Post
Mual,

As far as Zoek goes, try running it from Safe Mode:

Restart the computer.
Tap the F8 key to open the Windows Advanced Options Menu
Select: Safe Mode
Press: Enter

On the files showing in the Avira AV scan, they look like legit files, but, let's not take that for granted.

Please submit the following files for analysis to VirusTotal:
http://www.virustotal.com/
Use the 'Choose File' button to navigate to the location of one of the files:

taskeng.exe
nvxdsync.exe
oodag.exe

In the Choose file to upload prompt, select the file, then, click the 'Open' button.
The file is now displayed in the blank box of VirusTotal
Click: Scan It, and wait for the results.
If you get a message saying: 'File has already been analyzed', click: Reanalyze file now

Once scanned, please provide the link to the results page in your reply.

Next, run the other two files through VT and post the results.
After I get the result I'll post here. Thanks in advance
My System SpecsSystem Spec
Reply

 System File infected with TR/BProtector.Gen




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Backing up on an infected system before starting repair
I know this thread is overlapping security and backing up. It's very conflicting with different views. If it's not appropriate pls move to the correct forum. Thanks. I read it in some forums when a system, PC, laptop or a Netbook is infected causing the Windows system files corruption, slow...
Backup and Restore
System infected after removing trojan. System changes on its own.
Hi, I think I'm n the right section. Brand new Lenovo G570. Using Kaspersky Internet Security 2012 and I keep getting viruses. Restored to factory settings and I think the virus is still here. For Windows 7 update preference I chose to notify me before installing updates and let me choose...
System Security
Cant remove infected file
I used this forum to find that I had an issue with a driver that I had to remove but I couldn't do it manually or re-name to .old as it said 'can't read from the source file or disk' I was then given advice to use Malwarebytes to detect and remove the Malware from PC. Malwarebytes detects...
System Security
If your system was infected with a virus, would you ?
Would you, attempt to disinfect and clean or would you just format and reinstall Windows ? I guess it depends on how serious the situation is, but isn't reinstalling always best due to the fact it wipes everything clean ?
System Security
System infected with a Virus
I am using an AV "nod32 v3 Full Version" and since last 3-4 years i hadnt ever had any virus attack on my pc/lapy. few days ago i used flashdrive of a friend ofmine for formating and since then my lapy catched a virus from it. Exactly what it did was all folders in my data drives (g h)...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 16:53.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App