Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: System File infected with TR/BProtector.Gen

16 Apr 2014   #21
Devlin1888

Windows 7 Home Premium 64Bit
 
 

Quote   Quote: Originally Posted by UsernameIssues View Post
Quote   Quote: Originally Posted by derekimo View Post
Quote   Quote: Originally Posted by Rixterz View Post
As there are important system files infected rather than just extra malicious files being put there, it's best to dump all of your needed files elsewhere and then just let NPE sort the infected ones out.

-Rixterz
https://security.symantec.com/nbrt/npe.aspx

Quote:
Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. If you accidentally remove a legitimate program, you can run Norton Power Eraser to review past repair sessions and undo them.
I think sticking to the advice and guidance of cottonball would be best.
Assumes that the OS will boot ;-(

I agree, wait for cottonball.

@Rixterz,
Our comments are not meant to discourage you from helping in threads... but the infection of system files (if that is indeed what the OP has) is best handled slowly, by less automated tools.

Hey i'm a safe guy too!..maybe xD!

Yeah following Cottonballs instruction is always a good way to go! Knows his stuff!


My System SpecsSystem Spec
.
16 Apr 2014   #22
UsernameIssues

W7 Pro SP1 64bit
 
 

Yep; but unless cottonball is known to be away for a while...
...there is not much reason to change horses midstream :-)
My System SpecsSystem Spec
16 Apr 2014   #23
Mual

Windows 7 Professional 64 bit SP 1
 
 

Done it. Here is the zoek.exe result

And here is the link to the virus total scan :



My System SpecsSystem Spec
.

16 Apr 2014   #24
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

You have some adware, but wait for cottonball to get back to you for the 'fix'
My System SpecsSystem Spec
17 Apr 2014   #25
Mual

Windows 7 Professional 64 bit SP 1
 
 

Quote   Quote: Originally Posted by Jacee View Post
You have some adware, but wait for cottonball to get back to you for the 'fix'
I'll wait for his reply.
My System SpecsSystem Spec
17 Apr 2014   #26
cottonball

Windows 7 Home Premium
 
 

Mual,

Based on the VirusTotal results, it makes one wonder about the validity of those files Avira is pointing to as being infected.

Let's go this route...

Please right-click zoek.exe once again, and select: Run as Administrator (Give the program a few seconds to appear.)
Next, copy/paste the entire script in the code box below to the input field of Zoek:

Code:
autoclean;
emptyalltemp;
emptyclsid;
Now...
Close any open windows.
Click the Run script button and wait. It takes a few minutes to run the script.

When finished, the zoek-results.log is opened in Notepad.
If a reboot is needed the log is opened after the reboot.

Please post the new zoek-results.log in your reply.


Next, let's see what MBAM has to report on the files Avira is targeting...

Please go to the Malwarebytes Anti-Malware (MBAM) download
Save to the Desktop
Double-click the downloaded MBAM file to run it.

When the installation begins, follow the prompts in the setup process.
Do not make any changes to default settings and when the program has finished installing, make sure only the following options are checked:
>Update Malwarebytes’ Anti-Malware
>Launch Malwarebytes’ Anti-Malware

Uncheck:
>Enable free trial of Malwarebytes Anti-Malware PRO
Click on the Finish button.

If an update is found, the program automatically updates itself.
At the program console, on the Scanner tab, and select: Perform Quick Scan

Next, click on the Scan button.

When the Malwarebytes scan is completed, click on: Show Results
When presented with a screen showing the malware detected, just press: Save Log

Save the log to the Desktop, or to an easy to find location.

Please copy/paste the entire contents of the MBAM report in your reply.
My System SpecsSystem Spec
20 Apr 2014   #27
Mual

Windows 7 Professional 64 bit SP 1
 
 

I'll be posting soon once I done it, lately I've busy with college stuff. Sorry
My System SpecsSystem Spec
22 Apr 2014   #28
Mual

Windows 7 Professional 64 bit SP 1
 
 

I downloaded and update the MBAM to the latest version already. But I do not know where can I find "program console, on the Scanner tab, and select: Perform Quick Scan". Please guide me.

And here is another scan of zoek.
And I get this pop up error after zoek scan, which zoek require me to restart the computer.
System File infected with TR/BProtector.Gen-untitled.png


My System SpecsSystem Spec
22 Apr 2014   #29
cottonball

Windows 7 Home Premium
 
 

Quote:
...do not know where can I find "program console, on the Scanner tab, and select: Perform Quick Scan".
The program console is nothing more that the main screen of MBAM. However, there is a new version of MBAM, and my instructions are outdated. Malwarebytes Anti-Malware 2.0 has a completely redesigned user interface.

Double-click mbam-setup-2.X.X.XXXX.exe to install (X's = current version)
Place a checkmark next to Launch Malwarebytes Anti-Malware, then click: Finish

Once MBAM opens, when it says Your databases is out of date, click the Fix Now button.

Next, click the Settings tab at the top, and, in the left column, select Detections and Protections
If not already checked, select: Scan for rootkits

Click the Scan tab at the top of the program window, and select: Threat Scan
Next, click: Scan Now

If you receive a message that updates are available, click: Update Now

At this point, the update is downloaded, installed, and the scan starts.
The scan may take some time to finish, so please be patient.

If potential threats are detected, select Quarantine All as the Action for all the listed items.
Next, click: Apply Actions

While still on the Scan tab, click the link for View detailed log
In the window that opens, click the Export button, select Text file (*.txt), and save the log to the Desktop.

Notes:
1. The log is automatically saved by MBAM and is also viewed by clicking:
History tab > Application Logs.
2, If MBAM encounters a file that is difficult to remove...
Click OK and allow MBAM to proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
My System SpecsSystem Spec
22 Apr 2014   #30
cottonball

Windows 7 Home Premium
 
 

If you still get the chkdsk prompt, for running the utility on C: drive, use the following:
Disk Check
My System SpecsSystem Spec
Reply

 System File infected with TR/BProtector.Gen




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Backing up on an infected system before starting repair
I know this thread is overlapping security and backing up. It's very conflicting with different views. If it's not appropriate pls move to the correct forum. Thanks. I read it in some forums when a system, PC, laptop or a Netbook is infected causing the Windows system files corruption, slow...
Backup and Restore
System infected after removing trojan. System changes on its own.
Hi, I think I'm n the right section. Brand new Lenovo G570. Using Kaspersky Internet Security 2012 and I keep getting viruses. Restored to factory settings and I think the virus is still here. For Windows 7 update preference I chose to notify me before installing updates and let me choose...
System Security
Cant remove infected file
I used this forum to find that I had an issue with a driver that I had to remove but I couldn't do it manually or re-name to .old as it said 'can't read from the source file or disk' I was then given advice to use Malwarebytes to detect and remove the Malware from PC. Malwarebytes detects...
System Security
If your system was infected with a virus, would you ?
Would you, attempt to disinfect and clean or would you just format and reinstall Windows ? I guess it depends on how serious the situation is, but isn't reinstalling always best due to the fact it wipes everything clean ?
System Security
System infected with a Virus
I am using an AV "nod32 v3 Full Version" and since last 3-4 years i hadnt ever had any virus attack on my pc/lapy. few days ago i used flashdrive of a friend ofmine for formating and since then my lapy catched a virus from it. Exactly what it did was all folders in my data drives (g h)...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 20:10.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App