System File infected with TR/BProtector.Gen

Hello everyone. I was wondering if I should move all these files to quarantine as suggestion by Avira?

This is the list of the file that are infected:
svchost.exe
nvvsvc.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
spoolsv.exe
taskeng.exe
nvxdsync.exe
nvvsvc.exe
svchost.exe
taskhost.exe
taskeng.exe
Dwm.exe
GooglePinyinDaemon.exe
EXPLORER.exe
GooglePinyinService.exe
mDNSResponder.exe
nvstreamsvc.exe
oodag.exe
conhost.exe
svchost.exe
RAVCpl64.exe
WILDSVC.exe
unsecapp.exe
wmiprvse.exe
wininit.exe
winlogon.exe
services.exe
Isass.exe

I don't know why there are multiples svchost.exe listed. There are all from C:\Windows\system32\svchost.exe.
So what is happening? Any suggestion what should I do?

Bump.

Hi there,

I've had many viruses etc before and I could help you. Please send a link of a screenshot of the task manager window to [Email address removed for your safety] and I'll let you know if I can see anything out of place. Also, how do you know you have this virus? Has your antivirus not got rid of it yet? If so, run a full scan and it'll pick up infected files.

-Rixterz

   Note

Please note - all help should be given within the thread, to help others who may have the same or similar issues

Mual,

Please use the following diagnostic tool. It has a powerful detection mechanism, and may help us get to the root of your issues:

Please use the Farbar Recovery Scan Tool.
Download: Farbar Recovery Scan Tool Download
Select the version that applies to your system.
Save it to your Desktop.
Double-click the downloaded file to run it.

When the tool opens click Yes to the disclaimer.
At the program's console, press the Scan button.

When done, the tool produces a log, FRST.txt, in the same directory from which the tool is run (Desktop).
Please provide the FRST.txt in your reply.

The first time the tool is run, it also makes another log: Addition.txt
Also post the Addition.txt in your reply.


Next, please use the tool Zoek.exe:
Download > Download zoek.exe version 5.0.0.0

When the Zoek.exe download appears, save to the Desktop.
On the Desktop, right-click Zoek.exe and select: Run as Administrator
Give it a few seconds to appear.
Please disable your AntiVirus and AntiSpyware programs, so they don't interfere with the running of Zoek.exe.
You can find instructions how to disable your security applications here:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides

At the program console, click the Options button and place a checkmark only on the following options:

Do a Deep Scan

Now...
Close any open programs.
Click the Run script button, and wait.
It takes a few minutes to run.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please post the zoek-results.log in your reply.

Rixterz said:

Mual, could you post the screenshot on Screenshots and Files - Upload and Post in Seven Forums and give me the link please? Also please make sure to fully show the "Image Name" and "Description" columns in task manager.

Hello Rixterz! Do you mean that I need to take a screenshot of the image name that I saved? (The name of the screenshot itself?)

Description? Which one?

cottonball said:

Mual,

Please use the following diagnostic tool. It has a powerful detection mechanism, and may help us get to the root of your issues:

Please use the Farbar Recovery Scan Tool.
Download: Farbar Recovery Scan Tool Download
Select the version that applies to your system.
Save it to your Desktop.
Double-click the downloaded file to run it.

When the tool opens click Yes to the disclaimer.
At the program's console, press the Scan button.

When done, the tool produces a log, FRST.txt, in the same directory from which the tool is run (Desktop).
Please provide the FRST.txt in your reply.

The first time the tool is run, it also makes another log: Addition.txt
Also post the Addition.txt in your reply.


Next, please use the tool Zoek.exe:
Download > Download zoek.exe version 5.0.0.0

When the Zoek.exe download appears, save to the Desktop.
On the Desktop, right-click Zoek.exe and select: Run as Administrator
Give it a few seconds to appear.
Please disable your AntiVirus and AntiSpyware programs, so they don't interfere with the running of Zoek.exe.
You can find instructions how to disable your security applications here:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides

At the program console, click the Options button and place a checkmark only on the following options:

Do a Deep Scan

Now...
Close any open programs.
Click the Run script button, and wait.
It takes a few minutes to run.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please post the zoek-results.log in your reply.

Okay, these are the 2 files for the first scan using Farbar.
FRST.txt

Addition.txt

Another problem is , that I don't dare to run the Zoek.exe for now. The first time I run it, the moment I run, I got a pop up window and the computer just shut of itself, and restart.
So what should I do? I have done exactly what you said, to disable the anti-virus before running.

Rixterz said:

I meant to post (using the link) a screenshot of your task manager window where you got those process names from

No, is not from task manager, is from the anti virus scanning report. I'll post it when it appears again.