Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: System File infected with TR/BProtector.Gen


12 Apr 2014   #1

Windows 7 Professional 64 bit SP 1
 
 
System File infected with TR/BProtector.Gen

Hello everyone. I was wondering if I should move all these files to quarantine as suggestion by Avira?

This is the list of the file that are infected:
svchost.exe
nvvsvc.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
spoolsv.exe
taskeng.exe
nvxdsync.exe
nvvsvc.exe
svchost.exe
taskhost.exe
taskeng.exe
Dwm.exe
GooglePinyinDaemon.exe
EXPLORER.exe
GooglePinyinService.exe
mDNSResponder.exe
nvstreamsvc.exe
oodag.exe
conhost.exe
svchost.exe
RAVCpl64.exe
WILDSVC.exe
unsecapp.exe
wmiprvse.exe
wininit.exe
winlogon.exe
services.exe
Isass.exe

I don't know why there are multiples svchost.exe listed. There are all from C:\Windows\system32\svchost.exe.
So what is happening? Any suggestion what should I do?

My System SpecsSystem Spec
.

13 Apr 2014   #2

Windows 7 Professional 64 bit SP 1
 
 

Bump.
My System SpecsSystem Spec
13 Apr 2014   #3

Windows 7 Ultimate x86
 
 

Hi there,

I've had many viruses etc before and I could help you. Please send a link of a screenshot of the task manager window to [Email address removed for your safety] and I'll let you know if I can see anything out of place. Also, how do you know you have this virus? Has your antivirus not got rid of it yet? If so, run a full scan and it'll pick up infected files.

-Rixterz
My System SpecsSystem Spec
.


13 Apr 2014   #4

Windows 7 Ultimate x64 x2 + x86 + Windows 8.1 x64 x2
 
 

Note   Note
Please note - all help should be given within the thread, to help others who may have the same or similar issues
My System SpecsSystem Spec
13 Apr 2014   #5

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by Rixterz View Post
Hi there,

I've had many viruses etc before and I could help you. Please send a link of a screenshot of the task manager window to [Email address removed for your safety] and I'll let you know if I can see anything out of place. Also, how do you know you have this virus? Has your antivirus not got rid of it yet? If so, run a full scan and it'll pick up infected files.

-Rixterz
Welcome to the Seven Forums, Rixterz.

The preferred method for instructing members to post screenshots can be found here:
Screenshots and Files - Upload and Post in Seven Forums

:-)
My System SpecsSystem Spec
13 Apr 2014   #6

Windows 7 Ultimate x86
 
 

Mual, could you post the screenshot on Screenshots and Files - Upload and Post in Seven Forums and give me the link please? Also please make sure to fully show the "Image Name" and "Description" columns in task manager.
My System SpecsSystem Spec
13 Apr 2014   #7

Windows 7 Home Premium
 
 

Mual,

Please use the following diagnostic tool. It has a powerful detection mechanism, and may help us get to the root of your issues:

Please use the Farbar Recovery Scan Tool.
Download: Farbar Recovery Scan Tool Download
Select the version that applies to your system.
Save it to your Desktop.
Double-click the downloaded file to run it.

When the tool opens click Yes to the disclaimer.
At the program's console, press the Scan button.

When done, the tool produces a log, FRST.txt, in the same directory from which the tool is run (Desktop).
Please provide the FRST.txt in your reply.

The first time the tool is run, it also makes another log: Addition.txt
Also post the Addition.txt in your reply.


Next, please use the tool Zoek.exe:
Download > Download zoek.exe version 5.0.0.0

When the Zoek.exe download appears, save to the Desktop.
On the Desktop, right-click Zoek.exe and select: Run as Administrator
Give it a few seconds to appear.
Please disable your AntiVirus and AntiSpyware programs, so they don't interfere with the running of Zoek.exe.
You can find instructions how to disable your security applications here:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides

At the program console, click the Options button and place a checkmark only on the following options:

Do a Deep Scan

Now...
Close any open programs.
Click the Run script button, and wait.
It takes a few minutes to run.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please post the zoek-results.log in your reply.
My System SpecsSystem Spec
14 Apr 2014   #8

Windows 7 Professional 64 bit SP 1
 
 

Quote   Quote: Originally Posted by Rixterz View Post
Mual, could you post the screenshot on Screenshots and Files - Upload and Post in Seven Forums and give me the link please? Also please make sure to fully show the "Image Name" and "Description" columns in task manager.
Hello Rixterz! Do you mean that I need to take a screenshot of the image name that I saved? (The name of the screenshot itself?)

Description? Which one?

Quote   Quote: Originally Posted by cottonball View Post
Mual,

Please use the following diagnostic tool. It has a powerful detection mechanism, and may help us get to the root of your issues:

Please use the Farbar Recovery Scan Tool.
Download: Farbar Recovery Scan Tool Download
Select the version that applies to your system.
Save it to your Desktop.
Double-click the downloaded file to run it.

When the tool opens click Yes to the disclaimer.
At the program's console, press the Scan button.

When done, the tool produces a log, FRST.txt, in the same directory from which the tool is run (Desktop).
Please provide the FRST.txt in your reply.

The first time the tool is run, it also makes another log: Addition.txt
Also post the Addition.txt in your reply.


Next, please use the tool Zoek.exe:
Download > Download zoek.exe version 5.0.0.0

When the Zoek.exe download appears, save to the Desktop.
On the Desktop, right-click Zoek.exe and select: Run as Administrator
Give it a few seconds to appear.
Please disable your AntiVirus and AntiSpyware programs, so they don't interfere with the running of Zoek.exe.
You can find instructions how to disable your security applications here:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides

At the program console, click the Options button and place a checkmark only on the following options:

Do a Deep Scan

Now...
Close any open programs.
Click the Run script button, and wait.
It takes a few minutes to run.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please post the zoek-results.log in your reply.

Okay, these are the 2 files for the first scan using Farbar.
FRST.txt

Addition.txt

Another problem is , that I don't dare to run the Zoek.exe for now. The first time I run it, the moment I run, I got a pop up window and the computer just shut of itself, and restart.
So what should I do? I have done exactly what you said, to disable the anti-virus before running.


My System SpecsSystem Spec
14 Apr 2014   #9

Windows 7 Ultimate x86
 
 

I meant to post (using the link) a screenshot of your task manager window where you got those process names from
My System SpecsSystem Spec
14 Apr 2014   #10

Windows 7 Professional 64 bit SP 1
 
 

Quote   Quote: Originally Posted by Rixterz View Post
I meant to post (using the link) a screenshot of your task manager window where you got those process names from
No, is not from task manager, is from the anti virus scanning report. I'll post it when it appears again.
My System SpecsSystem Spec
Reply

 System File infected with TR/BProtector.Gen




Thread Tools



Similar help and support threads for2: System File infected with TR/BProtector.Gen
Thread Forum
System infected after removing trojan. System changes on its own. System Security
Cant remove infected file System Security
If your system was infected with a virus, would you ? System Security
System infected with a Virus System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:10 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33