I was out of town for the weekend and I came home to see that bprotect.exe was running as a process. I looked around on the web but couldn’t determine for sure 1. How it got there (but I have a family) 2. Is it a threat?
I found where the program is location but could not remove it in normal mode. If you terminated the process, it immediately restarts.
upload suspicious file(s) to www.virustotal.com and test with 40+ malware scanners
when you have the result, copy the url in the address bar and post it here for us to see
bProtector is DEFINITELY a virus. It is cleverly ‘signed’ (fraudulently) with a GoDaddy certificate and makes you think that it is a legitimate file by sitting hidden away in nested files. If you delete it, it replicates itself within seconds. If you plug in a usb memory stick or other offboard device, it replicates itself there also. It is associated with the Babylon plugin.
Most virus software and malware checkers do NOT catch it due to it’s clever setup. I have gotten rid of it manually several times, but it seems to find it’s way back somehow. Still working on how to prevent it from reappearing. What would make that simple is if the virus and malware programs would add it to their list and prevent it from getting access.
The person who posted that it ‘obviously’ was not a virus because it was on World of Warcraft most likely has a pirate copy of WoW as this worm travels freely within the pirated files domain…so beware!!
if you are infected start your own topic and see the “Logs to assist in cleaning malware” guide at top in this forum section
attach logs in your new topic and help will arrive