Problem with BProtect-D - external help needed

So I decided to perform a routine C: scan with Avast free, and it turns out it found two malicious files described as Win32:BProtect-D [Trj]:
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HA9PC1V5\pack[1].7z|>bprotect.exe
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HA9PC1V5\pack[1].7z|>protector.dll
I tried fixing them, then putting them under quarantine, then deleting them, but nothing worked, so I decided to start a topic here. I already used Malwarebytes’ Anti-Malware as advised here: http://forum.avast.com/index.php?topic=53253.0 but from what I’ve understood, you don’t use another program until after you post a log file and get a reply, so for now I’m just including the results of scanning with this one program. If anything more is needed just inform me. Thanks in advance for any help.

C:\Users\user\AppData\Local\Microsoft\Windows\[b]Temporary Internet Files[/b]\Content.IE5\HA9PC1V5\pack[1].7z|>bprotect.exe C:\Users\user\AppData\Local\Microsoft\Windows\[b]Temporary Internet Files[/b]\Content.IE5\HA9PC1V5\pack[1].7z|>protector.dll
Located in temp folders....

does this help…or do they come back?
run TFC cleaner by OldTimer http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

from the guide you first used, run and attach OTL diagnostic log, a malware expert will check it when online

malware experts are in bed now so dont expect any reply until tomorrow :wink:

Hi,

Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers
[*]Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait for the tool to start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:

createsrpoint;
gpt.ini;z 
C:\Windows\System32\GroupPolicy;v
C:\Windows\SysWOW64\GroupPolicy;v 
StandardSearch; 
emptyfolderscheck; 
installer-list; 
installedprogs; 
uninstall-list;

[*]Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log

Thank you so much for all the help so far, here’s the log file:

Re-run zoek with the script below and attach here fresh zoek log results.
[COLOR=red]NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system[/COLOR]

emptyalltemp;
emptyclsid;
autoclean;
ipconfig /flushdns;b
emptyfolderscheck;delete

Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

I accidentally forgot to close Firefox before running the scan :-[ Do I have to run it again? Can I use the same script from above or do I need a new one this time? Or is this one okay? I’m so sorry…

Doesn’t matter. Procede with Farbar.

Done :slight_smile:

Download attached fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

Okay, it’s done:

PC seems clean, how is the situation now?

No more problems detected after latest scanning with both Avast and Malwarebytes, thank you so much for help, God bless.

Very good :slight_smile:

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.