win32:bprotect-D trojan

Hi There,

I am having a bit of trouble removing win32:bprotect-D trojan that’s being detected on a boot scan.

I have attached zoek and AdwCleaner logs, can anyone give me a hand please?

see instructions https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs

Got it, will these do?

Yes … malware expert’s are in bed now, check back tomorrow

I don’t blame them, I think I’ll turn in too.

Thanks for the help.

Where is Avast saying that Bprotect is located ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File 2015-02-08 15:40 - 2015-02-08 15:40 - 00000000 __SHD () C:\Users\Sally\AppData\Local\EmieUserList 2015-02-08 15:40 - 2015-02-08 15:40 - 00000000 __SHD () C:\Users\Sally\AppData\Local\EmieSiteList 2015-02-08 15:40 - 2015-02-08 15:40 - 00000000 __SHD () C:\Users\Sally\AppData\Local\EmieBrowserModeList 2015-01-21 14:47 - 2015-01-21 14:47 - 00119296 _____ () C:\Users\Sally\Downloads\C3A1.tmp EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download Junkware Removal Tool to your desktop.

[]Right-mouse click JRT.exe and select “Run as Administrator” the tool will open and start scanning your system
[
]please be patient as this can take a while to complete depending on your system’s specifications
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[
]post the contents of JRT.txt into your next message.

Attached for you.

I think windows ran some automatic updates on one of the restarts, for which I’m truly sorry.

Will I need to re-run any of these scans?

No, no need. How is the computer behaving ?

I started doing all of the checks when there was an issue starting up.

The user profile got corrupted and I had to do a system restore to get it up and running again, so I decided to scan everything to make sure - that’s when this came up. However I didn’t shut the computer down properly so it may have been that.

The computer has been a bit slower than it used to be, but nothing specific.

As you have done a restore a disc defragment may be in order. Any other problems ?

That will involve backing up the stuff I want and wiping the rest of the hard drive?

Nothing else wrong, and it seems to have gone on the boot scan. Shall I go for the defragment and call it a success?

edit:minor wording

No a disc defragment just moves the files around the hard drive so that they are not broken up. No deletions reformatting etc required

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version

https://dl.dropboxusercontent.com/u/73555776/javara.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme :wink:

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:

That’s great, thanks!

All steps followed and I’ll be upgrading from the free version of Avast too once the licence stops playing up!

Thanks again for your help, really appreciated.