Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Manual Removal Of Virusprotectpro - No Bad .dlls Found

  • Please log in to reply
4 replies to this topic

#1 Gergreg


  • Members
  • 2 posts
  • Local time:05:42 AM

Posted 24 August 2007 - 12:24 AM

Step 9 of Manual Removal Instructions for VirusProtectPro concerns renaming a long list of .dll files. We found none of those files in c:\windows\system32\. We'll proceed with the remainder of the instructions, but step 9 suggests posting here if we didn't find any of those files to rename as *.dll.bad.

FYI: What we did so far. Ran the automated tool to remove VirusProtectPro for one user, and the infection seemed to be gone for that user. Logged out as that user/logged in as another and it was active for the second user. Ran the automated removal tool, and it seemed successful. Logged out/back in as the first user and VPP was back, though not as bad as the first time.

Ran manual processes and hit step 9, but without finding any of the specified .dll files.


BC AdBot (Login to Remove)


#2 oldf@rt


  • Members
  • 2,609 posts
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:03:42 AM

Posted 24 August 2007 - 01:24 AM

VPP is installed by a ZLOB trojan horse downloader virus, that constantly changes its name. My recommendation would be to download Superantispyware Free, and run a full system scan in safe mode from the main administrator account on this computer. Please be sure to completely update SAS, and then restart the computer into Safe Mode. Please let us know your results.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,744 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:42 AM

Posted 24 August 2007 - 07:06 AM

The self-help guide shows the Hijackthis entries and files commonly associated with this malware. However, they may not always be present especially if you already have used any anti-malware removal tools. They are all listed so you can check your system to see if they are still present after following the posted instructions.

Go ahead and run SAS as oldf@rt recommended and let us know how your computer is running afterwards.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Gergreg

  • Topic Starter

  • Members
  • 2 posts
  • Local time:05:42 AM

Posted 27 August 2007 - 06:28 PM

We were gone a few days....

After returning, my wife made sure SAS was current, then started Safe Mode. She ran as Administrator and found nothing. However, some of the users were still infected, and users that boot clean once get infected again. Users that aren't admins don't show up in safe mode, so she's made them admins and is running SAS for them individually. We're not counting on that strategy working. (There are 3 or 4 users...our kids and two users for my wife, for some reason...don't ask me, I keep everyone else off my machine...)

I think we gotta start from square one again... or just wipe the drive and reinstall the OS. Ugh.

#5 buddy215


  • Moderator
  • 13,309 posts
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:42 AM

Posted 27 August 2007 - 09:10 PM

Your problem is unique. I haven't seen this reported before on this board.
Both SAS and Smitfraudfix usually removes the malware, especially when used together.
My suggestion is to update SAS, unplug from the internet, run SAS in SAFE MODE for each account without entering regular mode.
If that doesn't remove the malware or you would rather not follow my suggestion, post a Hijack This log and allow the experts to advise you.
Post the log in the Hijack This Forum. DO NOT post the log in this forum. Link for downloading HJT in the link below.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users