Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winprotect keeps coming back, using registered malwarebytes


  • This topic is locked This topic is locked
2 replies to this topic

#1 goragora111

goragora111

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:59 AM

Posted 16 July 2010 - 07:52 PM

Hi, so I got infected with this malware despite Avast. I bought malwarebytes, but sure enough it keeps coming back. Seems to try to have 'winprotect", in C:\Users\Stephan\AppData\Roaming\system\run32.exe running on startup, and whenever I delete that from HKCU/run, it comes back.

Every now and then mbam opens up and say 'malware detected etc etc'. I quarantine/delete, run a full mbam scan, delete all the malware, reboot, and sure enough it's all back after I reboot.
I got spybot sd (returns clean), avast (returns clean) and superantispyware (also returns clean). I've also run ESET (clean)

I've attached the Mbam and dds log as instructed, as well as mbrchecker log and the OTL log just in case.

I cannot include gmer because it keeps saying 'c/windows/system32/config/system: process cannot access the file because it's being used by another process'. (win7 64bits).

I cannot include rkunhooker because it fails with 'error locating driver'.

I cannot run combofix because it's not compatible with win7

Attached Files


Edited by goragora111, 16 July 2010 - 08:09 PM.


BC AdBot (Login to Remove)

 


#2 goragora111

goragora111
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:59 AM

Posted 20 July 2010 - 02:44 PM

Nvrmind, reformated, it solved it.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:59 PM

Posted 22 July 2010 - 12:43 AM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users