Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with MyOSProtect.dll, pop ups and unusable web browsers


  • This topic is locked This topic is locked
45 replies to this topic

#1 labby_guy

labby_guy

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 12 October 2014 - 07:09 PM

Hello,

 

I was helping my friend with his laptop (Yes, yes, I know "my friend", but this is really the situation, ha. Just so you know I don't know the full history with the computer). It is a windows 7, 32 bit, service pack 1  HP 100 B all in one PC.

 

His computer was slow, very hard to use, internet usage and with programs. He has Norton antivirus that is still functioning, 160 odd days left in the subscription, but still seemed to have problems. I turned that off until the next restart and tried the hitman pro program.

 

I used the free 30 day trial of hitman pro to scan his computer. It found a TON of things, spyware, errors, etc. along with something called My OS Protect. I had hitman pro get rid of all the problems. When I went to log back in to his computer after restart, a pop up.....popped up.

 

On the top it said something along the lines "facebook update.exe - Bad Image".  I later find whatever program has recently tried to run ends up in that title along with Bad Image.

 

The error in the main body of the pop up reads "C:windows\system32\MyOSProtect.dll is either not designed to run on windows or contains an error. Try installing the program again using the original installation media or contact your system admin or the software vender for support"

 

All other programs seem to work, and the internet browsers IE and fire fox programs open, to the home page, but won’t load any websites I try to visit, you type in say, www.msn.com and the site will almost try and load for a split second, then just stays on the home page, which is google for both browsers. I tired getting rid of the dll file itself with Regsvr32 but get error "The module "%1" may not compatible with the version of Windows that you're running. Check if the module is compatible with an x86 (32-bit) or x64 (64-bit) version of regsvr32.exe." even though I try the setting for 32 bit windows 7.

 

I also noted he seemed to have windows updates off. I tried starting this but couldn't. I would turn them on, try and run but it would say it’s not set to update, please restart. I did so but go the same message. I know I should stick to one problem at a time, but if this is interconnected somehow, I thought I should mention it.

 

Any help on this would be appreciated! Thanks!


Edited by Queen-Evie, 13 October 2014 - 02:01 PM.
Moved from Am I Infected to Malware Removal Logs per request by Naathim (MRT)


BC AdBot (Login to Remove)

 


#2 MillardPrograms

MillardPrograms

  • Banned
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 AM

Posted 12 October 2014 - 07:19 PM

What you are saying is somewhat unclear, but if you're unable to download things because you can't access the internet, try downloading the various Malware Byte's Chameleon on a flash drive and bring it over to his house, (or use a working computer in his house) just to make sure it's not a very malicious malware or spyware. (You will need to use the trial run of Malware Bytes Premium to get Malware Bytes Premium - Download Page: https://www.malwarebytes.org/antimalware/) I'd also look into system file corruption, but if it's because of a rootkit, Malware Bytes will most likely take care of it. Best of luck to you and your friend.



#3 labby_guy

labby_guy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 12 October 2014 - 07:28 PM

A bad DLL file called MyOSprotect is causing me problems. As soon as we boot up, the pop up    pops up. And says what I mentioned in the OP.

 

I want to get rid of this as I believe its whats keeping my friend from getting on the net, and its obviously what is causing the incesant pop ups.

 

I am sorry if I said that in a round about way, but I wanted to be as detailed as I could. I see people get told all the time they dont give enough info on here.



#4 MillardPrograms

MillardPrograms

  • Banned
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 AM

Posted 12 October 2014 - 09:12 PM

A bad DLL file called MyOSprotect is causing me problems. As soon as we boot up, the pop up    pops up. And says what I mentioned in the OP.

 

I want to get rid of this as I believe its whats keeping my friend from getting on the net, and its obviously what is causing the incesant pop ups.

 

I am sorry if I said that in a round about way, but I wanted to be as detailed as I could. I see people get told all the time they dont give enough info on here.

Thank you for the detailed explanation. You are right, many people do have to little info. Anyway, on further review of the problem, I've figured that MyOSProtect can be very dangerous, and is something you need to get rid of now. It is probably causing the other problems aswell.

What to do:

1.You can manually end the process by going into Task Manager and ending "WebProtect" or "MyOSProtect" or something along those lines, or you can download RKill (http://www.bleepingcomputer.com/download/rkill/)

2.Manually go into Control Panel - Uninstall a Program - Uninstall "WebProtect" or "MyOSProtect". It's most likely under "WebProtect"
3.Run scans with AdwCleaner, Malware Bytes, Hitman Pro, JRT, etc. 

4.Report back



#5 labby_guy

labby_guy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 12 October 2014 - 09:23 PM


I will try all this tomorrow, Thank you so much! Anyone with anymore info is welcome as well! ha

Edited by Queen-Evie, 13 October 2014 - 09:57 AM.
deleted unnecessary quote.


#6 MillardPrograms

MillardPrograms

  • Banned
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 AM

Posted 12 October 2014 - 09:26 PM

No problem. If you still have issues, I'll be back on tomorrow after School. Bye!

Edited by Queen-Evie, 13 October 2014 - 09:57 AM.
deleted unnecessary quote.


#7 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:11:23 PM

Posted 13 October 2014 - 10:05 AM

labby_guy,

After you run the scans copy the logs and paste the results in a reply.

Log results are a critical part of the malware clean up process.

If someone else replies either before or after you post the logs, follow any directions/instructions given to you by that person.

#8 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:23 AM

Posted 13 October 2014 - 10:11 AM

Hi, my name's Naat and I will try to help you. I will wait for those logfiles and after that I will make my decision how to proceed. Please, from now on follow only the advice given by me.

 

Cheers,

Naat :)


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#9 labby_guy

labby_guy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 13 October 2014 - 01:01 PM

Im sorry, as Ive said in the op, I have alrady scanned with hitman pro. I do not have the log files. I tried deleting the web protect, and another one called oc tech hotline.

 

For the webprotect, when I go into control panel,  uninstall and click to do so, it tries, but then a pop up pops up and says "[0248] The connection failed. If you do no have internet access at this time, try to complete install later. If connections are available, it is possible the the product has expired."

 

For the pc tech hotline program it tries, thean a pop up says "Messages file C\program files\pc tech hotline\unins000.msh is missing, Please correct the problem or obtain a new compy of the program"

 

I tried this both in a normal running and in safe mode with networking. I also still can't browse the net in IE or fire fox. Just tried to see if this was still the case, and it is.

 

I have not seen the orginal error message from yesterday "C:windows\system32\MyOSProtect.dll is either not designed to run on windows or contains an error. Try installing the program again using the original installation media or contact your system admin or the software vender for support"   yet today, but it used to stop for a while yesterday then start popping up again.

 

I am sorry if not writing down the log yesterday from the hitman pro scan was a big mistake. Like I said, all programs unrelated to internet use seem to work fine now, and even the ones that need internet seem to load and work fine until you to actually say, try to browse the net with a web broweser or delete a program that seems to require connecting to the net for some reason.

 

And I still can't unregister or delete that .dll file MyOSProtect, although like Millard Programs said, that is probable lumped in with the web protect uninstall problem.

 

Thanks to all who have responded so far.



#10 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:23 AM

Posted 13 October 2014 - 01:20 PM

The main issue I see here is that we are unable to determine what exactly is going on with your System. The logs you were asked should give us an image of what is its current status. Without some of them we're just blind and can't tell what and how to remove.

Do you have the access to another one, clean machine and a USB stick (pendrive, thumbdrive)?

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#11 labby_guy

labby_guy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 13 October 2014 - 01:54 PM

The main issue I see here is that we are unable to determine what exactly is going on with your System. The logs you were asked should give us an image of what is its current status. Without some of them we're just blind and can't tell what and how to remove.

Do you have the access to another one, clean machine and a USB stick (pendrive, thumbdrive)?

 

I do



#12 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:23 AM

Posted 13 October 2014 - 01:58 PM

Then I will ask a moderator to move this topic to another forum. I will have better tools there to assist you.

 

Give me a couple of minutes and I will post directions.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#13 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:23 AM

Posted 13 October 2014 - 02:09 PM

Welcome to Malware Removal Logs forum. Now I am able to test your machine in some different ways, however we still need some logfiles.
 
On your CLEAN machine download and install this program. It will secure it from spreading the infection via USB drive.


logoMcShield.png Scan with McSield

Please download McShield by dr_bora and save it to your desktop.

  • Install it on your machine.
  • It will initially run a scan and show the result as a toaster by the system clock.
  • Start the Control Centre by clicking on the logoMcShield.png icon in your system tray.
  • Go to the Scanner tab and tick unhide items on flash drives.
  • Each time you will plug in the drive and McShield will start a scan.
  • A logfile of this scan may be found in the Logs tab of the main screen.

After installation, please plug in your USB drive and download this scanner. Next move it to your corrupted machine, copy the scanner to the desktop and run as directed. You will need to copy back the logs later to your USB and paste hem from a clean machine.



FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.
There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.
 


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#14 labby_guy

labby_guy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 13 October 2014 - 03:36 PM

Ok, I have installed on mine, checked the inhide on the usb drive, and am ready to scan "bad" computer with farbar. Should I include "optional scans" with Farbar like list bcd and drives md5? Or Are the main ones enough? I only ask as I won't include the optional ones if they make it harder or won't work.



#15 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:23 AM

Posted 13 October 2014 - 03:39 PM

Just the Addition option should be checked, as mentioned in my prior post. If I would need additional scans, be assured that I will post instructions for them :)

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users