?
Solved

Cannot Remove Win32/Protector.D Virus

Posted on 2010-01-12
3
Medium Priority
?
1,732 Views
Last Modified: 2013-11-22
I use ESET NOD32 security and it identified this virus but it cannot remove it. I then tried running the scan in safe mode but it still is there.  I get this message usually each day upon startup.

The following message comes from ESET NOD32 security software

Here is the message:
C:WINDOWS\SYSTEM32\DRIVERS\AGP440.SYS

Threat:
Win32/Protector.D Virus

Event Occurred during an attempt to access the file by the application
c:\Windows\System32\wuauclt.exe

It asks me to delete it or no action, when I try to delete it there is a message that says "error occurred".  I then have to press No Action to get it off the screen.

I contacted ESET and they sent me instructions to run the scan is safe mode which I have done twice but it does not fix the problem.

I read through google searches this could be a trojan horse of some kind so I want to get it off quick.  Any suggestions would be helpful.
0
Comment
Question by:trmataya
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 6

Accepted Solution

by:
kennyhenao earned 2000 total points
ID: 26294475
Download and run Combofix.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This is a variant of a pretty bad virus.
0
 
LVL 13

Expert Comment

by:JeremySBrown
ID: 26294731
Run a temporary file remover...CCleaner is a good one and it's free.
http://www.ccleaner.com/

Before running Combofix, temporary disable any firewall(s) shield(s) ect...to prevent any conflicts with Combofix. After Combofix is done scanning, it will create a log, for futher instructions, save and paste the results by Attach File, or by Code Snippet so other experts can take a look at it. Once after the log looks clean, you may enable your firewall(s) shield(s) ect. Combofix will disconnect your machine from the Internet. Your Internet connection will be automatically restored just before Combofix completes its scan. If Combofix runs into problems, your Internet connection can be manually restored by restarting your machine.

You'll might need to rename the file before saving to your desktop so it will not be blocked.

Please note: Don't run Combofix in Safe Mode.

Try scanning your system with Malwarebytes' Anti-Malware.
http://www.malwarebytes.org/mbam.php
0
 

Author Closing Comment

by:trmataya
ID: 31676151
Ran combofix and it located and removed the virus. Thank you so much.
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OVERVIEW This guide provides information on the process performed when the Symantec Endpoint Protection (SEP) client checks in with the Symantec Endpoint Protection Manager (SEPM). AUDIENCE Information Technology personnel responsible for suppo…
Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question