May 22, 2013 21:14 Sprotect.B #229404
Reply with Quote | Quick Reply | Top
Silcore

Avatar

Novice
Join Date: 22.5.2013
Posts: 3
Good afternoon. I apologize to trouble you all with a somewhat unnecessary post, however I come here out of sheer interest as to whether or not I removed a virus adequately.

Firstly, I'd like to point out that the virus "Sprotect.B" detected by my AVG Free Edition was not able to be removed (by the program, that is). It would be lovely if AVG technicians and software engineers would be able to program AVG software with ways to abolish the virus.

The exact statement from my AVG program was as follows:
Threat: Potentially harmful program Sprotect.B
Object name: C:\Windows\SysWOW64\rundll32.exe (2188)
Severity: Medium
State: Infected
Identified by: Scan
Date: 5/22/2013, 4:10:33 PM.

In order to remove it I had to frantically research how to do it manually. I came across a guide in this website that directed me to delete a few files in safe mode. Now, I did not come across the following files in my search (which were mentioned in the manual guide on that external site):

%AppData%\NPSWF32.dll
%AppData%\Protector-<random 3 chars>.exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Custodian Utility.lnk
%Desktop%\Windows Custodian Utility.lnk
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0<
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0


I did, however, remove the following files (as indicated):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0

I was also unable to find the Internet Settings the article discussed. While I am not sure that was a necessary step, some clarification on whether or not it was necessary and how to get to it on Windows 7 would be very helpful.

Now, perhaps out of my imagination, I feel as though my internet may be running somewhat slower. Could the removal of any of those files have resulted in a loss of internet speed in any way, shape, or form?

Additional Information:
After I made the deletions, my AVG no longer detects "Sprotect.B." However, I am still intrigued as to whether or not the steps I followed were accurate ones, and whether or not my internet connection (or other CPU components) have been harmed in the process of removing the pest.

For the individual(s) who respond(s), thank you in advance!
Capture.PNG
May 27, 2013 13:41 Re: Sprotect.B #229558
Reply with Quote | Quick Reply | Top
Pokornyz

Avatar

Administrator
Join Date: 29.11.2010
Posts: 8212
Hello Silcore,

In order to analyze your issue please provide us with more information (Msinfo output, GMER scan result).

Thank you.



AVG Team
How-To articles | FAQ | Free Support
May 29, 2013 22:23 Re: Sprotect.B #229674
Reply with Quote | Quick Reply | Top
Silcore

Avatar

Novice
Join Date: 22.5.2013
Posts: 3
I chose not to include the requested "GMER scan result" since my McAfee Site Advisor identified the download location as a dangerous site to visit. I've attached the msinfo.nfo file, though; hopefully that is enough information.
May 31, 2013 13:36 Re: Sprotect.B #229757
Reply with Quote | Quick Reply | Top
Pokornyz

Avatar

Administrator
Join Date: 29.11.2010
Posts: 8212
Hello Silcore,

Provided output seems to be clean.

McAfee Site Advisor identified the download location as a dangerous site to visit.

It is probably a false detection.

If you want to check your computer properly, please provide us with requested GMER scan result.

Thank you



AVG Team
How-To articles | FAQ | Free Support
June 3, 2013 20:07 Re: Sprotect.B #229850
Reply with Quote | Quick Reply | Top
Silcore

Avatar

Novice
Join Date: 22.5.2013
Posts: 3
I've attached the GMER scan result. Thank you for your continued support.
June 4, 2013 08:21 Re: Sprotect.B #229856
Reply with Quote | Quick Reply | Top
Pokornyz

Avatar

Administrator
Join Date: 29.11.2010
Posts: 8212
Hello Silcore,

According to provided results your computer seems to be clean.

If your Internet is still slow I recommend you referring to following articles:
How To Reset The Internet Explorer Configuration and How To Disable An Internet Explorer Add-On

Thank you



AVG Team
How-To articles | FAQ | Free Support