Comments on: Win32/Protector.C http://www.precisesecurity.com/virus/win32protectorc Thu, 09 Feb 2012 05:23:27 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: bukoswkihttp://www.precisesecurity.com/virus/win32protectorc#comment-5153 bukoswki Mon, 22 Feb 2010 20:21:16 +0000 http://www.precisesecurity.com/?p=4353#comment-5153 I've this virus in my eeepc ,and i'm trying your way...so i'll tell you later what's happen... Thanks for this post , whatever the end for me I’ve this virus in my eeepc ,and i’m trying your way…so i’ll tell you later what’s happen…
Thanks for this post , whatever the end for me

]]> By: bresgibhttp://www.precisesecurity.com/virus/win32protectorc#comment-3849 bresgib Thu, 01 Oct 2009 23:39:32 +0000 http://www.precisesecurity.com/?p=4353#comment-3849 Our company was just attacked by Win32/Protector it has taking 8 days to get rid of this virus from 200 PCs Here is some advice from our experience If you think you are infected with this virus first thing to do is • Pull all servers off the network as this virus will spread through your company so fast you won’t believe it • Ban usb thumb sticks ,usb cameras or any thing that can carry data from one pc to anotherBefore I recommend programs we found to be the best let me just say that the antivirus we found the worst of all the programs was ESET Nod 32 This program was useless agents this virus it was so bad that we have removed it from all are PCs and replaced it with a free antivirus • I would recommend these programs Malware bytes hxxp://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncolSupper anti spy hxxp://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html?tag=mncolAD-Aware hxxp://download.cnet.com/Ad-Aware-Anniversary-Edition/3000-8022_4-10045910.html?tag=mncolSpybot hxxp://download.cnet.com/Spybot-Search-amp-Destroy/3000-8022_4-10122137.html?tag=mncol Ccleaner hxxp://download.cnet.com/ccleaner/?tag=mncol And last but not lest AVG free hxxp://download.cnet.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html?tag=mncolAfter you have downloaded all of the above Install all programs on all PCs Update all programs on all PCsAfter this update windows to all the latest patches and services packsNow you’re ready to fight this virus • Disconnect all PCs from the network • Turn off system restore • Delete browsing history in IE/Firefox and so on • Run disk clean up • Run ccleaner (2 or 3 times till it stops cleaning files ) • Run the reg tool in ccleaner (2 or 3 times till it stops cleaning files ) • Boot into safe mode • Scan with AVG • Reboot the system and boot into normal mode and wait 5 to 10 minutes and give it a chance to regenerate its self • Restart the Pc into safe mode • Scan with adaware • Reboot the system and boot into normal mode and wait 5 to 10 minutes and give it a chance to regenerate its self • Restart the Pc into safe mode • Scan with spybot • Reboot the system and boot into normal mode and wait 5 to 10 minutes and give it a chance to regenerate its self • Restart the Pc into safe mode • Scan with supper anti spy • Reboot the system and boot into normal mode and wait 5 to 10 minutes and give it a chance to regenerate its self • Restart the Pc into safe mode • Scan with malware bytes • Repeat the above steeps until you get a clean scan with all programs Remember only scan with one program at a timeAfter you get a clean scan with all program in safe mode Reboot the PCs and leave for about an hour doing nothing this will allow the virus to regenerateRun through the scans in safe mode again till you get clean scans againIf you are getting clean scans at this stage don’t let that fool you keep going till you get to scan with all programsThen start up in normal mode and scan with all 5 programs until you get clean scans from all programs Reboot between scansAt this stage you should be well on the way to been cleanAt this stage you could connected back to the network (1 PC at a time ) Now update all 5 programs Disconnect from network againScan with all programs again reboot between scansAt this stage you can connect to the network againI would strongly recommend running 2 scans with at least 2 programs per day for about 2 weeks after you have cleaned the virusAs I have found that this virus can regenerate itself after a full week of clean scansHOW THIS VIRUS AFFECTED OUR COMPANYAt first we had intermitting internet access problems It also caused our Leased Line to go down intermittently When we pinged our default gateway we lost pings intermittently When we set up ping tests to our external address from an external address it caused pings to drop intermittently Also the pings to the external address started to talk longer and longer to reply It started to reply at over 100MS and after a while pings took over 1000ms to reply Also tracrert started losing too hops before it finally reached our router (this happened so much that we blamed our ISP. sorry guys)I hope someone found this helpful And I don’t envy anyone faced with the job of removing this from a big network If you are faced with this challenge brace yourself for some long days and some longer nights And best of luck Our company was just attacked by Win32/Protector it has taking 8 days to get rid of this virus from 200 PCs
Here is some advice from our experience
If you think you are infected with this virus first thing to do is
• Pull all servers off the network as this virus will spread through your company so fast you won’t believe it
• Ban usb thumb sticks ,usb cameras or any thing that can carry data from one pc to another

Before I recommend programs we found to be the best let me just say that the antivirus we found the worst of all the programs was ESET Nod 32
This program was useless agents this virus it was so bad that we have removed it from all are PCs and replaced it with a free antivirus
• I would recommend these programs
Malware bytes hxxp://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol

Supper anti spy hxxp://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html?tag=mncol

AD-Aware
hxxp://download.cnet.com/Ad-Aware-Anniversary-Edition/3000-8022_4-10045910.html?tag=mncol

Spybot
hxxp://download.cnet.com/Spybot-Search-amp-Destroy/3000-8022_4-10122137.html?tag=mncol

Ccleaner
hxxp://download.cnet.com/ccleaner/?tag=mncol

And last but not lest AVG free hxxp://download.cnet.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html?tag=mncol

After you have downloaded all of the above
Install all programs on all PCs
Update all programs on all PCs

After this update windows to all the latest patches and services packs

Now you’re ready to fight this virus
• Disconnect all PCs from the network
• Turn off system restore
• Delete browsing history in IE/Firefox and so on
• Run disk clean up
• Run ccleaner (2 or 3 times till it stops cleaning files )
• Run the reg tool in ccleaner (2 or 3 times till it stops cleaning files )
• Boot into safe mode
• Scan with AVG
• Reboot the system and boot into normal mode and wait 5 to 10 minutes and give it a chance to regenerate its self
• Restart the Pc into safe mode
• Scan with adaware
• Reboot the system and boot into normal mode and wait 5 to 10 minutes and give it a chance to regenerate its self
• Restart the Pc into safe mode
• Scan with spybot
• Reboot the system and boot into normal mode and wait 5 to 10 minutes and give it a chance to regenerate its self
• Restart the Pc into safe mode
• Scan with supper anti spy
• Reboot the system and boot into normal mode and wait 5 to 10 minutes and give it a chance to regenerate its self
• Restart the Pc into safe mode
• Scan with malware bytes
• Repeat the above steeps until you get a clean scan with all programs
Remember only scan with one program at a time

After you get a clean scan with all program in safe mode
Reboot the PCs and leave for about an hour doing nothing this will allow the virus to regenerate

Run through the scans in safe mode again till you get clean scans again

If you are getting clean scans at this stage don’t let that fool you keep going till you get to scan with all programs

Then start up in normal mode and scan with all 5 programs until you get clean scans from all programs
Reboot between scans

At this stage you should be well on the way to been clean

At this stage you could connected back to the network (1 PC at a time )
Now update all 5 programs

Disconnect from network again

Scan with all programs again reboot between scans

At this stage you can connect to the network again

I would strongly recommend running 2 scans with at least 2 programs per day for about 2 weeks after you have cleaned the virus

As I have found that this virus can regenerate itself after a full week of clean scans

HOW THIS VIRUS AFFECTED OUR COMPANY

At first we had intermitting internet access problems
It also caused our Leased Line to go down intermittently
When we pinged our default gateway we lost pings intermittently
When we set up ping tests to our external address from an external address it caused pings to drop intermittently
Also the pings to the external address started to talk longer and longer to reply
It started to reply at over 100MS and after a while pings took over 1000ms to reply
Also tracrert started losing too hops before it finally reached our router (this happened so much that we blamed our ISP. sorry guys)

I hope someone found this helpful
And I don’t envy anyone faced with the job of removing this from a big network
If you are faced with this challenge brace yourself for some long days and some longer nights
And best of luck

]]>