PDA

View Full Version : Need Help for Protection system virus



CL685
09-09-2009, 05:56 AM
For the last couple days I have had problems with windows police pro virus which i was able to fix. Now Protection System virus is attacking me. First it wouldnt let me open any programs, but finally I was able to download and run IObit security 360 which found a large number of threats. It did not really solve the problem though, instead now for just about every program (except microsoft office, and a couple others) it says "Choose a prgram to open this file", basically nothing will run. Also Protection System virus is still there and is doing it's usual thing. I can't use the internet or open regedit, and I have no idea how to fix this. My OS is Windows XP.

Renmoo
09-09-2009, 07:01 AM
1) Try avast antivirus to remove the virus or try performing an online scan using NOD32's scanner available here --> http://www.eset.com/onlinescan/index.php

2) Post a HijackThis log on this thread.

Cheers :)

CL685
09-09-2009, 07:32 AM
I can't run a virus scan because i can't open the internet. When I try to open firefox or IE It says choose a program to open this file and even though Firefox and IE are choices it gives me, if I do choose either of them it still does nothing.

gary67
09-09-2009, 07:36 AM
Download Hijack this on another computer and transfer it over using a CD or flash drive, if you can't get anything to run you might have to pull out the hard drive and connect to another computer to scan it. Failing that you are looking at a re install

CL685
09-09-2009, 08:06 AM
I tried installing hijack from a flash drive but when i tried opening, it gave me the same choose a program to open this file message

b00mtastik
09-09-2009, 08:14 AM
Sounds like connecting to another computer to scan it all down and removing it might be your 1 of 2 options. The next being complete reformat and reinstall.

NOTE: Careful when connecting to another computer, viruses maybe programed to jump through drives/USB/Network - Had the USB one a while back. Infected half my schools IT side because of some idiot. :P

Speedy Gonzales
09-09-2009, 09:33 AM
Boot into safe mode / networking, then scan / post a hijackthis log. It sounds like something has screwed the files up.

Blam
09-09-2009, 10:28 AM
Can you run sfc /scannow in command prompt.
Download and run MBAM:
http://www.malwarebytes.org/mbam.php

If that fails to run, then remove these files manually, and if they cannot be deleted kill their processes or just boot into Safe Mode.

Associated Protection System Files:

c:\Documents and Settings\All Users\Start Menu\Programs\Protection System
c:\Documents and Settings\All Users\Desktop\Protection System.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Protection System\Protection System.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Protection System\Uninstall Protection System.lnk
c:\Program Files\Protection System
c:\Program Files\Protection System\blacklist.cga
c:\Program Files\Protection System\core.cga
c:\Program Files\Protection System\coreext.dll
c:\Program Files\Protection System\firewall.dll
c:\Program Files\Protection System\psystem.exe
c:\Program Files\Protection System\uninstall.exe
c:\Program Files\Protection System\Help
c:\Program Files\Protection System\Help\support.png
c:\Program Files\Protection System\Help\unreg.html
c:\Program Files\Protection System\Help\images
c:\Program Files\Protection System\Help\images\delete.png
c:\Program Files\Protection System\Help\images\info.png
c:\Program Files\Protection System\Help\images\plus_circle.png
c:\Program Files\Protection System\Help\images\tick.png
c:\Program Files\Protection System\Help\images\warn.png
c:\Program Files\Protection System\Help\images\buttons
c:\Program Files\Protection System\Help\images\buttons\offline.gif
c:\Program Files\Protection System\Help\images\buttons\online.gif
c:\Program Files\Protection System\Help\images\buttons\voice.gif
c:\WINDOWS\system32\wingenocx.dll



Associated Protection System Windows Registry Information:

HKEY_CURRENT_USER\Software\Protection System
HKEY_CLASSES_ROOT\BhoNew.BhoApp
HKEY_CLASSES_ROOT\BhoNew.BhoApp.1
HKEY_CLASSES_ROOT\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
HKEY_CLASSES_ROOT\CLSID\{425882B0-B0BF-11CE-B59F-00AA006CB37D}
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Protection System
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run "Protection System"

Blam