C:\Windows\System32\protector.exe

Discussion in 'Malware Help (A Specialist Will Reply)' started by metrognome7, Nov 10, 2006.

  1. metrognome7

    metrognome7 Private E-2

    All -

    Good evening. I've just been handed a laptop from work, previously used by an employee who's now left us, and Norton is popping up about every 10 seconds with a "High Risk" warning regarding a program called "protector.exe" and it's attempts to connect to the internet. Furthermore, I cannot connect to the internet via any means but IE - Firefox, AIM, etc are all acting as if there's no active connection. I have attempted to DL Spybot S&D, but the moment I try to connect to the server it gets stuck.

    I can't find this program anywhere in the active processes, nor can I find it in any folder. My computer savvy extends to running msconfig.exe and other such things, but I am by no means a techie.

    PLEASE HELP! Thanks.

    INFO:
    Windows XP
    Toshiba Satellite laptop
     
    metrognome7, Nov 10, 2006
    #1
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

    http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    • Make sure you check version numbers and get all updates.
    http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

    http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

    http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis
    • Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..
    http://www.majorgeeks.com/images/grenade.gif In your next post, please make sure you attach the following logs and that you have run these scans in the following order:
    • CounterSpy - ONLY IF you were not able to run Windows Defender
    • Bitdefender - from step 6
    • Panda Scan - from step 6
    • runkeys.txt - the log from GetRunKey.bat
    • newfiles.txt - the log from ShowNew.bat
    • HijackThis
    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
     
    bjgarrick, Nov 10, 2006
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds