winprot.exe

[d14n]

hi all..

yesterday my pc infected by so many virus.....because i was disable my antivir...after i restart my pc, suddenly when log into windows, there are two pop up came.....

1. mention that winprot.exe missing...
2. desktop can't load winprot.exe

note: winprot.exe is one of the virus infected my pc.

After I knew that I can't open almost program installed in my pc, so I decide to scan online using www.windowsecurity.com....got many virus inside n deleted already. Then I scan again using trojan remover from safe mode.
After that, know I can use all my program, but the 2 pop up (winprot missing) still coming when I on my pc.

Is my pc still infected by virus? n how to solve it?

tq

 

[Cromewell]

It's probably just not cleaned up entirely. Be very careful when following the below steps. If you are unsure about something don't do it, if you delete the wrong thing you can screw up your computer.

Make a backup copy of C:\windows\win.ini then open it in notepad.

Find the lines:
run=winprot.exe
load=winprot.exe

and delete the part that says winprot.exe so it looks like this:
run=
load=

Start regedit and make a backup of the following entries:
HKEY_LOCAL_MACHINE\SOFTWARE\MicroSoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\MicroSoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\SOFTWARE\MicroSoft\Windows\CurrentVersion\Run
HKEY_USERS\.Default\SOFTWARE\MicroSoft\Windows\CurrentVersion\Run

You can make backups by right clicking on them and picking export.

Click on each of those entries you backed up, find the key called 'System Protect' (it's value will be winprot.exe) and delete it (right click on it and pick delete).

Finally, just to be sure in the C:\windows\system\ make sure winprot.exe is deleted.

 

[John McKenna]

Alternatively, post a HijackThis log if you're not happy about delving into your registry. HijackThis will display the registry keys highlighted above by Cromewell if still present and is far safer at removing them than manual registry editing.

If you've never used HijackThis before:

Download HJTInstall.exe to your desktop.

• Double-click HJTInstall.exe icon on your desktop to start the installation.
• By default it will install to C:\Program Files\Trend Micro\Hijack This.
• Click the Install button and HijackThis will launch automatically.
• Click the Scan button to generate a HijackThis log and then click Save Log to open it as a text file.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back to this thread and Paste the log (Ctrl+V) in your next reply.