Go Back   TechArena Community > Technology > Networking & Security
How to remove Trojan.Pcprotector trojan How to remove Trojan.Pcprotector trojan
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read SiteMap

Tags: , , , ,

Sponsored Links



How to remove Trojan.Pcprotector trojan

Networking & Security


Reply
 
Thread Tools Search this Thread
  #1  
Old 26-02-2010
Member
  
Join Date: Nov 2009
Posts: 3,254
How to remove Trojan.Pcprotector trojan
Hi friends, I suffering some system problem with Trojan.Pcprotector virus. This virus using extensive of CPU which makes system extremely slow. This idiot virus also display some pop up on the screen at specific time of interval. This malware collecting some important data and information from the hard disk and trying to using internet connection. Can any one help me to remove this virus from my computer?
Reply With Quote
  #2  
Old 26-02-2010
Steve123's Avatar
Member
  
Join Date: Feb 2008
Posts: 2,619
Re: How to remove Trojan.Pcprotector trojan
Once Trojan.Pcprotector trojan runs, then this Trojan generate the given files:
  • C:\Documents and Settings\All Users\Desktop\Your PC Protector.lnk
  • %ProgramFiles%\schtml\images\i1.gif
  • %ProgramFiles%\schtml\images\j2.gif
  • %ProgramFiles%\schtml\images\j3.gif
  • %ProgramFiles%\schtml\images\jj1.gif
  • %ProgramFiles%\schtml\images\l2.gif
  • %ProgramFiles%\schtml\images\l3.gif
  • %ProgramFiles%\schtml\images\pix.gif
  • %ProgramFiles%\schtml\images\t1.gif
  • %ProgramFiles%\schtml\images\w11.gif
  • %ProgramFiles%\schtml\images\w2.gif
  • %ProgramFiles%\schtml\images\w3.gif
  • %ProgramFiles%\schtml\images\w3.jpg
  • %ProgramFiles%\schtml\images\wt3.gif
  • %ProgramFiles%\schtml\wispex.html
  • %ProgramFiles%\skynet.dat
  • %ProgramFiles%\wp4.dat
  • %ProgramFiles%\Your PC Protector
  • %ProgramFiles%\Your PC Protector\Your PC Protector.exe
  • %Windir%\Temp\8fc
  • %Windir%\Temp\a7b
Reply With Quote
  #3  
Old 26-02-2010
Shen's Avatar
Member
  
Join Date: May 2008
Posts: 2,918
Re: How to remove Trojan.Pcprotector trojan
This also makes the given registry entries:
  • HKEY_CLASSES_ROOT\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}\"(Default)" = "ADC PlugIn"
  • HKEY_CLASSES_ROOT\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}\InprocServer32\"(Default)" = "%SYSTEM%\Program Files\adc32.dll"
  • HKEY_CLASSES_ROOT\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}\InprocServer32\"ThreadingModel" = "Apartment"
  • HKEY_CURRENT_USER\Software\Your PC Protector\Your PC Protector\setdata\"scantime" = "[CURRENT TIMESTAMP]"
  • HKEY_CURRENT_USER\Software\Your PC Protector\Your PC Protector\setdata\"scantime" = "[CURRENT TIMESTAMP]"
  • HKEY_CURRENT_USER\Software\Your PC Protector\Your PC Protector\setdata\"scncnt" = "[NUMBER]"
  • HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\AdbUpd\"DisplayName" = "Adobe Update Service"
  • HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\AdbUpd\"ErrorControl" = "0x00000001"
  • HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\AdbUpd\"ImagePath" = "%SYSTEM%\Program Files\svchost.exe""
  • HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\AdbUpd\"ObjectName" = "LocalSystem"
  • HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\AdbUpd\"Start" = "0x00000002"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd\"Type" = "0x00000010"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd\Security\"Security" = "[DATA]"
Reply With Quote
  #4  
Old 26-02-2010
Big Fish's Avatar
Member
  
Join Date: Jan 2006
Posts: 3,514
Re: How to remove Trojan.Pcprotector trojan
Trojan.Pcprotector trojan then makes some changes the given registry entries:
  • HKEY_CLASSES_ROOT\exefile\shell\open\command\"(Default)" = "%SYSTEM%\Program Files\alggui.exe "%1" %*"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\"Locked" = "0x00000001"
__________________
Truly, if there is evil in this world, it lies within the heart of mankind. -Edward D. Morrison

Old soldiers never die- they just fade away.
Reply With Quote
  #5  
Old 26-02-2010
Zachary's Avatar
Member
  
Join Date: Jan 2006
Posts: 3,932
Re: How to remove Trojan.Pcprotector trojan
Locate and remove the given registry entries:
  • HKEY_CLASSES_ROOT\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}\InprocServer32\"(Default)" = "%SYSTEM%\Program Files\adc32.dll"
  • HKEY_CURRENT_USER\Software\Your PC Protector\Your PC Protector\setdata\"scantime" = "[CURRENT TIMESTAMP]"
  • HKEY_CURRENT_USER\Software\Your PC Protector\Your PC Protector\setdata\"scantime" = "[CURRENT TIMESTAMP]"
  • HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\AdbUpd\"ErrorControl" = "0x00000001"
  • HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\AdbUpd\"Start" = "0x00000002"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd\"Type" = "0x00000010"
__________________
90% of everything is crap...except for crap, because crap is 100% crap
Reply With Quote
Reply

  TechArena Community > Technology > Networking & Security

« Removal solution for SymbOS.Exy.E    Need to remove Infostealer.Saluni virus. »

Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "How to remove Trojan.Pcprotector trojan"
Thread Thread Starter Forum Replies Last Post
How to remove Trojan: win32/fakesysdef and trojan@winnt/alureon.s. Barnard Networking & Security 8 28-08-2011 10:50 AM
Lan network infected with IPH.Trojan.Hiloti.B ,Trojan.FakeAlert.SA , Malware.Trace emMetTi Networking & Security 6 15-07-2011 08:24 PM
My system is infected with Trojan.FakeAV!gen15 Trojan Bindusar Networking & Security 4 17-01-2010 06:10 AM
How to remove Trojan-Downloader.Dadobra.CP trojan? Harper 21 Networking & Security 5 13-01-2010 02:25 PM
How to remove Trojan Brisv.A !inf - Trojan Brisv.a inf removal tool dfinc AntiVirus Software 2 20-02-2009 03:03 PM


All times are GMT +5.5. The time now is 08:16 AM.

Contact Us - TechArena - Privacy Statement -