"Digital Protection" - new virus/malware?
Solved/Closed
Related:
- "Digital Protection" - new virus/malware?
- Digital convergence - Guide
- Goose virus - Download - Other
- Ntuser.dat virus - Guide
- K9 web protection - Download - Networks
- Can jpg have virus - Guide
13 responses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Apr 10, 2010 at 06:20 AM
Apr 10, 2010 at 06:20 AM
Greetings to all of you,
Ditigital Protection of course is a scam, a rogue Trojan Horse of the same family as all the other rogue Trojan Horses such as Total Security, Dr. Guard, Vista Security 2010. Since, ways have been found to remove most rogues, new one are created under different names because there is a market for this sort of extorsion. I wonder when the different police authorities will finally put this gang under arrest.
Anyhow, Digital Protection differs a little.
The file responsible for downloading the Horse is :
C:\DOCUME~1\Mak\LOCALS~1\Temp\davclnt.exe
It will create the following registry entries:
O1 - Hosts: 59.53.91.102 www.google.com
O1 - Hosts: 59.53.91.102 google.com
O2 - BHO: C:\WINDOWS\system32\zq5e7t.dll - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\zq5e7t.dll
O2 - BHO: (no name) - {BF565D8B-48EB-445F-B2A2-5B3C3B4A7BE0} - c:\windows\system32\vurrozj.dll
O4 - HKCU\..\Run: [hf8wefhuaihf8ewfydiujhfdsfdf] C:\DOCUME~1\Mak\LOCALS~1\Temp\np28bqj.exe
O4 - HKCU\..\Run: [davclnt.exe] C:\DOCUME~1\Mak\LOCALS~1\Temp\davclnt.exe
O4 - HKCU\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\DOCUME~1\Mak\LOCALS~1\Temp\avp.exe
O4 - HKCU\..\Run: [Digital Protection] "C:\Program Files\Digital Protection\digprot.exe" -noscan
O22 - SharedTaskScheduler: hasiufhiusdfjdhfudd - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\zq5e7t.dll
Now, how do I remove it you will ask.
1. Please download and install Hyjackthis.
2. Manually delete the file : C:\DOCUME~1\Mak\LOCALS~1\Temp\davclnt.exe
3. Run a scan with Hyjacthis.
4. Locate and check the entries:
O1 - Hosts: 59.53.91.102 www.google.com
O1 - Hosts: 59.53.91.102 google.com
O2 - BHO: C:\WINDOWS\system32\zq5e7t.dll - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\zq5e7t.dll
O2 - BHO: (no name) - {BF565D8B-48EB-445F-B2A2-5B3C3B4A7BE0} - c:\windows\system32\vurrozj.dll
O4 - HKCU\..\Run: [hf8wefhuaihf8ewfydiujhfdsfdf] C:\DOCUME~1\Mak\LOCALS~1\Temp\np28bqj.exe
O4 - HKCU\..\Run: [davclnt.exe] C:\DOCUME~1\Mak\LOCALS~1\Temp\davclnt.exe
O4 - HKCU\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\DOCUME~1\Mak\LOCALS~1\Temp\avp.exe
O4 - HKCU\..\Run: [Digital Protection] "C:\Program Files\Digital Protection\digprot.exe" -noscan
O22 - SharedTaskScheduler: hasiufhiusdfjdhfudd - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\zq5e7t.dll
5. Click on Fix checked and close Hyjackthis
6. Download, install and update Malwarebyte:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
7. Run a FULL system scan, I insist FULL.
Please, I would appreciate some feedback for all of my typing.
Good luck to all of you.
Ditigital Protection of course is a scam, a rogue Trojan Horse of the same family as all the other rogue Trojan Horses such as Total Security, Dr. Guard, Vista Security 2010. Since, ways have been found to remove most rogues, new one are created under different names because there is a market for this sort of extorsion. I wonder when the different police authorities will finally put this gang under arrest.
Anyhow, Digital Protection differs a little.
The file responsible for downloading the Horse is :
C:\DOCUME~1\Mak\LOCALS~1\Temp\davclnt.exe
It will create the following registry entries:
O1 - Hosts: 59.53.91.102 www.google.com
O1 - Hosts: 59.53.91.102 google.com
O2 - BHO: C:\WINDOWS\system32\zq5e7t.dll - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\zq5e7t.dll
O2 - BHO: (no name) - {BF565D8B-48EB-445F-B2A2-5B3C3B4A7BE0} - c:\windows\system32\vurrozj.dll
O4 - HKCU\..\Run: [hf8wefhuaihf8ewfydiujhfdsfdf] C:\DOCUME~1\Mak\LOCALS~1\Temp\np28bqj.exe
O4 - HKCU\..\Run: [davclnt.exe] C:\DOCUME~1\Mak\LOCALS~1\Temp\davclnt.exe
O4 - HKCU\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\DOCUME~1\Mak\LOCALS~1\Temp\avp.exe
O4 - HKCU\..\Run: [Digital Protection] "C:\Program Files\Digital Protection\digprot.exe" -noscan
O22 - SharedTaskScheduler: hasiufhiusdfjdhfudd - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\zq5e7t.dll
Now, how do I remove it you will ask.
1. Please download and install Hyjackthis.
2. Manually delete the file : C:\DOCUME~1\Mak\LOCALS~1\Temp\davclnt.exe
3. Run a scan with Hyjacthis.
4. Locate and check the entries:
O1 - Hosts: 59.53.91.102 www.google.com
O1 - Hosts: 59.53.91.102 google.com
O2 - BHO: C:\WINDOWS\system32\zq5e7t.dll - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\zq5e7t.dll
O2 - BHO: (no name) - {BF565D8B-48EB-445F-B2A2-5B3C3B4A7BE0} - c:\windows\system32\vurrozj.dll
O4 - HKCU\..\Run: [hf8wefhuaihf8ewfydiujhfdsfdf] C:\DOCUME~1\Mak\LOCALS~1\Temp\np28bqj.exe
O4 - HKCU\..\Run: [davclnt.exe] C:\DOCUME~1\Mak\LOCALS~1\Temp\davclnt.exe
O4 - HKCU\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\DOCUME~1\Mak\LOCALS~1\Temp\avp.exe
O4 - HKCU\..\Run: [Digital Protection] "C:\Program Files\Digital Protection\digprot.exe" -noscan
O22 - SharedTaskScheduler: hasiufhiusdfjdhfudd - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\zq5e7t.dll
5. Click on Fix checked and close Hyjackthis
6. Download, install and update Malwarebyte:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
7. Run a FULL system scan, I insist FULL.
Please, I would appreciate some feedback for all of my typing.
Good luck to all of you.
I just did a restore to a date 2 days prior to when my pc was infected with digital protection, and everything is working fine now. Has anyone else done a restore to clean up this problem?
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Apr 20, 2010 at 04:09 PM
Apr 20, 2010 at 04:09 PM
Hello Skeeze,
You had a good idea, however, ensure that your system volume information is sparkling and run a FULL system scan with Malwarebyte
Regards
You had a good idea, however, ensure that your system volume information is sparkling and run a FULL system scan with Malwarebyte
Regards
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Apr 30, 2010 at 05:01 PM
Apr 30, 2010 at 05:01 PM
Vincent,
Merci pour d'avoir pris le temps d'écrire, tout le plaisir était pour moi.
Thank you for your feedback, all the pleasure was mine.
Ambucias (Québec)
Merci pour d'avoir pris le temps d'écrire, tout le plaisir était pour moi.
Thank you for your feedback, all the pleasure was mine.
Ambucias (Québec)
I am having the same issue on our laptop. Just surfing the net and all of a sudden I couldn't do anything. Did not click ok just kept clicking the x button in the window. tried to use Taskmanager but it was locked out. Turned off (unplugged battery) and rebooted so that Avast could do its job. Found a trojan and removed it. or so I thought.
Ran Avast again, moved one file to quarantine. Now it is off line and I am trying to find some answers on the desktop.
Been to the Yahoo site too, looking for answers. The "application" it is claiming to be on my computer is Digital Protection. This of course does not exist.
Need Help!!!
Ran Avast again, moved one file to quarantine. Now it is off line and I am trying to find some answers on the desktop.
Been to the Yahoo site too, looking for answers. The "application" it is claiming to be on my computer is Digital Protection. This of course does not exist.
Need Help!!!
Just don't worry, that's a fake virus(but very boring, I admit), couldn't damage your system. Antivirus can't remove him, cause he bypass it somehow. He can't erase your antivirus, just doing fake erasing.
It used to call paladin antivirus, and now is digital protection.
You have couple of programs to remove it. Try Revo Uninstaller and TDSSKiller. It was successfully for me...
It used to call paladin antivirus, and now is digital protection.
You have couple of programs to remove it. Try Revo Uninstaller and TDSSKiller. It was successfully for me...
Didn't find the answer you are looking for?
Ask a question
Run.. msconfig
go to start up tab, find the program that looks like the digital protection files, deselect them and find the file manually
mine was in a TEMP folder, i deleted all the files in this folder,
if it couldnt be deleted i used malwarebytes file assasin, enough tries and it will work
then press ok and restart your sytem
if this doesnt work, run ad aware and malwarebytes anti-malware to remove the bulk of it and then try again to manually remove the files
this has worked so far for me
go to start up tab, find the program that looks like the digital protection files, deselect them and find the file manually
mine was in a TEMP folder, i deleted all the files in this folder,
if it couldnt be deleted i used malwarebytes file assasin, enough tries and it will work
then press ok and restart your sytem
if this doesnt work, run ad aware and malwarebytes anti-malware to remove the bulk of it and then try again to manually remove the files
this has worked so far for me
Same thing for me. Using another laptop at home to find a solution. I don't go to rogue sites but somehow picked this one up tonight. Currently running malwarebytes in safe mode. Have run Hijackthis and I've also looked at startup after calling msconfig. Still can't get rid of this. It's a nastier version of the AntiVirus 2009, 2010. I'd love to shoot the bastard who puts this crap out.
I got it too. don't know which web site I was in. Yes all the porn icons on the desktop. I loaded Microsoft security essentials and it seemed to clean it.
After the reboot I had not task manager at ctl Alt delete. googled the error code and had to go intot he registy to delete "DWORD" in a few places. I am not sure it is 100% gone, but everything is working right now.
After the reboot I had not task manager at ctl Alt delete. googled the error code and had to go intot he registy to delete "DWORD" in a few places. I am not sure it is 100% gone, but everything is working right now.
Wow, I just got this yesterday as well. I am so annoyed and can't get rid of it either. Need help!!!
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Apr 10, 2010 at 12:58 PM
Apr 10, 2010 at 12:58 PM
Frank,
Seems that everyone was satisfied with the solution I gave. Anything special in your case?
Regards
Seems that everyone was satisfied with the solution I gave. Anything special in your case?
Regards
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Apr 10, 2010 at 01:09 PM
Apr 10, 2010 at 01:09 PM
Okay let me know, your Trojan Horse may be of a different breed!
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Apr 10, 2010 at 01:24 PM
Apr 10, 2010 at 01:24 PM
Frank,
I will be offline for 2 or 3 hours.
When you are done with Malwarebyte, please run another scan and save a log with Hyjackthis, please copy it and paste it here. I will have a look at it to make sure everything is okay.
Catch you later alligator
I will be offline for 2 or 3 hours.
When you are done with Malwarebyte, please run another scan and save a log with Hyjackthis, please copy it and paste it here. I will have a look at it to make sure everything is okay.
Catch you later alligator
Yes I have been there. It was associated with a nasty malware called digitprot.exe and a falsely named dvclnt.dll. (unsigned) and a nightmare among nightmares. It attempted to remove avg from my system. It or its naughty children were found 14 times on my system by malwarebytes and successfully removed along with the porn short cuts (not my style) and other nasties I am sure were in there. It served popups that greyed my screen and browser out and was generally miserable. Oh it also disables the task manager.
Oh yes and told me that I was under threat of identity theft (by it I am sure). Oh yes, and if you check the website, you can't it serves it in it's own style of browser with no means of verification.
An elaboration no doubt on other common malware.
Oh yes and told me that I was under threat of identity theft (by it I am sure). Oh yes, and if you check the website, you can't it serves it in it's own style of browser with no means of verification.
An elaboration no doubt on other common malware.
Sorry I should have mentioned that I used mbam.exe (since you use malwarebytes you are familiar with it) to remove it. It was successful the first time but I had manually enabled my task manager under services and closed digitprot.exe and the false davclnt.dll. via task manager beginning the scan.
Maybe that will help. I am not incredibly technically minded but am determined that strange programs not take over my machine.
BTW it was not detected by superantispyware or ninja and two entries only were found by AVG DURING the malwarebytes scan.
Maybe that will help more? I did the search on the net yesterday and came up empty on digital protection and digiprot.exe so maybe it was beginner's luck.
Maybe that will help. I am not incredibly technically minded but am determined that strange programs not take over my machine.
BTW it was not detected by superantispyware or ninja and two entries only were found by AVG DURING the malwarebytes scan.
Maybe that will help more? I did the search on the net yesterday and came up empty on digital protection and digiprot.exe so maybe it was beginner's luck.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Apr 10, 2010 at 01:20 PM
Apr 10, 2010 at 01:20 PM
Beginners luck? No, good cybernetic intuition and logical thinking. Bravo!
Try downloading AdAware by going to www.lavasoft.com/products/ad_aware_free.php then click the green "download" lozenge and it will run a scan of all your files. Once it's scanned and detected files it will need you to restart your PC at which point your PC should re-register its boot-log. It deletes Digital Protection and all related files at this point. We re-scanned after this had happened and our laptop is working as per normal.
Carl - Rochester Kent UK
Carl - Rochester Kent UK
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Apr 30, 2010 at 05:12 PM
Apr 30, 2010 at 05:12 PM
Hello Carl_D
Thank you for your contribution, however, from experience, many have had problems after using Lavasoft, but good thing it worked for you.
Thank you again.
Thank you for your contribution, however, from experience, many have had problems after using Lavasoft, but good thing it worked for you.
Thank you again.
Apr 10, 2010 at 10:12 AM
A couple of comments.
In order to delete the davclnt.exe file I needed to paste it to the desktop so upon rebooting I could delete it quickly before it launched. Also, I did not find all the registry entries you list but I deleted the ones that I did have.
Again you saved me a lot of time, thanks again.
Apr 10, 2010 at 10:38 AM
I followed exactly your suggestions and it worked perfectly. Great, thanks a lot
Bledar Shapllo
Tirana, Albania
Apr 10, 2010 at 12:28 PM
Apr 10, 2010 at 01:03 PM
Apr 12, 2010 at 08:27 PM
EDIT: Oh, and I ran Microsoft Security Essentials, the pop ups have ceased, yet my administrator rights still aren't back, what does that mean? PPS: I also triggered the pop ups everytime I attempted to open AVG free, any correlation?