What the hell is bProtector Engine?

[jurx]

Hi!

Yesterday I had a look over the processes list in task manager and what I saw there was a process called "bProtect.exe"(bProtector Engine). There is one System process and one user process listed, file location is C:\ProgramData\bProtector. There are 2 files inside that folder, namely "bProtect.exe" and "bProtect.settings". Did a full scan with malwarebytes, no viruses/adware found. Uploaded to virustotal, no virus found, but I dont think I have ever seen a process like this thats why i'm asking. A day ago I got some trojan-clickers and it seems the files in that folder are created the same day. Is it safe to remove it?

Any help would be appreciated

[leofelix]

Hello
if you have Warcraft III installed do not worry as bProtector.exe is part of that game.
If you do not have Warcraft III installed, have a look here

http://www.threatexpert.com/files/bprotect.exe.html

moreover: MalwareBytes' Antimalware isn't an antivirus.


Please download HitManPro, double click it and run a scan.
Activate HitManPro only if malware has been found

[sujay]

Hi! Can you upload those two files in Virustotal?
https://www.virustotal.com/
Tell us the scan results with link.

[leofelix]

Hi! Can you upload those two files in Virustotal?
https://www.virustotal.com/
Tell us the scan results with link.

ehr

Uploaded to virustotal, no virus found,

; )

[sujay]

Ups sorry..
But can you please give us the link to Virustotal?
I need to know the MD5 hash..!!
If you where/how to know the MD5 or SHA-1 hash can you please search for that in here?
http://www.isthisfilesafe.com/

It could be one of the following
http://www.isthisfilesafe.com/company/bProtector_details.aspx
http://www.isthisfilesafe.com/product/bProtector%20Engine_details.aspx

[jurx]

https://www.virustotal.com/file/f560...dcd0/analysis/
https://www.virustotal.com/file/3d71...is/1332012786/

MD5 hash: 86825c57cfd7babc8ab861aa0cff5212
SHA256: f5607cbed88bc66d8b56cdcef09a276b0b4bf539c38a7cba4146f291e179dcd0

---------- Post added at 03:39 AM ---------- Previous post was at 03:39 AM ----------

Version is 1.0.0.1

---------- Post added at 03:41 AM ---------- Previous post was at 03:39 AM ----------

And under digital signatures, there is Performersoft LLC, hmm...

---------- Post added at 03:49 AM ---------- Previous post was at 03:41 AM ----------

Interesting.


isthisfilesafe.com
......................................
bprotect.exe Details: Trusted

• First seen: February 9, 2012
• Last seen: March 17, 2012

Properties

• Company: bProtector
• Product: bProtector Engine
• Version: 1
• Description: bProtector Engine
• Copyright: Copyright (C) 2011

Size

• File Size:773624 bytes (755.49 KB)

Hashes

• MD5:86825C57CFD7BABC8AB861AA0CFF5212
• SHA-1:EAEE211319514BBDB7216EA0D42C3AB4E2D3D496

Certificate

• Status: VALID
• Company: Performersoft LLC
• Start: July 13, 2011
• End: June 25, 2012
• Serial: 277B96F94D20C1
• Authority: Go Daddy Secure Certification Authority

Reported Behavior

• Action: Inject code to other applications - 1 x
• Action: Spyware like activity - 1 x

-------------------------------------------------------------------

[sujay]

It is safe..!!
http://www.isthisfilesafe.com/sha1/E...6_details.aspx
http://www.runscanner.net/lib/bprotect.exe.html
http://systemexplorer.net/db/bprotect.exe.html
http://forum.avast.com/index.php?topic=95054.0

It must have originated from what Leo said.

[jurx]

There is also a bProtector service under service manager, i'll try to remove it manually as malwarebytes, kaspersky and PC tools Anti Malware could not do it.

---------- Post added at 03:54 AM ---------- Previous post was at 03:53 AM ----------

ups didnt see the last post

---------- Post added at 03:55 AM ---------- Previous post was at 03:54 AM ----------

But still, what if I would like to remove it? May I do it

---------- Post added at 03:57 AM ---------- Previous post was at 03:55 AM ----------

The problem is, I dont have warcraft installed. huh.

[sujay]

I would not prefer you to remove it. It may cause problems with your other software that has dependence on it.

And the behavior is of course not suspicious Try searching for Firefox and see how many suspicious activities does it have. Actually those activities were derived from Emsisoft Mamutu Behavioral detection.

[jurx]

What did I just see... Under service description it says "your browser protector service", really, really strange. I'll try "hitman".

---------- Post added at 04:16 AM ---------- Previous post was at 03:59 AM ----------

Thank you all!!