Jump to content

2 (or 3) Viruses/ Trojans on my machine


Recommended Posts

Hi there,

I have a netbook which has become quite badly infected in the last few weeks - I have always had AVG installed on my computers and this is the first time it has failed me. I installed AVG Free Edition 2011 a couple of months ago and as soon as it was on, it alerted a couple of problems.

The problems it has been finding are:

Win32/Patched.FR - affects Winlogon.exe and seems to have created a couple of Winlogon duplicates

Win32/Patched.FS - affects Explorer.exe and seems to have created a couple of Explorer duplicates

Trpjan horse Patched_c.JHC - not found in most recent AVG scan, but was in the last one (ran on Friday) and was affecting either Winlogon or Explorer

I did switch over to a fresh copy of Explorer.exe using RegEdit but I can't delete the old virused one.

Had planned to do a factory rebuild using the pre-loaded recovery tools - there is an option to reformat with this - however, when I ran it, the Netbook restarted (as expected) and then after starting the recovery popped up an error on the dos Blue-screen (ie doesn't even get back into Windows OR the Recovery Program) saying "c0000137 privilege failed".

I can get the Netbook to load into Windows again OK, but obviously recovery is not (currently at least) an option.

I'm guessing the virus have come down when we've streamed something, but not sure what. Hoping someone can offer some assistance,

Thanks, Chris.

Link to post
Share on other sites

Hello chrismiscms

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the custom scans and fixes area paste in the below bolded text

    /md5start

    explorer.exe

    winlogon.exe

    /md5stop


  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Link to post
Share on other sites

That is fine there since both version are patched I will need you to uninstall AVG for now since it will interfere with what we need to do.

Please uninstall AVG reboot then please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Hi Kahdah,

Apologies for not replying sooner - AVG2011 wouldn't deinstall using traditional methods but I found a program on the web from AVG that forces removal this morning.

I ran Combofix this morning and it detected inections in the Master Boot Record and needed to restart, however before Restart actually completed once I OKd it, Blue-Screen came up after which I manually powered down and on restarting the Recovery Console launched OK - never done that before since the virus first appeared.

I backed up all my data a few days ago and nothing has changed on the PC since so I have confirmed the Full Destructive Recovery to go ahead - all files will be wiped and PC will be reformatted/ rebuilt - I assume this is because of the Windows Recovery Install which took place thanks to Combofix.

I will update you later on, but it looks like the problem MIGHT be on the way to being fixed.

Link to post
Share on other sites

Recovery Console launched OK - never done that before since the virus first appeared.
Recovery Console is not a recovery partition.

The blue screen in necessary for the disinfection of the mbr.

You do not have to do a built in recovery unless you want to.

Recovery Console is basically a dos way to repair windows in case of blue screen's etc... Cf installs it but it doesn't do anything until we were to enter it but it is only a dos way to access Windows.

The thing that happened to you is it autobooted and went to the recovery partition that is built in from day one of your computer.

If you have gone through with that then it will be fixed because it basically reformatted the system.

If all is well please let me know and we will wrap it up.

Link to post
Share on other sites

Hello again Kahdah,

Sorry for not replying sooner - upon reboot after using the recovery console, Windows threw up a crash log saying I did not have permissions to edit the registry which stumped me for a bit, but on Wednesday this week I copied the recovery console utilities to a USB stick and then re-ran the whole process from the USB stick which seems to wipe everything (including the original install of recovery console) from the HDD.

After that, I am pleased to report that the machine fired up again brilliantly and is now happily working away.

Thanks for your help, Chris.

P.S. Have a Merry Christmas.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.