-
February 20th, 2009, 12:46 PM
#1
Member
Trojan Horse Win32/PEPatch.AO
I need some guidance. Here is the story:
Win XP 'puter
missing the explorer.exe file due to ....??? It was causing me to only see the wallpaper at startup. NO icons, NO task bar. This was rectified. I now have full access to the desktop and task bar.(thanks to Nihil and others on the Operating system topic area.)
System is running AVG 8.0.
Now for the problem. AVG is detecting the above trojan in resident shield scan but it is always attached to a valid process. AVG only gives me the option to Ignore it also. I have run Spybot S&D, Malwarebytes Malware scan, AVG, and Hijackthis.
Spybot and MWB both caught things but did not solve the problem.
I thought of this afterwards and did not try it. But, everytime i would run a different virus/*ware scan, the AVG resident shield would detect the trojan. Everytime it would only allow me to ignore. Everytime it was attached to a valid process (in each case, the process was the virus/*ware scanner that I was running at the time. If i disable the Resident shield, then run the scans, will that clear it? or am I dealing with a special case. I cannot seem to find much info on it.
Thanks in advance for the help.
Len Q.
-
February 21st, 2009, 03:54 AM
#2
Dump AVG and install Avira AntiVir in its place. AVG's not what it used to be.
edit - try running Killbox to end any rogue process: http://killbox.net/
edit #2 - disable System Restore and empty ALL temp folders (you may need
to toggle Folder Options to make some visible). Also search for any recently
datestamped .exe's, .tmp's, .dll's and .~'s (null) files. Delete those, backup
if necessary.
Last edited by brokencrow; February 21st, 2009 at 04:38 AM.
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
February 21st, 2009, 12:21 PM
#3
Have you managed to get hold of an XP installation CD for the same version and SP as the one on the infected machine?
If so try running this: SFC.EXE /SCANNOW
Windows should then replace corrupted/infected system files.
I would also get CCleaner and run it to clear out rubbish.
http://www.ccleaner.com/
Also try using its registry cleaner to get rid of malware remnants.
Follow brokencrow's advice and then re-scan in safe mode.
You might also try scanning with this:
http://www.emsisoft.com/en/software/free/
In safe mode the interactive scan should be turned off by default. You should only be scanning with one tool at a time for best results.
-
February 21st, 2009, 04:23 PM
#4
Member
Yes i have a copy of the install disk. I ran:
sfc /scannow
This is the first time i have run this program. Is something supposed to happen afterward? It ran but i did not see any change or difference. no addititional windows popped up or anything.
i will do what brokencrow suggests and let everyone know.
nihil, i will also try ccleaner and emisoft to see what happens.
We are getting closer to getting this blasted thing fixed.
Len
-
February 21st, 2009, 05:21 PM
#5
Hi Len,
I believe that you need to reboot afterwards.
All you would expect to see is a progress bar. If you don't get that you can make a registry amendment:
When you run scannow at logon you do not get a progress bar... This can easily be remedied by adding a new DWORD: SFCShowProgress to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
the values available are: 0 = disabled, 1 = enabled
It still works with or without the progress bar
I would also think about downloading and installing SP3.
-
February 25th, 2009, 08:04 PM
#6
Member
Going from bad to worse. Finally got back to this computer. Someone turned it off and now it will not even boot. It keeps restarting right after the Windows Xp screen. They are just going to buy a new one at this time. They want a laptop anyway.
Still going to try to clean this one up though. install disk, repair, etc. We shall see what happens.
Len
Similar Threads
-
By GbinaryR in forum AntiVirus Discussions
Replies: 11
Last Post: October 30th, 2008, 09:33 AM
-
By ThePreacher in forum Miscellaneous Security Discussions
Replies: 17
Last Post: December 14th, 2006, 09:37 PM
-
By jin29_neci in forum AntiVirus Discussions
Replies: 11
Last Post: November 23rd, 2004, 06:10 PM
-
By d00dz Attackin in forum The Security Tutorials Forum
Replies: 1
Last Post: May 2nd, 2003, 04:47 AM
-
By LordChaos in forum Firewall & Honeypot Discussions
Replies: 19
Last Post: October 4th, 2002, 11:58 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|