Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32 infected. Please help


  • Please log in to reply
19 replies to this topic

#1 Nosrak2671

Nosrak2671

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 18 August 2010 - 06:05 PM

So I got a resident shield alert from my AVG saying that my system 32 was infected. It is repeating

Virus identified Win32/patched.FM as well as FL.

The object is being white listed. Can anyone help me fix this?

I have XP home as my OS btw

Says system32\winlogon.exe and explorer.exe are the infected files

Edited by Nosrak2671, 18 August 2010 - 06:17 PM.


BC AdBot (Login to Remove)

 


#2 Nosrak2671

Nosrak2671
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 18 August 2010 - 08:09 PM

Can anyone help?

#3 Jovi23

Jovi23

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 18 August 2010 - 08:47 PM

I am having the exact same problem as the above user.

Is there anyone who can help? please?

Someone in Yahoo answers posted this for the virus but it hasn't worked. I don't know if it would help you.


Follow this instructions to Remove Virus in you Computer.
Restart You Computer Safe Mode with Networking


1. Log out and reboot your machine.

2. When the machine starts the reboot sequence, press the F8 key repeatedly.

3. Select Safe Mode with Networking from the resulting menu.

4. Login. If the malware has changed your password, try logging in as
Administrator. By default, Administrator has no password.

5. The machine will continue booting, but the Windows desktop will look different.

Then in The Safe With Networking .Download by using Rkill press here http://www.bleepingcomputer.com/forums/t…

Download and Scan By Using Malwarebytes’ Anti-Malware http://download.cnet.com/Malwarebytes-An…

Download and Scan By Using Super Anti-Spyware Press here http://www.superantispyware.com/

Download ATF is a new, freeware, temporary file cleaner for Windows, IE, Firefox and Opera with a simple, easy-to-use interface.

The main screen allows the user to either clean all temporary files, or select files for cleaning. The program also knows if Firefox and or Opera is being used, and gives the option of cleaning the temporary files associated with those applications.

ATF Cleaner provides the user with a window showing the total bytes freed upon completion. The program is small (36kb), quick to run and no installation required. to Download ATF Cleaner press this link http://download.cnet.com/ATF-Cleaner/300…

Download and Scan By using
Remove Fake Antivirus 1.64 press here http://www.softpedia.com/progDownload/Re…
After Finish Scan and Remove all Virus,Restart you Computer to be Normal.

Then
Download and Scan again By using Norman Malware Cleaner Press here http://www.norman.com/support/support_to… This is to make sure you Virus, Malware, Trojan, Worm,
Rogue Fake Anti-Virus, Hijack Web Browser, Pop up Advertisements,
Rootkit and Spyware it is not on you Computer Forever.

#4 Nosrak2671

Nosrak2671
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 18 August 2010 - 09:10 PM

Thanks I'll give it a try

#5 aladc2001

aladc2001

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 18 August 2010 - 09:25 PM

i have the same problem
i also have AVG---updated two days ago

Infection name---Win32/Patched.Fm
---Win32/Patched.Fl


Infected Files---WINDOWS\system32\winlogon.exe
---WINDOWS\explorer.exe

My Avg protection lapsed, while lapsed I got the virus Security Suite
After going online to find a cure i decided to follow instructions using Malewarebytes/Rkill
I did remove security suite and thus decided to renew my AVG
I have now encountered the virus mentioned above
I am suspicious of Malewarebytes and rkill
I have removed them both from my computer

Does anyone have a manual way to fix this infection?

Edited by aladc2001, 18 August 2010 - 09:27 PM.


#6 Nosrak2671

Nosrak2671
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 18 August 2010 - 09:34 PM

So rkill terminated itself or just didn't run. I'm finding a few small infections with malware and what not, but nothing is correcting this problem.

I also have a search virus (When I search through Google or other engines if I try to select a site Firefox will usually crash or send me to an ad site) I don't know if its related.

I'm wondering if I should bite the bullet and buy a new hard drive. They aren't that expensive, but I hate to lose all my stuff.


I also updated AVG not too long ago. I didn't have internet for the summer but am back for school now and so I updated it. Weird coincidence.

Edited by Nosrak2671, 18 August 2010 - 09:36 PM.


#7 Jovi23

Jovi23

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 18 August 2010 - 09:46 PM

Maybe it's not such a coincidence as i also updated AVG a couple of days ago.

From google searches i have gathered that a file called kernel32.dll is usually associated with the virus we are currently experiencing...

#8 Nosrak2671

Nosrak2671
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 18 August 2010 - 09:47 PM

TTDS killer I believe it was found that file but I don't think it could remove it. I'm going to try it again.


I actually did delete that file, but nothing has changed it would seem.

Edited by Nosrak2671, 18 August 2010 - 09:50 PM.


#9 Jovi23

Jovi23

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 18 August 2010 - 10:09 PM

I know this may seem like a stupid solution but has anyone tried to run an AVG scan and see if it can pick it up and remove it from there?

and then after probably run a couple spyware programs but in safe mode to make sure it's detected...

I'm going to try that now...

#10 Nosrak2671

Nosrak2671
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 18 August 2010 - 10:19 PM

If this works I'm having my roommate punch me in the face

#11 Jovi23

Jovi23

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 18 August 2010 - 10:23 PM

hey I never said it would work!

Just have to try something!

#12 aladc2001

aladc2001

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 18 August 2010 - 10:27 PM

AVG responds with message---- cannot remove infected item the object is white-listed critical/system file that should not be removed

#13 Nosrak2671

Nosrak2671
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 18 August 2010 - 10:28 PM

I figured that would happen. Maybe someone with some virus knowledge will get on later

#14 benko916

benko916

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sacramento California
  • Local time:12:00 PM

Posted 19 August 2010 - 02:31 AM

I have the exact same problem!!! ANd I have AVG as well......... Resident shield keeps telling me about the Viruses and it is really getting annoying... I need help and I am computer illiterate!!! I need HELP!!!!!

#15 CarlosM

CarlosM

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 19 August 2010 - 02:43 AM

We really need help with this! But no one will answer. :'(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users