Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse patched_c.JED


  • Please log in to reply
73 replies to this topic

#1 BladeMirage

BladeMirage

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 01 October 2010 - 06:50 PM

For those reading this topic, this is an advanced malware and unless you absolutely know what you are doing, and are willing to deal with the consequences of fixing a computer gone bad, we suggest that you request malware removal help using this topic:

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

For those who wish to work it out on your own, please do so at your own risk as you will see from other's posts in this topic that some fixes could cause your computer to become non-operational.

-Grinler



Hello everyone, after dealing with a search engine redirect problem last night (dealt with it with malwarebytes, then it returns a hour later, malwarebytes didn't find it so I used noscript on my firefox), I get this virus just a few minutes ago. It's in my browser.exe.

AVG detected it as a multiple threat pointing to the C:\\WINDOWS\explorer.exe file... and the resident shield log is still logging it. Scan is still not finished but is there anything I should know before I decide what AVG must do with this file? The resident shield told me it's a white listed file.

Thanks for your time in reading this, I shall hope to be able to get this resolved. It is scaring me. :thumbsup:

Edited by Grinler, 03 October 2010 - 09:21 AM.


BC AdBot (Login to Remove)

 


#2 Williamsf1

Williamsf1

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 01 October 2010 - 10:49 PM

I'm having the exact same problem. The AVG Resident Shield Alert constantly pops up saying c:\\WINDOWS\explorere.exe is infected with Trojan horse Patched_c.JED. I also got this after dealing with a search engine redirect problem last night.

#3 roba5263

roba5263

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 01 October 2010 - 11:09 PM

I'm having the exact same problem on my laptop running WinXP SP3. AVG's resident assistant continously warns me that WINDOWS\explorer.exe is infected with Trojan Horse Patched_c.JED. I'm also having the search redirect problem. Whenever I search on google with opera, it redirects me to some random link when clicking any of the results. From time to time I will also get a "Generic Host Process Win32 services has encountered a problem and needs to close" error message. This is very frustrating. I ran a search with AVG and thought it removed the trojans, but upon reboot I cannot even get to my desktop (only wallpaper loads). I suspected that AVG removed the explorer.exe file completely, so I went into safe mode and ran system restore from the command prompt to restore it. But now I'm back to the original problem with this trojan and the search redirect. Does anyone know how to resolve this?

#4 Xette

Xette

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 01 October 2010 - 11:31 PM

I'm having this problem as well. In fact, I can't even access this site from the infected computer. Every search result I click redirects me to a different site. My AVG Resident Shield keeps popping up saying my explorer.exe is infected with the Trojan Horse Patched c.JED.

I ran a virus scan and it popped up but I can't delete/fix it. Now I'm afraid to reboot my computer after reading roba5263's comment about accidentally deleting the actual explorer.exe file.

This thread seems to be the only topic on the internet regarding this problem. I guess it's new. Lucky us. Hopefully a solution comes out soon.

#5 BladeMirage

BladeMirage
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 01 October 2010 - 11:38 PM

Whoa, I'm not alone. We're all having the exact problem. I'm in safe mode and running command line scanner with AVG (no luck). I think my explorer.exe is corrupted too :flowers: From what I remember, I never entered red sites or anything. I mostly stayed to my safe sites... :thumbsup:

Hope someone can come to the rescue! I dearly want my desktop back in working order. For now my laptop's my only safe computer.

#6 Williamsf1

Williamsf1

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 01 October 2010 - 11:41 PM

Whoa, I'm not alone. We're all having the exact problem. I'm in safe mode and running command line scanner with AVG (no luck). I think my explorer.exe is corrupted too :flowers: From what I remember, I never entered red sites or anything. I mostly stayed to my safe sites... :thumbsup:

Hope someone can come to the rescue! I dearly want my desktop back in working order. For now my laptop's my only safe computer.

If nothing is appearing when the desktop loads other than your wallpaper, go into system restore and choose an earlier date. Then restart your computer and everything should appear to be normal again, other than the constant AVG popups.

#7 Alby22

Alby22

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 01 October 2010 - 11:57 PM

I have the Same problem
For anyones info this is what I have tried so far

I turned of the system restore
I ran a Full scan with AVG and it Deleted the file with a restart
No Explorer means desktop but Comp will run
I copied the file from my laptop ( must be version Serv pack 3 over on a mstick and Ctrl alt del to bring up the task manager
Go to file run new task
Browse
find file on stick right click to copy
Go Window folder
Right click paste
enter
Desktop is back up
Exit
Turn Sys Restore back on
Restart Comp

None of this made any difference and the Dam AVG RSA keep coming up

Iam going to try it in safe and see if that makes any difference

Iam still working on it
Has anyone got any ideas ???

Edited by Alby22, 02 October 2010 - 12:00 AM.


#8 BladeMirage

BladeMirage
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 02 October 2010 - 01:04 AM

Hmm... I remember when I was looking into explorer.exe online for any solution Some people said (this is some other site) if you make it read-only, the virus shouldn't be able to touch it. Though I'd rather wait for expert help before even attempting anything. My AVG is still running its command line scan in safe mode for nearly two hours now I think. Malwarebytes and Spybot still found nothing, so I guess the explorer.exe file really has been messed up.

But if anyone's brave enough to give it a shot... I'd like to know :thumbsup: It seems to have worked for some... I'll have to get my explorer.exe from my parent's computer because this laptop is a Windows 7 when my desktop's a XP SP3

#9 Xette

Xette

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 02 October 2010 - 02:23 AM

I posted logs of this problem at: http://www.techsupportforum.com/security-c...plorer-exe.html

Hopefully, they'll be able to provide some help with this issue. I'll let you guys know how it goes!

#10 BladeMirage

BladeMirage
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 02 October 2010 - 02:28 AM

Sounds good to me :flowers: Hopefully someone out there can help us!
I'm currently trying to dig around for my XP cd to see if I can destroy the old explorer.exe and put the new one in as read only. Not sure if I'd really go ahead til someone can help :thumbsup:

#11 Alby22

Alby22

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 02 October 2010 - 02:34 AM

The Explorer.exe file will be Service pack you have installed
ie
SP2 or SP3

#12 Alby22

Alby22

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 02 October 2010 - 03:24 AM

over wrote old file with uninfected one via a boot disc

Still no change on bootup

The RSA still coming up

May be the problem is AVG and not the explorer File ?????

Edited by Alby22, 02 October 2010 - 03:25 AM.


#13 BladeMirage

BladeMirage
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 02 October 2010 - 03:46 AM

possibly, because Malwarebytes and Spybot found nothing when I did my inital scan.... I have paid trend micro on this laptop, might try installing it to my computer and then get a copy of explorer exe from my parent's computer. I did have a false virus problem before with AVG, not the first time.

But that browser redirect problem is real...

#14 caelus

caelus

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 02 October 2010 - 05:02 AM

I have the same problem, but I think the virus not only infected explorer.exe, but also winlogon.exe too, if you click on the file name on the AVG pop up window, you will see that winlogon.exe is one of the process name too, which makes the problem much harder to solve, coz if you delete your winlogon.exe you might not be able to start windows next time you turn on your computer.

#15 Blazery

Blazery

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 02 October 2010 - 07:32 AM

Hey everyone. I have a similar problem in that my AVG shield keeps popping up saying the file C:\WINDOWS\explorer.exe has been infected by Trojan horse Patched_c.JED, and I was surprised to find this is the only discussion of this virus. I say similar problem though, because I don't quite have the same problems you guys are having. I have no search engine redirect problem. Instead, I get a message after a while saying that I have low disk space on my C:\ drive. I'm not sure how the virus is able to fill up more than 17 GB of free space in about 10-20 minutes, but that's what it does. Eventually, I get another message saying I can't do a system restore because I don't have enough free space. I ran various virus scans and nothing was detected, so I restarted my computer and attempted to do a system restore, but nothing changed.

Now I think I've found a temporary solution... at least the pop ups have stopped, that is. I opened up task manager (CTRL+ALT+DLT) and ended a couple of processes that are related to AVG (basically anything with avg as the first 3 letters of the process name) until the popups stopped, and it seemed to work. I have not restarted my computer since, but it's working fine now. I suspect the next time I turn it on, I'll have to do the same thing again.

I have no idea how I got this virus, but I suspect it happened while I was trying to use a free fraps program. I got the first popup after I recorded a video for the first time. The program was called E.M. Game Capture, but there doesn't seem to be any known viruses associated with this. I used this link to download it:

Edited by elise025, 03 October 2010 - 03:37 AM.
Link removed for safety reasons, just in case... ~ Elise





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users