Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Removing Trojan:Win64/patched.az.gen!dll


  • This topic is locked This topic is locked
12 replies to this topic

#1 MattBunker

MattBunker

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 13 December 2015 - 12:14 AM

Windows Defender has detected the Trojan:Win64/patched.az.gen!dll but an error is encountered when it tries to remove it. I have run Malwarebytes but it has not found anything in relation to this malware. I am unsure if my computer is actually infected as it seems to be running fine but Windows Defender keeps notifying me about it so I would like to take the necessary steps to remove it if I am infected.

Attached Files



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:05:45 AM

Posted 13 December 2015 - 12:20 AM

Hello and welcome to the Malware Removal Logs area :)

I go by Alexstrasza, but you may call me Alex. I will assist you with your problem.

Please allow me some time to analyse your logs and I will be back with instructions.

Edit: Your FRST.txt appears to be the Addition.txt log instead. Please copy and paste the actual FRST.txt log (begins with "Scan result of Farbar Recovery Scan Tool") in your next reply.

Edited by Alexstrasza, 13 December 2015 - 12:23 AM.


#3 MattBunker

MattBunker
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 13 December 2015 - 12:45 AM

Here is the FRST log 

Attached Files

  • Attached File  FRST.txt   32.35KB   4 downloads


#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:05:45 AM

Posted 13 December 2015 - 07:10 PM

Hello MattBunker,

Do you still have the alerts from Windows Defender?


To my knowledge, your topic at the Malwarebytes Community Forum was rejected due to evidence of piracy. I need you to take note of the following.

Pirated software

Bleeping Computer does not allow the use of pirated software.

The practice of using keygenshacking toolscracking toolswareztorrents or any pirated software is not only considered illegal activity, but it is a serious security risk which can turn a computer into a virus honeypot or zombie.
 
When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible, and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.
 
If you want to read on then the full post is here.

I will help you clean your machine, but please remember that this is a one-time deal. After that I will refuse further assistance.

===

Fix with Farbar Recovery Scan Tool
  • Please download the attached fixlist.txt and save it to your Desktop.
    Note: It's important that both FRST/FRST64.exe and fixlist.txt are in the same location or the fix will not work!
    WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system!
  • Run FRST/FRST64.exe and press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log named Fixlog.txt on the Desktop, please post it to your reply.
In your next reply I will need the following information:
  • Confirmation that you have acknowledged the warning;
  • Do you still get warnings from Windows Defender?
  • Contents of Fixlog.txt.
Regards,
Alex 

#5 MattBunker

MattBunker
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 13 December 2015 - 08:36 PM

I don't think I have had any warnings from Windows Defender since I started this post.

Attached Files



#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:05:45 AM

Posted 14 December 2015 - 09:03 PM

Hello MattBunker,

Things look good.  :) Do you notice any other issues?

:step1: Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware from here.

Double click on the file mbam-setup-2.x.x.xxxx.exe to install the application. (x.x.xxxx is the version)
  • Follow the prompt. At the end place a checkmark in Launch Malwarebytes Anti-Malware, then choose Finish.
  • When MBAM opens it will says Your database is out of date. Choose Fix Now.
  • Click on the Scan tab at the top of the window, choose Threat Scan, then Scan Now.
  • If you receive a message that updates are available, choose Update Now button (the scan will start after updates are completed).
  • Please be patient as the scan will take some time.
  • If MBAM detected threats, choose Quarantine for all items, then click Apply Actions.
  • While still on the Scan tab, choose View detailed log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


===

:step2: ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Regards,
Alex

#7 MattBunker

MattBunker
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 15 December 2015 - 02:42 AM

I don't think  I have noticed any other issues.

Attached Files



#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:05:45 AM

Posted 17 December 2015 - 08:35 AM

Hello MattBunker,

My apologies for the delay, it appears that I read the mail at work and forgot about it.

Please create one last set of FRST logs for me - FRST.txt and Addition.txt.

Regards,
Alex

#9 MattBunker

MattBunker
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 17 December 2015 - 05:59 PM

FRST and Addition text files attached

Attached Files



#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:05:45 AM

Posted 18 December 2015 - 05:21 AM

Hello MattBunker,

:step1: I must warn you that you are running Windows 8 and not 8.1. Windows 8.1 contains patches that fix problems in 8, so I recommend that you upgrade if possible.

===

:step2: Outdated Java Se Runtime Environment

Your version of Java is out of dateOlder versions have vulnerabilities that malicious sites can use to exploit and infect your system. See herehereand here for information on the dangers of using outdated Java.

If you do not use Java, please uninstall it via Programs and Features. It will save you the trouble of having to keep Java updated, as well as reducing the attack surface that malware can exploit to infect your system.

If you need to use Java, please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) and save it to your desktop.
  • Click Agree and Start Free Download to download the installer for Java.
  • Go to Start > Control Panel, double-click on Programs and Features and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the Java installer to install the newest version.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted offers during installation, just uncheck the box before continuing unless you want it.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Let me know when you have finished the updates.

Regards,
Alex 



#11 MattBunker

MattBunker
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 20 December 2015 - 03:07 AM

Updated Java



#12 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:05:45 AM

Posted 21 December 2015 - 11:23 AM

If you have no more problems, then your computer should be clean. :)

Please run one last tool to clean things up, and you are good to go.

Download DelFix from here and save it to your Desktop.
  • Close all running programs and start DelFix.
  • Make sure all available options are checked.
  • Click Run.
  • DelFix will remove the most of the tools used during the cleaning process, purge all system restore points and create a new one, activate UAC (if you have it disabled) and restore settings changed by malware removal tools.
You can uninstall ESET Online Scanner from Programs and Features in Control Panel.

Safe computing practices

Best Practices for Safe Computing - Prevention of Malware Infection
How Malware Spreads - How did I get infected
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)

Please reply to this thread one more time so it can be closed.

Have a good day, and be safe! It has been a pleasure :)

Regards,
Alex

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,981 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:45 AM

Posted 24 December 2015 - 08:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users