Win32:Patched-KX [Trj] prompted me to run R&R

Hi there and welcome. I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Thanks for your patience during this time.

kes13!

 

Hi, sorry for the delay in a response.

Please do the below:

Click Start > Run, and enter cmd and click OK. This will open a command prompt Window. In the command prompt Window, enter the below command in the quote box, followed by the enter key:

Be patient, and once it has finished, please locate the C:\flist.txt file and attach it into your next reply here.

 

Please go to this online scanner, choose "browse" and navigate to: c:\windows\system32\calc.exe choose "open" once located calc.exe and hit submit file button.

Jotti

Let me know what the various scanner results are for this file!

Could you please get this: calc.exe into a zipped file and attach it for me in your next post? To do this, see the below:

Please go to start > Run and paste in the following:

The zipped file will be found at C:\collect.zip. Please attach it into your next response here as well as letting me know about the results from jotti.

Thanks
Kes13!

 

It is not a problem. You installed Microsoft Calculator Plus which just made your calc.exe file standout as not being the normal file size.

 

Yes you can cleanup. Just follow the below instructions.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!