Removing win64/patched.A trojan

Welcome to Major Geeks!

Please do the below so that we can boot to System Recovery Options to run a scan.

For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (See: How to attach)

 

Your C:\Windows\System32\services.exe system file is infected and needs to be replace but no backups are showing on your computer. Do you have your Windows 7 Boot DVD?

 

The utility disk is of no use to us. See if you can borrow a disk from a friend or just get a copy of the services.exe file from a friends Windows 7 PC.

But let's also try the below. Sometime ComboFix can find a replacement from System Restore.


Now download and save a copy of combofix.exe and save it directly onto your Desktop folder.

• Then right click on it and select Run As Administrator. Do not disturb it by clicking in the window that opens or it may stall.
• After it finishes, it may reboot your PC. Attach the C:\combofix.txt log that it creates.
• If after running Combofix you discover none of your programs will open up because you receive the following error:
  • Illegal operation attempted on a registry key that has been marked for deletion
• Then you will need to reboot your computer which will normally fix this problem.