Assistance needed. Removing win64/patched.a

Discussion in 'Malware Help (A Specialist Will Reply)' started by Siggi, Feb 26, 2013.

  1. Siggi

    Siggi Private E-2

    Hello :)

    My computer has a virus / malware issue with win64/patched.a which has infected the services.exe. At least, this is what I think.

    Would it be possible for anyone to help me in this matter?

    I have followed the step by step plan in removing malware by chaslang.

    The problem still exists.

    Symantec Endpoint Protection Notification pops up constantly, displaying Trojan.Gen.2

    AVG Free anti-virus, displayed win64/patched.a

    I have deleted AVG as it was recommended in the removal process to have only one anti-virus program.

    Below are your step by step removal guide.
    I have also attached the files requested by the quide.

    Please Read These Important Notes for the Malware Removal Guide:
    http://forums.majorgeeks.com/showthread.php?t=35407

    and

    Vista and Win 7 Malware Removal/Cleaning Procedure
    http://forums.majorgeeks.com/showthread.php?t=139681


    Thanks for any help. It is very much appreciated.
     

    Attached Files:

    Last edited: Feb 26, 2013
    Siggi, Feb 26, 2013
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Files/folders tab and locate these detections:


    • [ZeroAccess][FOLDER] U : C:\Windows\Installer\{0c13a46e-90f4-e1c5-b7db-99bb2a75a09b}\U --> FOUND
      [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> FOUND
      [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> FOUND

    Place a checkmark each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Do not reboot your computer yet.

    Now rescan with Hitman and remove these items>
    C:\Users\sj\Ymiskt\Age Of Empires III + Expansions\Age Of Empires III Warchiefs\Warchiefs Expansion Image\Crack + Patch\age3x.exe
    C:\Users\sj\Ymiskt\Age Of Empires III + Expansions\Age Of Empires III Warchiefs\Warchiefs Expansion Image\Crack + Patch\aoe3x104english.exe
    C:\Windows\assembly\gac_32\Desktop.ini (Trojan.ZeroAccess)
    C:\Windows\assembly\gac_64\Desktop.ini (Trojan.ZeroAccess)

    Reboot and rescan with both RogueKiller and HItman and attach those new logs as well.'

    You should not be using cracked software!! It is often the cause of infections.
     
    TimW, Feb 26, 2013
    #2
  3. Siggi

    Siggi Private E-2

    I have deleted the cracked software!

    All reports have been attached.

    RK report 2 - Created after 1st scan
    RK report 3 - Created after deleting files
    HitmanPro....1411.log - Created after 1st scan

    RK report 4 - Created after 2nd scan (after reboot)
    HitmanPro...1425.log - Created after 2nd scan (after reboot)
     

    Attached Files:

    Siggi, Feb 28, 2013
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Looks good. What issues are you still having, if any?
     
    TimW, Feb 28, 2013
    #4
  5. Siggi

    Siggi Private E-2

    The same problem.

    At the current time my Symantec anti-virus is popping up.


    Symantec Endpoint Protection Notification
    Security risk detected: Trojan.Gen.2

    Total notifications: 746

    This is since last post.

    Do believe I am still infected by win64/patched.a or just a bad case of Trojans
     
    Siggi, Feb 28, 2013
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).Make sure that you watch for the license agreement for TrendMicro HijackThis and click on the Accept button TWICE to accept ( yes twice ).

    Then attach the below logs:

    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Feb 28, 2013
    #6
  7. Siggi

    Siggi Private E-2

    The license agreement for TrendMicro HijackThis did not show.

    But the report has been attached.
     

    Attached Files:

    Siggi, Feb 28, 2013
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your Newfiles log did not populate. Please double click the Newfiles.bat and attach the resultant log.
     
    TimW, Feb 28, 2013
    #8
  9. Siggi

    Siggi Private E-2

    I cannot locate Newfiles.bat

    It is not in disc c:\Newfiles.bat
    nor is it on C:\MGtools\Newfiles.bat

    I tried search on start menu --> newfiles.bat but no result

    I did locate newfiles.txt and it is attached just in case.
     

    Attached Files:

    Siggi, Feb 28, 2013
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Sorry, brain fart. Double click on C:\MGTools\Shownew.bat. IF that doesn't populate a log then:

    Download OTL to your desktop.


    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.


    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    Attach both of these logs into your next reply.
     
    TimW, Mar 1, 2013
    #10
  11. Siggi

    Siggi Private E-2

    No worries :)

    C:\MGTools\Shownew.bat. could not populate a log

    I downloaded OTI.

    OTL.Txt and Extras.Txt logs are attached.
     

    Attached Files:

    Siggi, Mar 4, 2013
    #11
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not seeing any malware in those logs. What issues remain?
     
    TimW, Mar 4, 2013
    #12
  13. Siggi

    Siggi Private E-2

    My computer started up with a black background and none of the icons on the desktop worked neither did the icons in the start button. All programs seems to be vanished.

    I had to reboot in safe mode in order to get the computer to work.

    I do appreciate your help, but everything just seems to worsen day by day.
     
    Siggi, Mar 5, 2013
    #13
  14. Siggi

    Siggi Private E-2

    Thank you for your time.

    I have decided to format the pc and re-install windows.


    Cheers

    Siggi
     
    Siggi, Mar 5, 2013
    #14
  15. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Thanks for letting me know. Hope all works out.
     
    TimW, Mar 5, 2013
    #15

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds