also @ TechSpot: iTunes 11.0.3 delivers revamped MiniPlayer, security fixes

Can't remove win64/patched.a

Discussion in 'Virus and Malware Removal' started by Dadajmond, Oct 28, 2012.

Post New Reply
Page 1 of 3

  1. Dadajmond Newcomer, in training Posts: 38

    Hi!

    I'm a 26 year old girl who has become a victim to This horrible virus. I have tried restarting the computer in fail safe mode and scanning with spybot, spydoctor and avg. I succeeded in removing some trojans (also got à few called seherif gen and bio something) but when I restarted to normal mode My computer just bluescreened on me.... I saw à similar topic with someone who also had This virus win64/patched.a WHO got help from à dragonmaster Jay with getting some kind of fixlist...

    Can u help me too??? Need step by step instructions:( very grateful for your help.

    Thank you from Sweden.
    Dadajmond, Oct 28, 2012
    #1

  2. Dadajmond Newcomer, in training Posts: 38

    I restored the computer to the point before I deleted the malware in fail safe mode so now I can start the computer again normally but all the trojans and that win64-virus is still there :(
    Dadajmond, Oct 28, 2012
    #2

  3. Broni Malware Annihilator Posts: 39,231   +175

    Welcome aboard [IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
    Broni, Oct 28, 2012
    #3

  4. Dadajmond Newcomer, in training Posts: 38

    Thank you so much for your help! I downloaded Farbar and put it on a flash drive. However, I Can't hit the F8 key to get into advanced options...delete key gets me into the bios settings just fine, and f12 key gets me the boot priority list (harddrive cdrom etc). but when I push f8 NOTHING happens. I get to a black screen right after "loading operating system" and a blinking mark such as when you're trying to write something in a word document...I havent waited more than five minutes tho, but I suspect it should work faster than that anyways??? nothing happens so I reboot with the button on the computer. is there another way to do this or is F8 the only way to go???

    Grateful for further help.
    Dadajmond, Oct 28, 2012
    #4

  5. Broni Malware Annihilator Posts: 39,231   +175

    Is this Windows 7?
    Broni, Oct 28, 2012
    #5

  6. Dadajmond Newcomer, in training Posts: 38

    Yes that is correct. Windows7 professional
    Dadajmond, Oct 28, 2012
    #6
     

  7. Broni Malware Annihilator Posts: 39,231   +175

    Broni, Oct 28, 2012
    #7

  8. Dadajmond Newcomer, in training Posts: 38

    Thank you I Will Try This. So I need à 64 gig dvd since I have the 64 bit version??? I apologize for the noob questions :p
    Dadajmond, Oct 29, 2012
    #8

  9. Dadajmond Newcomer, in training Posts: 38

    I saw now that the iso is 3 gig... Can I copy it to a flashdrive instead? I have one that holds 8 gigs... However I am unsure on how to boot with the flash drive because there are four different "usboptions" in the boot options..
    Dadajmond, Oct 29, 2012
    #9

  10. Dadajmond Newcomer, in training Posts: 38

    I also have 4,7 gigs dvds. should I burn to one of those? =) I understand that you are sleeping now or something, cause were in different time zones :p in sweden it's noon right now :D
    Dadajmond, Oct 29, 2012
    #10

  11. Broni Malware Annihilator Posts: 39,231   +175

    Regular 4.7 DVD will be just fine.
    Broni, Oct 29, 2012
    #11

  12. Dadajmond Newcomer, in training Posts: 38

    Okay thank you! I have burnt the iso onto a disc and I will now try to follow the steps provided. Will be updating with the progress in a few hours.
    Dadajmond, Oct 29, 2012
    #12

  13. Dadajmond Newcomer, in training Posts: 38

    Umm... Okay. I click repair computer but I cant choose operating system cause its not listed. Instead it tells me to insert the installation media for the device and click ok to select the driver. Which means I need to use My installation cd???? Or what?
    Dadajmond, Oct 29, 2012
    #13

  14. Dadajmond Newcomer, in training Posts: 38

    It also gives me an option to restore My computer using à system image that I created earlier.
    Dadajmond, Oct 29, 2012
    #14

  15. Broni Malware Annihilator Posts: 39,231   +175

    Let me ask the tool maker for an advice.
    Broni, Oct 29, 2012
    #15

  16. Broni Malware Annihilator Posts: 39,231   +175

    Did you create Win 7 DVD as described in my link or you're using some of your own repair disk?
    Broni, Oct 29, 2012
    #16

  17. Dadajmond Newcomer, in training Posts: 38

    I followed your instructions.
    Dadajmond, Oct 29, 2012
    #17

  18. Broni Malware Annihilator Posts: 39,231   +175

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
    Broni, Oct 29, 2012
    #18

  19. Dadajmond Newcomer, in training Posts: 38

    I Will do This and answer as fast as possible. Expect à few hours tho :) Thank you!
    Dadajmond, Oct 29, 2012
    #19

  20. Dadajmond Newcomer, in training Posts: 38

    So I finished the scans.

    Here are the results for the malwarebyte scan. I apologize that it is in swedish, hope you understand anyways???


    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Databasversion: v2012.10.29.12

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Kristina :: KRISTINA-PC [administratör]

    Skydd: Aktiverad

    2012-10-29 21:10:58
    mbam-log-2012-10-29 (21-10-58).txt

    Skanningstyp: Snabbskanning
    Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
    Inaktiverade skanningsalternativ: P2P
    Antal skannade objekt: 217495
    Förfluten tid: 3 minut(er), 19 sekund(er)

    Upptäckta minnesprocesser: 0
    (Inga skadliga poster hittades)

    Upptäckta minnesmoduler: 0
    (Inga skadliga poster hittades)

    Upptäckta registernycklar: 0
    (Inga skadliga poster hittades)

    Upptäckta registervärden: 0
    (Inga skadliga poster hittades)

    Upptäckta registerdataposter: 0
    (Inga skadliga poster hittades)

    Upptäckta mappar: 0
    (Inga skadliga poster hittades)

    Upptäckta filer: 3
    C:\Users\Kristina\Downloads\IZArcInstall.exe (PUP.BundleInstaller.BI) -> Sattes I karantän och togs bort.
    C:\Windows\Installer\{15265e7a-c324-1e76-a261-d8fd3cb2775c}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Sattes I karantän och togs bort.
    C:\Windows\Installer\{15265e7a-c324-1e76-a261-d8fd3cb2775c}\U\000000cb.@ (Rootkit.0Access) -> Sattes I karantän och togs bort.

    (klar)
    Dadajmond, Oct 29, 2012
    #20
Page 1 of 3

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.