My Windows\System32\services Is Infected Win64/patched.a

Solved
By sr51463
Nov 8, 2012
Topic Status:
Not open for further replies.
  1. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Post log when ready.

    However, let me get this straight... is it scorecardsearch.com (bad site) or scorecardresearch.com (good site)?
  2. sr51463

    sr51463 Newcomer, in training Topic Starter Posts: 55

    It says scorecardresearch.
  3. sr51463

    sr51463 Newcomer, in training Topic Starter Posts: 55

    Here is my ESET log.

    C:\Users\KIyle\Downloads\backups\backup-20121108-035224-298.dll a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
    C:\Users\KIyle\Downloads\backups\backup-20121108-035224-761.dll a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Great. No problem!

    If it all appears to be good, we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete
    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    NOTE: If you already have this installed, you don't have to reinstall it.

    Please download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    • Double-click the CCleaner shortcut on the desktop to start the program.
    • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
    • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
    • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).
    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  5. sr51463

    sr51463 Newcomer, in training Topic Starter Posts: 55

    It seems that my Disk Cleanup does not have a More Options tab. I cannot find the Restore and Shadow backups on the Disk Cleanup. What should I do?
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    In CCleaner, which is one of the next steps, go to the Tools tab > System Restore. Highlight any listed, and select Remove. :)
  7. sr51463

    sr51463 Newcomer, in training Topic Starter Posts: 55

    Ha ha, I already have that program on my computer as a matter of fact. Ok, I deleted the restore points. Now I'm going to run OTC.
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OKay. Let me know how it all goes.
  9. sr51463

    sr51463 Newcomer, in training Topic Starter Posts: 55

    I'm currently on the security check stage.
  10. sr51463

    sr51463 Newcomer, in training Topic Starter Posts: 55

    Results of screen317's Security Check version 0.99.54
    Windows 7 x64 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    CCleaner
    Java(TM) 6 Update 35
    Java version out of Date!
    Adobe Flash Player 11.4.402.287
    Adobe Reader X (10.1.4)
    Mozilla Firefox (16.0.2)
    Google Chrome 23.0.1271.64
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes' Anti-Malware mbamscheduler.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 7%
    ````````````````````End of Log``````````````````````
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Update your Service Pack: http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1

    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Read more about "FAQ: How did Sirefef or ZeroAccess Infect You?"

    Any other questions before I mark this topic solved?
  12. sr51463

    sr51463 Newcomer, in training Topic Starter Posts: 55

    Okay, I updated everything and I have no further questions. Thanks for helping me get this virus off of my computer.
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome. Topic marked. :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.