Author Topic: WORM VIRUS WIN32:SYSPATCH  (Read 56472 times)

0 Members and 1 Guest are viewing this topic.

CHENAN

  • Guest
Re: WORM VIRUS WIN32:SYSPATCH
« Reply #15 on: December 23, 2008, 03:12:08 PM »
im sorry it took me long time to reply...
i tried to copy to other file and erplace and it didn't work.
i don't realy understood what to do because i don't speak very good english so someone can explain me that i will understand?
i need to download a softwere that will copy the file and another softwere to back up this file?
maybe someone else need to do this job someond proffesional because its something important?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: WORM VIRUS WIN32:SYSPATCH
« Reply #16 on: December 23, 2008, 03:31:25 PM »
i need to download a softwere that will copy the file and another softwere to back up this file?
One tool is for allowing you to change (copy and overwrite) the infected user32.dll file with a clean one that come with your Windows CD.
Other tool is to backup the registry (and recover it later if necessary).

maybe someone else need to do this job someond proffesional because its something important?
For sure Polonus instructions can do so. A professional guy won't be bad. This is a critical Windows file.
The best things in life are free.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: WORM VIRUS WIN32:SYSPATCH
« Reply #17 on: December 23, 2008, 03:37:39 PM »
Hi Chenan,

What are the other languages you communicate in? There you might find the removal information.
We are an English speaking forum, but for a lot of languages you can find a Google translation service.
Or go to a virus forum that is in your language. (below the automatic translation)

מהן שפות אחרות אתה מתקשר ב? שם תוכל למצוא מידע על ההסרה.
אנחנו מדברים אנגלית של הפורום, אבל עבור הרבה שפות ניתן למצוא שירות Google התרגום.
או ללכת וירוס בפורום זה בשפה שלך:

שלום

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: WORM VIRUS WIN32:SYSPATCH
« Reply #18 on: December 23, 2008, 03:41:30 PM »
Hi Maxx_original,

I wrote that here: %System%\[RANDOM FILE NAME]
That is what you meant, isn't it. Therefore it is a nasty virus, I say.
He can find the name looking it up in the registry,

Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

husker010

  • Guest
Re: WORM VIRUS WIN32:SYSPATCH
« Reply #19 on: December 23, 2008, 03:57:15 PM »
This is my 2nd attempt to post. The first time my system restarted in the middle of me typing.

I am having the same problem as the first poster. I am pretty new to this type of stuff as I usually let the antivirus software do all the work. Unfortunately that isn't working in this case. Can you tell me in pretty easy to understand terms what my options are. Thanks...

wing06

  • Guest
Re: WORM VIRUS WIN32:SYSPATCH
« Reply #20 on: December 23, 2008, 04:31:41 PM »
I just got his win32:syspatch[wrm] system32/user32.dll yesterday.  Avast doesn't seem able to clean system of it. 
1. Is there a way to rid the system of it??
2. Is it too late to get clean file backups?

Help is very appreciated.
Thanks
Z

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: WORM VIRUS WIN32:SYSPATCH
« Reply #21 on: December 23, 2008, 06:34:51 PM »
2. Is it too late to get clean file backups?
Yes, it seems so...
Do you have Windows CD/DVD?
The best things in life are free.

lillyvalley

  • Guest
Re: WORM VIRUS WIN32:SYSPATCH
« Reply #22 on: December 23, 2008, 07:06:04 PM »
Ok. I got this virus too. Unfortunately, I am fairly ignorant about how to cleanse the machine of viruses and worms. My machine is 5 years old. Is this a new worm that Avast had no knowledge of?

TJBill

  • Guest
Re: WORM VIRUS WIN32:SYSPATCH
« Reply #23 on: December 23, 2008, 07:25:10 PM »
Has anyone successfully removed this thing yet?

Ren1282

  • Guest
Re: WORM VIRUS WIN32:SYSPATCH
« Reply #24 on: December 23, 2008, 07:41:04 PM »
My system is having the same problem. I am also pretty clue less when it comes to this kind of stuff. Here is the message I'm getting:

File name: C:\WINDOWS\SYSTEM32\USER32.DLL
Malware name: Win32:SysPatch [Wrm]
Maleware type: Virus/Worm
VPS version: 081222-0, 12/22/2008

The only thing it will let me do is "Repair" but that never takes it away - it's always there again when I start up. Is there a simple solution to this problem?

Also, I have another question... I thought that the purpose of antivirus software was to prevent the machine from getting viruses in the first place? How does something like this end up on the computer if you have the antivirus software?

lillyvalley

  • Guest
Re: WORM VIRUS WIN32:SYSPATCH
« Reply #25 on: December 23, 2008, 07:53:41 PM »
It won't let me move to chest, repair, or delete. It is there and I keep getting the warnings no matter what I do.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: WORM VIRUS WIN32:SYSPATCH
« Reply #26 on: December 23, 2008, 07:54:43 PM »
Also, I have another question... I thought that the purpose of antivirus software was to prevent the machine from getting viruses in the first place? How does something like this end up on the computer if you have the antivirus software?
This infection passed through avast... not a software is perfect. Sorry. This could have happened with other antivirus too.
You need to follow Polonus' advices above.
The best things in life are free.

Ren1282

  • Guest
Re: WORM VIRUS WIN32:SYSPATCH
« Reply #27 on: December 23, 2008, 08:19:42 PM »
Polonus said: "To cleanse one should make a copy of the registry first, in case something should go wrong,Disable temporarily system restore and cleanse running SafeMode, then re-enable system restore and normal mode when the malware has left your computer, you can first try a full scan with DrWeb's CureIt"

Like I said, I'm pretty clueless... what is the registry? how do I make a copy of it? How do i disable system restore? How do I cleanse in safemode? How do i know when malware has left my computer? \

Any help with dumbing down the process would be great! Thanks!


wing06

  • Guest
Re: WORM VIRUS WIN32:SYSPATCH
« Reply #28 on: December 23, 2008, 08:27:12 PM »
Tech -
1. u don't think i can backup my data files safely? Not even as a non-system disk??
2. Yes, i do have the ms xp-pro cd
3. What steps do u suggest or is there a cleanup pgm ?
4. Who the f--- is coding this s--- up??  R any of them getting caught and nuetered?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: WORM VIRUS WIN32:SYSPATCH
« Reply #29 on: December 23, 2008, 08:27:44 PM »
The problem is that this is an essential system file that even in safe mode is required by windows and is running, would subsequently be protected by the OS because it is in use. Strange that the same OS protection didn't stop its infection as it is still in use.

So the repair/replacement of this file has to happen outside of windows so that it isn't in use. This is where it gets complicated for a user with limited computer experience.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security