[Resolved] Virus win32/patched, explorer.exe and winlogon.exe infected!

[alpha19862]

Hi,

New to forum, seen this problem effected a few people, using AVG Internet Security, Keeping getting pop up saying Threat Detected, by Resident Shield, Have followed guide from here - http://forum.avast.com/index.php?topic=53253.0

I ran MBAM and OTL , logs attached, i got infected earlier tonight, i havnt a clue how it got on my computer, i'm running windows XP sp2, if i cant fix this, i will likely have to buy a new O/s.

Right, Installed Avast to see if that would help, it finds the viruses, but like AVG cant repair or delete them, they are system files after all, decided to buy windows 7 OEM, renamed and deleted the files, computer wont start now, thought i could fix it by copying files from my laptop vista, must say microsoft should make sure system files cant get infected at the very least.

Thanks for your time, wont be needing the help after all, my desktop can get some well deserved rest whilst i wait for my software to arrive, lol

[SafeSurf]

Hello alpha19862 and welcome to the forum.  There may be a way to save your machine:

Download the free Dr. Web Cure It! in SAFE MODE to your desktop to scan for Winlogon and Explorer infections. 

Download Dr Web Cure It! from here: http://www.freedrweb.com/?lng=en on the top right of the page, tick the EULA and then download.
 
It will download as an 8-digit file save it to your desktop.
Restart in Safe Mode and run.
Accept the enhanced version.
Then run the Quick Scan.
About halfway through you will be prompted to buy - just “X” the box closed.
Once finished, it will generate a log please attach that to your next post.

How Do I Use Dr.Web CureIt!?  http://www.freedrweb.com/cureit/how_it_works/

Download Dr.Web CureIt! and launch the utility in SAFE MODE. A notification will inform you that the utility is running in the enhanced protection mode allowing it to operate even if malicious programs block access to the Windows interface.  In the enhanced protection mode Dr.Web CureIt! is run on a protected desktop where no other application can be launched.  In order to continue working in the enhanced protection mode choose OK or click Cancel to switch to the standard mode.

Click the “Start” button in the anti-virus window. Select “Yes” in the confirmation dialogue, and wait while Dr.Web CureIt! scans system memory and autorun objects. If you need to scan all or selected disks, choose between “Full Scan” or “Custom Scan” (if you choose “Custom Scan,” you need to select the objects you want to scan), and click on the "Start" button.

Dr.Web CureIt! will cure infected files and place incurable files in quarantine. When the scanning is finished, you can view the report and perform desired actions with quarantined files.

Once the scanning is completed, simply remove the Dr.Web CureIt! file from your computer (put it in your recycle bin). 

If you need to perform another system scan using updated definitions, you will need to download Dr.Web CureIt! again.

Also, using older software, like SP2 instead of SP3 presents a huge security hole and may have contributed to getting malware.  A good site to keeping software up to date is the free Secunia Software Inspector http://secunia.com/vulnerability_scanning/personal/ which gives you the vendor's direct download to patches/fixes if needed.

Please let me know if you would like me to proceed with malware removal or not.   If not and you feel that your issue is resolved, then please go back to the first open post in this topic, click the modify button in that Post and change the title/subject, add [Resolved] to the beginning of the title so this thread can be closed.  Thank you.

[alpha19862]

I've found my Xp install disc and re-installed in on another drive, i've copyied over the files that were infected and deleted the old ones, old os installation loads up, but still messing with it, doing a few scans, decided to upgrade to Windows 7, purchased it last nite.

I'd like to say my program is solved, but to be honest, i'd like to know how my computer got infected in the first place, any idea based on my previous logs?

Finished my scans, problem Resolved, seems its causing alot of problems for alot of people, i just want to know where i got the damn virus, probably cause i'm still using SP2 like you said.

[Omid Farhang]

Hi alpha19862, Welcome to forum!

......decided to upgrade to Windows 7, purchased it last nite.

Did you a clean install or upgrade?

Well, for getting infected, your old weak antivirus could not block malware which might come from an infected USB drive, Web or...

Next time, when you had similar problem, Don't give-up quickly, come here and let our expert members help you!

Always have a Bootable Antivirus Disc (RescueCD) to use in such case, e.g. for the problem you had, you could use it too boot your computer, scan and remove malwares (Explorer.exe too) and then repiar your windows using your Installation disc (using 'sfc /scannow' command in command prompt).

Good Luck and Stay safe!

[alpha19862]

Did you a clean install or upgrade?

Well, for getting infected, your old weak antivirus could not block malware which might come from an infected USB drive, Web or...

Not installed yet, windows 7 that is, it will be a clean install though, didnt want to give up as such, managed to fix it now though, lol but gona install windows 7 anyway, keep getting virues on my XP, as for the old weak antivirus, i've got the newest AVG internet Security, is that not good enough?

I have a free version of avast running now too, and Spy bot tea timer, but if theirs anything else i should have installed please let me know.

[Omid Farhang]

Not installed yet, windows 7 that is, it will be a clean install though, didnt want to give up as such, managed to fix it now though, lol but gona install windows 7 anyway, keep getting virues on my XP, as for the old weak antivirus, i've got the newest AVG internet Security, is that not good enough?

I have a free version of avast running now too, and Spy bot tea timer, but if theirs anything else i should have installed please let me know.

If you want my opinion, as far I am playing with many different vendors, I say AVG is a very weak antivirus with almost a dirty marketing to sell their products.

Also, SpyBot S&D is not powerful enough to take care of your computer for new malwares, I say use avast! free version (and if you can afford that, buy Internet Security) and use Malwarebytes Antimalware for Antispyware beside your real-time protection (avast).

[YoKenny]

If you want my opinion, as far I am playing with many different vendors, I say AVG is a very weak antivirus with almost a dirty marketing to sell their products.

Also, SpyBot S&D is not powerful enough to take care of your computer for new malwares, I say use avast! free version (and if you can afford that, buy Internet Security) and use Malwarebytes Antimalware for Antispyware beside your real-time protection (avast).

I agree with Omid.

AVG is weak and its Forum advice is atrocious which is one of the reasons I left AVG.

Also SpyBot S&D is nowhere near as good as MalwareMytes AntiMalware (MBAM)

I did a Clean install of Windows 7 64-bit for my system and now it works absolutly great.  

Top 10 reasons to buy Windows 7
http://www.microsoft.com/windows/windows-7/compare/top-ten-reasons.aspx

[RejZoR]

If i remember correctly, avast! 5 is suppose to be able to fix Patched system executables.

[alpha19862]

Yeah finished my clean install of Windows 7, working ok, but must say its weak against websites storing temp files in Users\appdata\local\temp, AVG picks them up, and Malwarebytes picks them up and gets rid of them, installed system mechanic to help with the registry side.

Will have to look into Avast then once my subcription for AVG runs out.

and yes the support for avast has been great!

Thanks guys for the advice and see you around soon =)