Author Topic: explorer.exe and wininit.exe infected by Win32:Patched-RP[trj]  (Read 29801 times)

0 Members and 1 Guest are viewing this topic.

kricxjo

  • Guest
Re: explorer.exe and wininit.exe infected by Win32:Patched-RP[trj]
« Reply #15 on: September 18, 2010, 09:21:33 PM »
Is this CheckSum correct?
I used link from your post and got:

File details OTLPENet.exe
Bytes=127,313,619
MB=121
MD5=349c5ce9edf3818bb233db2f258536ad

I thought it is corrupted, but I downloaded it twice
and received exactly the same values.

I used TotalCommander 7.55 to calculate CheckSum


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: explorer.exe and wininit.exe infected by Win32:Patched-RP[trj]
« Reply #16 on: September 18, 2010, 09:24:35 PM »
I will recheck I believe OT has changed the programme somewhat over the last few days

The MD5 is good though so it is safe to create the boot CD

kricxjo

  • Guest
Re: explorer.exe and wininit.exe infected by Win32:Patched-RP[trj]
« Reply #17 on: September 18, 2010, 10:30:20 PM »
I did exactly as you described, but during "getting folder structure..."
there popped out dialogue box: Run out of memory.
Here are parameters of local HDD and RAM disc:
Label              Total Size        Free Space
RAMDisc(B:)          63.9  MB          59.5  MB
local disc(C:)      289    GB         177    GB
HP_RECOVERY(D:)       8.61 GB           2.87 GB

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: explorer.exe and wininit.exe infected by Win32:Patched-RP[trj]
« Reply #18 on: September 18, 2010, 11:08:50 PM »
How much RAM is there on the system ?

Could you reboot and try again please

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33928
  • malware fighter
Re: explorer.exe and wininit.exe infected by Win32:Patched-RP[trj]
« Reply #19 on: September 18, 2010, 11:41:19 PM »
Cześć, kricxjo,

This is an English forum only, we haven't got a Polish sub-section yet. What you could do is use Google translate, it works as a charm to translate English into Polish (roughly): http://translate.google.com/
Tutaj znajdziesz Polskie forum AVAST!- po polsku: http://forum.avast.pl/

pozdrawiam,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

kricxjo

  • Guest
Re: explorer.exe and wininit.exe infected by Win32:Patched-RP[trj]
« Reply #20 on: September 18, 2010, 11:54:09 PM »
O.K. I'm initialising Reatogo once again. I have 2GB RAM installed.
Is there any chance to change RAM disc size during start-up?

kricxjo

  • Guest
Re: explorer.exe and wininit.exe infected by Win32:Patched-RP[trj]
« Reply #21 on: September 19, 2010, 12:05:25 AM »
It's really nice to read "Cześć" :)
So far I didn't have much trouble to understand your posts
and I hope my English is also understandable?
Pozdrawiam

kricxjo

  • Guest
Re: explorer.exe and wininit.exe infected by Win32:Patched-RP[trj]
« Reply #22 on: September 19, 2010, 01:05:01 AM »
The same:" Run out of memory"
I'm really get tired for today. I'll write tomorrow if I managed to do this scan.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: explorer.exe and wininit.exe infected by Win32:Patched-RP[trj]
« Reply #23 on: September 19, 2010, 02:17:04 PM »
Updated MD5

OTLPENet.exe
Size - 127,313,619 bytes
MD5 - 349C5CE9EDF3818BB233DB2F258536AD

I have asked OT if he has any idea why this is happening.  I will post as soon as I get a reply

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: explorer.exe and wininit.exe infected by Win32:Patched-RP[trj]
« Reply #24 on: September 19, 2010, 05:20:59 PM »
OK had a chat with OT

I may be using a scan that is to large.  I have now whittled it down to the basics and attached it below 

kricxjo

  • Guest
Re: explorer.exe and wininit.exe infected by Win32:Patched-RP[trj]
« Reply #25 on: September 19, 2010, 06:14:02 PM »
Hello, Essexboy

I've just completed your scans.
It is a result of your previous scan instructions posted yesterday at 04:14:57 PM
It just needed more time to do it.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: explorer.exe and wininit.exe infected by Win32:Patched-RP[trj]
« Reply #26 on: September 19, 2010, 06:40:44 PM »
Could you re-run OTL please with the scan text that I uploaded today as I need to find the location of some spare copies of explorer, wininit etc. Once I have them I will re-locate them to the correct place  ;D

kricxjo

  • Guest
Re: explorer.exe and wininit.exe infected by Win32:Patched-RP[trj]
« Reply #27 on: September 19, 2010, 07:24:25 PM »
Here you are. This is from the updated file.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: explorer.exe and wininit.exe infected by Win32:Patched-RP[trj]
« Reply #28 on: September 19, 2010, 07:33:11 PM »
Hmm it is not scanning,

could you double click the custom scans and fixes area of OTL
then when the dialogue pops up browse to the scan.txt file you downloaded
select it and then press run scan 

kricxjo

  • Guest
Re: explorer.exe and wininit.exe infected by Win32:Patched-RP[trj]
« Reply #29 on: September 19, 2010, 08:02:36 PM »
out of memory :(