[Pictousse]

Hello,
Yesterday my antivirus (Avira Free Antivirus) reported often that a file is a virus.

Dans le fichier 'C:\Windows\System32\services.exe'
un virus ou un programme indésirable 'W32/Patched.UA' [virus] a été détecté.
Action exécutée : Refuser l'accès

Which means, in the file 'C:\Windows\System32\services.exe' a virus or a malware 'W32/Patched.UA' [virus] has been detected.
Action taken : Access denied (I'm sorry my English is not good)


Let me start from the beginning, yesterday, I detected 3 trojans

Dans le fichier 'C:\Windows\Installer\{bb71f352-0047-ed19-c339-52f74ba618cf}\U\80000000.@'
un virus ou un programme indésirable 'TR/ATRAPS.Gen' [trojan] a été détecté.
Action exécutée : Refuser l'accès

Dans le fichier 'C:\Windows\Installer\{bb71f352-0047-ed19-c339-52f74ba618cf}\U\800000cb.@'
un virus ou un programme indésirable 'TR/ATRAPS.Gen2' [trojan] a été détecté.
Action exécutée : Refuser l'accès

Dans le fichier 'C:\Windows\Installer\{bb71f352-0047-ed19-c339-52f74ba618cf}\U\00000001.@'
un virus ou un programme indésirable 'TR/Small.FI' [trojan] a été détecté.
Action exécutée : Refuser l'accès

I managed to erase these 3 files manually, however after that, the services.exe started to be reported. I tried to find help on the internet.
But it seems that the only way is to use "powerful" software which could damage my computer. And I have no idea how to use these softwares.

What should I do?

Thank you very much,
Pictousse

[Advertisements]

Hello Pictousse and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them.
You get an advantage as you have 2 people examining your issue.

• Please read all of my response through at least once before attempting to follow the procedures described.
• Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
• Please follow the steps exactly as written, in the same order.
• If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
• This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
• Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

I would like you to download and run 2 programs for me, then I will work up a fix for your system.

Step 1
Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Program Files\Common Files\ComObjects\*.* /s
C:\windows\*. /RP /s
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs in your next response

Step 2
Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it


Click the [Scan] button to start scan


On completion of the scan click [Save log], save it to your desktop and post in your next reply

In your next reply I would like to see:

• OTL.txt log file
• Extras.txt log fil
• aswMBR log file

[Crowbar]

Hello Pictousse and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them.
You get an advantage as you have 2 people examining your issue.

• Please read all of my response through at least once before attempting to follow the procedures described.
• Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
• Please follow the steps exactly as written, in the same order.
• If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
• This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
• Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

I would like you to download and run 2 programs for me, then I will work up a fix for your system.

Step 1
Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Program Files\Common Files\ComObjects\*.* /s
C:\windows\*. /RP /s
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs in your next response

Step 2
Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it


Click the [Scan] button to start scan


On completion of the scan click [Save log], save it to your desktop and post in your next reply

In your next reply I would like to see:

• OTL.txt log file
• Extras.txt log fil
• aswMBR log file

[Pictousse]

Okay sorry for being late, it seems that the virus was worse than I thought, and I had to format everything.... I'm sorry about that, I barely managed to reinstall everything again ^^.

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.