Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32/PEPatch what should I do? [Closed]


  • This topic is locked This topic is locked

#1
Hexbolts

Hexbolts

    New Member

  • Member
  • Pip
  • 1 posts
I was playing around on the Internet when I really should be sleeping (doesn't it always happen at the worst times?!) when I was in a website I frequent a lot and I received an alert from AVG 2014 Resident Shield about a virus, Win32/PEPatch, and it asked me if I wanted AVG to protect me or ignore the threat; so I chose protect me of course. Now, I know this isn't over just yet so I looked on the Internet and apparently this is a pretty nasty virus and accordingly to a blog post (from four years ago) it's not as easy to deal with as just asking AVG to protect me. So what should I do now? I'm running a full scan on AVG right now (and so far it hasn't found anything) and I plan on running a scan on Malwarebytes after that, but I'm really scared of losing everything (as the blog post claims it does). Please help me.

I'm running Windows 7 Home Premium 64-bit. I haven't experienced any strange behavior from my computer. I don't know if I should attach anything just yet, but I attached a screen capture of the information I get from the vault on AVG in case that helps.

The scans are done now, AVG found nothing and Malwarebytes detected four threats but these were unrelated to Win32/PEPatch, they're 2 PUP.Optional.Installex and 2 PUP.Optional.OpenCandy; the first two and one of the opencandy are on AppData\Local\Temp so I'm assuming these are safe to remove? and the other one is daemon tools lite 4454-0316 which I don't really need, even if I've had it since 2012 and I've run many malwarebytes scans without having any problems with that file.

Should I assume my computer is safe or should I still run a OTL scan?

Attached Thumbnails

  • screencapture.png

Edited by Hexbolts, 31 October 2013 - 11:43 AM.

  • 0

Advertisements


#2
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Hi Hexbolts and welcome at GeekstoGo!

I'm crooleeck and I'll try to help you. But first please notice that I'm not limitless, I'm not familiar with all software, I don't know everything. However, it has taken me years to learn what I know. I would be glad to help you.

Fight against malware is NOT instantaneous, most infections require several courses of action to completely eradicate. It's also time-consuming, so be patient! We all like to know final result, so if you have since resolved the issues you were originally experiencing, or have received help elsewhere, please post.

Note:
  • Please watch this topic
  • Do exactly - step by step - what I wish for. Don't be afraid! If there's anything you don't understand, stop and ask!
  • Please don't run unsupervised tools or fix on your own without my direction - it can be dangerous
  • You must reply within 3 days or your topic will be closed

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

Step 1:
Posted ImageOTL
OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.

  • Download OTL to your desktop.
  • Double click on the OTL icon to run it.
    Posted Image
    Make sure all other windows are closed and to let it run uninterrupted.
  • Select: options:
    • All users.
    • 64-bit scan if appears.
    • Under Extra registry select Use SafeList
    • LOP Check
    • Purity Check
      Posted Image
  • Under the Custom Scan box paste this in:

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT

  • Click the Run scan button.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.
Posted Image

Step 2:
  • Download aswMBR to your desktop.
  • Double click the aswMBR.exe to run it.
  • Agreed to update.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP