Welcome Guest ( Log In | Register )

Bump Topic Add Reply RSS Feed

Outline · [ Standard ] · Linear+

Virus/Malware Virus /Rootkits Thread, Work In Progress

views
     
lclylee
post Mar 3 2010, 11:48 PM

New Member
*
Junior Member
29 posts

Joined: Jan 2010
Hey guys, i think i hacked by a virus n i cant file it to delete, my kaspersky 2010 cant detect it too. rclxub.gif

here is the location that it list:(virus name:patch.exe)
C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup


user posted image



here is the error that pop out :
user posted image


anybody can help me? hmm.gif

This post has been edited by lclylee: Mar 3 2010, 11:57 PM
lclylee
post Mar 4 2010, 03:55 PM

New Member
*
Junior Member
29 posts

Joined: Jan 2010
too long ..i try upload wif attachment.

Added on March 4, 2010, 4:05 pm
QUOTE(BlueWind @ Mar 4 2010, 02:08 PM)
I'll have a look in it.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.


*
thx for ur help wink.gif

This post has been edited by lclylee: Mar 4 2010, 04:05 PM
lclylee
post Mar 4 2010, 10:21 PM

New Member
*
Junior Member
29 posts

Joined: Jan 2010
QUOTE(BlueWind @ Mar 4 2010, 08:08 PM)
Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    CODE
    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Patch.exe ()

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

And hope it disappears.  smile.gif
*
THX a lot thumbup.gif
it's work!! i go chck my startup list ard, the "patch.exe" had been removed!!

here is the content showed after i reboot my comp:

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Patch.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lee
->Temp folder emptied: 55010813 bytes
->Temporary Internet Files folder emptied: 148601602 bytes
->FireFox cache emptied: 93575044 bytes
->Flash cache emptied: 52954 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14923333 bytes
RecycleBin emptied: 4511068980 bytes

Total Files Cleaned = 4,600.00 mb


OTL by OldTimer - Version 3.1.33.0 log created on 03042010_215016

Files\Folders moved on Reboot...
File\Folder C:\Users\Lee\AppData\Local\Temp\~DF1D29639413222689.TMP not found!
File\Folder C:\Users\Lee\AppData\Local\Temp\~DF403DA6E012C43398.TMP not found!
File\Folder C:\Users\Lee\AppData\Local\Temp\~DF44A3A56915BFAFA9.TMP not found!
File\Folder C:\Users\Lee\AppData\Local\Temp\~DF515314D054D257B9.TMP not found!
File\Folder C:\Users\Lee\AppData\Local\Temp\~DFC923FB8AA1599A6B.TMP not found!
File\Folder C:\Users\Lee\AppData\Local\Temp\~DFF38F1EAF11CF03C7.TMP not found!
C:\Users\Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OA0BDLL5\index[2].htm moved successfully.
C:\Users\Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LUIWZZKC\adframe[4].htm moved successfully.
C:\Users\Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IKUG2LAX\ads[1].htm moved successfully.
C:\Users\Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DYU1MEIW\ads[1].htm moved successfully.
C:\Users\Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...
lclylee
post Mar 7 2010, 01:39 AM

New Member
*
Junior Member
29 posts

Joined: Jan 2010
QUOTE(azam_halim @ Mar 6 2010, 11:58 PM)
i'm using kaspersky internet security. yesterday, it detected a file k1d.exe containing a trojan-gamethief.win32.magania.cxkx. kaspersky is updated, but it cant delete the trojan. can anyone help me to get rid of this trojan? kaspersky keep reporting about detecting the virus, trying to remove it and cant remove it, over and over and over..

btw, today i install avg free without uninstalling kaspersky. for about 2-3 hours, it seems fine coz kaspersky didnt report about the trojan. after that, it come out again...very annoying..pls help..
*
report the virus to kaspersky official website lo...den thy ll fix it asap.
« Next Oldest · Technical Support · Next Newest »
 

Add ReplyOptions
 

Change to:
| Lo-Fi Version
 0.0280sec    0.87    7 queries    GZIP Disabled
Time is now: 14th December 2025 - 12:16 PM
All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)
Removal Request
Powered by Invision Power Board © 2025  IPS, Inc.