[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Virus: Win32/patched.dx

Posted on 2010-11-30
Medium Priority
Last Modified: 2013-12-06
Hi everyone,
I have a lenovo ideapad s10 with windows XP. Yesterday, my computer was running very slow so I went to task manager and killed some of the processes( on hindsight, I should not have)..the problem started like this: I would google something and when I clicked on the link, it would always redirect me to some weird pages. I had the Avg free edition version 9.0.872 
So when I proceeded to scan my computer for infections, I got the pop up and this threat detection in the virus vault:

file name: c:\windows\system32\drivers\IPSec.sys
threat name: virus identified Win32/Patched.DX
Object type: file
sdk type: core
result: object is white-listed(critical/system file that should not be removed)

moreover, now I cannot connect to the Internet. Additionally, OneKeyRecovery feature does not work. When I press the button (with computer turned off) , it simply turns it on..without the recovery options..

Please help! 
Question by:spirose
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +4
LVL 14

Expert Comment

by:Muhammad Ahmad Imran
ID: 34241047

Author Comment

ID: 34241229
I cannot connect to the Internet- is the Trojan limiting my access to the Internet?
LVL 14

Expert Comment

by:Muhammad Ahmad Imran
ID: 34241249
it could be...

i would say, do a boot scan with some anti virus (i use avast, that' pretty good boot scan)

or attach this hard drive to some other pc and scan through windows
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

LVL 23

Expert Comment

ID: 34241418
Try booting to Safe Mode with Networking, and then try to connect.

If you can, I would suggest a scan with Hitman Pro:


and TDSSKiller:


Then try to connect in normal mode. If you can, try an online scan with Eset:


Post the scan log here.
LVL 25

Expert Comment

ID: 34241509
as said before try do a boot scan with AV rescue CD, have  look @ Bootable antivirus Rescue CD

Bootable antivirus Rescue CD method consider as the most effective way to remove the virus, trojan and malware because it track down some viruses, trojans and other malware are embedded so tightly into your operating system that when you boot Windows the normal way.

Author Comment

ID: 34242304
Thanks for the suggestions. Right now, I am in safe mode but I was still not able to access the Internet. I am using avg(as I had already installed it in my pc) 9.0 anti-virus command line scanner. How do I go on the links provided by some of you if I even can't connect to the Internet..
P.s I have a netbook hence no cd drive

Author Comment

ID: 34242779
Here is the gist of the log file avgrep.txt
(please bear with me as I am typing this via my phone)

AVG 9.0 Anti-Virus command line scanner
Copyright (c) 1992 - 2010 AVG Technologies
Program version 9.0.870, engine 9.0.871
Virus Database: Version 271.1.1/3287 2010-11-29

C:\Windows\system32\drivers\IPSec.sys virus identified Win32/Patched.DX
C:\Documents and Settings\MainUser\Local Settings\Temp\F1.tmp Trojan horse Agent2.BLQU object was moved to virus vault.
C:\Documents and Settings\MainUser\Local Settings\Temporary Internet Files\Content.IE5\7J4VK8EH\sun[1].db Trojan horse Generic19.ADXU  object was moved to virus vault.

Objects scanned: 228420
Found infections: 3
Found PUPS: 0
Healed infections: 2
Healed PUPS: 0
Warnings: 0

LVL 23

Accepted Solution

phototropic earned 2000 total points
ID: 34244395
"...Right now, I am in safe mode ..."  My suggestion was Safe Mode with Networking, assuming you are behind a router.

AVG 9.0 is an old version of AVG - the latest version is AVG 10.0.1170. When you get connected again, you should upgrade.

You will need to download the tools I suggested in my first post using another working computer. Save them to a flash drive, then run them on the infected pc.

Another tool which would help is Combofix:


This tool will not run if AVG is installed. But you need to update your AVG, so you could uninstall it prior to running Combofix.
When you save it to a flash drive, be sure to rename it. Under "File Name" type "cf.bat" (without the quotes), and then change "Save as Type" from "Application" to "All Files".

When Combofix has completed, please post the log here.  And then install AVG 2011:


This is AVG's downloader. If you are installing from a flash drive, you will need the full exe file:


Please post any scan logs here.

Right now here in the UK it is 1.00am. I will check in again in 8 hours time.

Good luck!!!

LVL 33

Expert Comment

by:Paul Sauvé
ID: 34244579
Just out of curiosity, if you cannot access the Internet, how have you managed to get your questions posted? Another computer? ;-)

I am assuming that you must have limited Internet access, so you can go to HijackThis (or on a friend's computer) & download the application. Then install it on your laptop and run it. Copy the resulting log file & post it. Perhaps we can give you some guidance. Also, you can download & install some of the other suggested solutions, but most AVs' apps virus definitions are not up to date when you do a fresh install...


LVL 30

Expert Comment

by:Sudeep Sharma
ID: 34250601
I would recommend running sfc /scannow on command prompt.

Just make sure you have the Windows Media CD ready with you before you hit that command. That would replace/add any corrupted files/missing files on your system.


Expert Comment

by:Mustafa L. McLinn
ID: 34251770

I've seen this before some trojens and bots will change your proxy settings to make you think you can't get to the internet.

1.Open Internet Explorer, click "Tools" and then click "Internet Options."

2.Click the "Connections" tab and then click on "LAN Settings."

3.Uncheck the box marked "Use a proxy server for this connection" and then hit the "OK" button. The changes you made will be immediately applied and IE will no longer use a proxy server to connect to the Internet.

... what some trojens do is set the proxy to  which is a loopback to the same machine.

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question