Solved

Virus: Win32/patched.dx

Posted on 2010-11-30
11
1,012 Views
Last Modified: 2013-12-06
Hi everyone,
I have a lenovo ideapad s10 with windows XP. Yesterday, my computer was running very slow so I went to task manager and killed some of the processes( on hindsight, I should not have)..the problem started like this: I would google something and when I clicked on the link, it would always redirect me to some weird pages. I had the Avg free edition version 9.0.872 
So when I proceeded to scan my computer for infections, I got the pop up and this threat detection in the virus vault:

file name: c:\windows\system32\drivers\IPSec.sys
threat name: virus identified Win32/Patched.DX
Object type: file
sdk type: core
result: object is white-listed(critical/system file that should not be removed)

moreover, now I cannot connect to the Internet. Additionally, OneKeyRecovery feature does not work. When I press the button (with computer turned off) , it simply turns it on..without the recovery options..

Please help! 
0
Comment
Question by:spirose
  • 3
  • 2
  • 2
  • +4
11 Comments
 
LVL 14

Expert Comment

by:leoahmad
ID: 34241047
0
 

Author Comment

by:spirose
ID: 34241229
I cannot connect to the Internet- is the Trojan limiting my access to the Internet?
0
 
LVL 14

Expert Comment

by:leoahmad
ID: 34241249
it could be...

i would say, do a boot scan with some anti virus (i use avast, that' pretty good boot scan)

or attach this hard drive to some other pc and scan through windows
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 23

Expert Comment

by:phototropic
ID: 34241418
Try booting to Safe Mode with Networking, and then try to connect.

If you can, I would suggest a scan with Hitman Pro:

http://www.surfright.nl/en/hitmanpro

and TDSSKiller:

http://support.kaspersky.com/viruses/solutions?qid=208280684

Then try to connect in normal mode. If you can, try an online scan with Eset:

http://www.eset.com/online-scanner/run

Post the scan log here.
0
 
LVL 25

Expert Comment

by:madunix
ID: 34241509
as said before try do a boot scan with AV rescue CD, have  look @ Bootable antivirus Rescue CD
http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

Bootable antivirus Rescue CD method consider as the most effective way to remove the virus, trojan and malware because it track down some viruses, trojans and other malware are embedded so tightly into your operating system that when you boot Windows the normal way.
0
 

Author Comment

by:spirose
ID: 34242304
Thanks for the suggestions. Right now, I am in safe mode but I was still not able to access the Internet. I am using avg(as I had already installed it in my pc) 9.0 anti-virus command line scanner. How do I go on the links provided by some of you if I even can't connect to the Internet..
P.s I have a netbook hence no cd drive
0
 

Author Comment

by:spirose
ID: 34242779
Here is the gist of the log file avgrep.txt
(please bear with me as I am typing this via my phone)

AVG 9.0 Anti-Virus command line scanner
Copyright (c) 1992 - 2010 AVG Technologies
Program version 9.0.870, engine 9.0.871
Virus Database: Version 271.1.1/3287 2010-11-29

....
C:\Windows\system32\drivers\IPSec.sys virus identified Win32/Patched.DX
....
C:\Documents and Settings\MainUser\Local Settings\Temp\F1.tmp Trojan horse Agent2.BLQU object was moved to virus vault.
C:\Documents and Settings\MainUser\Local Settings\Temporary Internet Files\Content.IE5\7J4VK8EH\sun[1].db Trojan horse Generic19.ADXU  object was moved to virus vault.
....
----------------------------------------------------------------------------------------------------

Objects scanned: 228420
Found infections: 3
Found PUPS: 0
Healed infections: 2
Healed PUPS: 0
Warnings: 0
-----------------------------------------------------------------------------------------------------



0
 
LVL 23

Accepted Solution

by:
phototropic earned 500 total points
ID: 34244395
"...Right now, I am in safe mode ..."  My suggestion was Safe Mode with Networking, assuming you are behind a router.

AVG 9.0 is an old version of AVG - the latest version is AVG 10.0.1170. When you get connected again, you should upgrade.

You will need to download the tools I suggested in my first post using another working computer. Save them to a flash drive, then run them on the infected pc.

Another tool which would help is Combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This tool will not run if AVG is installed. But you need to update your AVG, so you could uninstall it prior to running Combofix.
When you save it to a flash drive, be sure to rename it. Under "File Name" type "cf.bat" (without the quotes), and then change "Save as Type" from "Application" to "All Files".

When Combofix has completed, please post the log here.  And then install AVG 2011:

http://free.avg.com/gb-en/226187

This is AVG's downloader. If you are installing from a flash drive, you will need the full exe file:

 http://www.filehippo.com/download_avg_antivirus_32/

Please post any scan logs here.

Right now here in the UK it is 1.00am. I will check in again in 8 hours time.

Good luck!!!

0
 
LVL 32

Expert Comment

by:Paul Sauvé
ID: 34244579
Just out of curiosity, if you cannot access the Internet, how have you managed to get your questions posted? Another computer? ;-)

I am assuming that you must have limited Internet access, so you can go to HijackThis (or on a friend's computer) & download the application. Then install it on your laptop and run it. Copy the resulting log file & post it. Perhaps we can give you some guidance. Also, you can download & install some of the other suggested solutions, but most AVs' apps virus definitions are not up to date when you do a fresh install...

GL

PaulS
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 34250601
I would recommend running sfc /scannow on command prompt.

Just make sure you have the Windows Media CD ready with you before you hit that command. That would replace/add any corrupted files/missing files on your system.

Sudeep
0
 
LVL 5

Expert Comment

by:Moose Mclinn
ID: 34251770


I've seen this before some trojens and bots will change your proxy settings to make you think you can't get to the internet.


1.Open Internet Explorer, click "Tools" and then click "Internet Options."

2.Click the "Connections" tab and then click on "LAN Settings."

3.Uncheck the box marked "Use a proxy server for this connection" and then hit the "OK" button. The changes you made will be immediately applied and IE will no longer use a proxy server to connect to the Internet.

... what some trojens do is set the proxy to 127.0.0.1  which is a loopback to the same machine.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How scan virus from software download from internet? 11 58
Local Drive Access Denied 5 102
Has my website been infiltrated? 21 69
Antivirus - Webroot vs Symantec? 6 184
In every aspect, security is essential for your business, and for that matter you need to always keep an eye on it. The same can be said about your computer network system too. Your computer network is prone to various malware and security threats t…
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question