Virus: Win32/patched.dx

Hi everyone,
I have a lenovo ideapad s10 with windows XP. Yesterday, my computer was running very slow so I went to task manager and killed some of the processes( on hindsight, I should not have)..the problem started like this: I would google something and when I clicked on the link, it would always redirect me to some weird pages. I had the Avg free edition version 9.0.872 
So when I proceeded to scan my computer for infections, I got the pop up and this threat detection in the virus vault:

file name: c:\windows\system32\drivers\IPSec.sys
threat name: virus identified Win32/Patched.DX
Object type: file
sdk type: core
result: object is white-listed(critical/system file that should not be removed)

moreover, now I cannot connect to the Internet. Additionally, OneKeyRecovery feature does not work. When I press the button (with computer turned off) , it simply turns it on..without the recovery options..

Please help! 
Who is Participating?
phototropicConnect With a Mentor Commented:
"...Right now, I am in safe mode ..."  My suggestion was Safe Mode with Networking, assuming you are behind a router.

AVG 9.0 is an old version of AVG - the latest version is AVG 10.0.1170. When you get connected again, you should upgrade.

You will need to download the tools I suggested in my first post using another working computer. Save them to a flash drive, then run them on the infected pc.

Another tool which would help is Combofix:

This tool will not run if AVG is installed. But you need to update your AVG, so you could uninstall it prior to running Combofix.
When you save it to a flash drive, be sure to rename it. Under "File Name" type "cf.bat" (without the quotes), and then change "Save as Type" from "Application" to "All Files".

When Combofix has completed, please post the log here.  And then install AVG 2011:

This is AVG's downloader. If you are installing from a flash drive, you will need the full exe file:

Please post any scan logs here.

Right now here in the UK it is 1.00am. I will check in again in 8 hours time.

Good luck!!!

Muhammad Ahmad ImranDatabase DeveloperCommented:
spiroseAuthor Commented:
I cannot connect to the Internet- is the Trojan limiting my access to the Internet?
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Muhammad Ahmad ImranDatabase DeveloperCommented:
it could be...

i would say, do a boot scan with some anti virus (i use avast, that' pretty good boot scan)

or attach this hard drive to some other pc and scan through windows
Try booting to Safe Mode with Networking, and then try to connect.

If you can, I would suggest a scan with Hitman Pro:

and TDSSKiller:

Then try to connect in normal mode. If you can, try an online scan with Eset:

Post the scan log here.
as said before try do a boot scan with AV rescue CD, have  look @ Bootable antivirus Rescue CD

Bootable antivirus Rescue CD method consider as the most effective way to remove the virus, trojan and malware because it track down some viruses, trojans and other malware are embedded so tightly into your operating system that when you boot Windows the normal way.
spiroseAuthor Commented:
Thanks for the suggestions. Right now, I am in safe mode but I was still not able to access the Internet. I am using avg(as I had already installed it in my pc) 9.0 anti-virus command line scanner. How do I go on the links provided by some of you if I even can't connect to the Internet..
P.s I have a netbook hence no cd drive
spiroseAuthor Commented:
Here is the gist of the log file avgrep.txt
(please bear with me as I am typing this via my phone)

AVG 9.0 Anti-Virus command line scanner
Copyright (c) 1992 - 2010 AVG Technologies
Program version 9.0.870, engine 9.0.871
Virus Database: Version 271.1.1/3287 2010-11-29

C:\Windows\system32\drivers\IPSec.sys virus identified Win32/Patched.DX
C:\Documents and Settings\MainUser\Local Settings\Temp\F1.tmp Trojan horse Agent2.BLQU object was moved to virus vault.
C:\Documents and Settings\MainUser\Local Settings\Temporary Internet Files\Content.IE5\7J4VK8EH\sun[1].db Trojan horse Generic19.ADXU  object was moved to virus vault.

Objects scanned: 228420
Found infections: 3
Found PUPS: 0
Healed infections: 2
Healed PUPS: 0
Warnings: 0

Paul SauvéRetiredCommented:
Just out of curiosity, if you cannot access the Internet, how have you managed to get your questions posted? Another computer? ;-)

I am assuming that you must have limited Internet access, so you can go to HijackThis (or on a friend's computer) & download the application. Then install it on your laptop and run it. Copy the resulting log file & post it. Perhaps we can give you some guidance. Also, you can download & install some of the other suggested solutions, but most AVs' apps virus definitions are not up to date when you do a fresh install...


Sudeep SharmaTechnical DesignerCommented:
I would recommend running sfc /scannow on command prompt.

Just make sure you have the Windows Media CD ready with you before you hit that command. That would replace/add any corrupted files/missing files on your system.

Mustafa L. McLinnSystems Engineer/Systems AdministratorCommented:

I've seen this before some trojens and bots will change your proxy settings to make you think you can't get to the internet.

1.Open Internet Explorer, click "Tools" and then click "Internet Options."

2.Click the "Connections" tab and then click on "LAN Settings."

3.Uncheck the box marked "Use a proxy server for this connection" and then hit the "OK" button. The changes you made will be immediately applied and IE will no longer use a proxy server to connect to the Internet.

... what some trojens do is set the proxy to  which is a loopback to the same machine.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.