?
Solved

Virus: Win32/patched.dx

Posted on 2010-11-30
11
Medium Priority
?
1,048 Views
Last Modified: 2013-12-06
Hi everyone,
I have a lenovo ideapad s10 with windows XP. Yesterday, my computer was running very slow so I went to task manager and killed some of the processes( on hindsight, I should not have)..the problem started like this: I would google something and when I clicked on the link, it would always redirect me to some weird pages. I had the Avg free edition version 9.0.872 
So when I proceeded to scan my computer for infections, I got the pop up and this threat detection in the virus vault:

file name: c:\windows\system32\drivers\IPSec.sys
threat name: virus identified Win32/Patched.DX
Object type: file
sdk type: core
result: object is white-listed(critical/system file that should not be removed)

moreover, now I cannot connect to the Internet. Additionally, OneKeyRecovery feature does not work. When I press the button (with computer turned off) , it simply turns it on..without the recovery options..

Please help! 
0
Comment
Question by:spirose
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +4
11 Comments
 
LVL 14

Expert Comment

by:leoahmad
ID: 34241047
0
 

Author Comment

by:spirose
ID: 34241229
I cannot connect to the Internet- is the Trojan limiting my access to the Internet?
0
 
LVL 14

Expert Comment

by:leoahmad
ID: 34241249
it could be...

i would say, do a boot scan with some anti virus (i use avast, that' pretty good boot scan)

or attach this hard drive to some other pc and scan through windows
0
WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

 
LVL 23

Expert Comment

by:phototropic
ID: 34241418
Try booting to Safe Mode with Networking, and then try to connect.

If you can, I would suggest a scan with Hitman Pro:

http://www.surfright.nl/en/hitmanpro

and TDSSKiller:

http://support.kaspersky.com/viruses/solutions?qid=208280684

Then try to connect in normal mode. If you can, try an online scan with Eset:

http://www.eset.com/online-scanner/run

Post the scan log here.
0
 
LVL 25

Expert Comment

by:madunix
ID: 34241509
as said before try do a boot scan with AV rescue CD, have  look @ Bootable antivirus Rescue CD
http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

Bootable antivirus Rescue CD method consider as the most effective way to remove the virus, trojan and malware because it track down some viruses, trojans and other malware are embedded so tightly into your operating system that when you boot Windows the normal way.
0
 

Author Comment

by:spirose
ID: 34242304
Thanks for the suggestions. Right now, I am in safe mode but I was still not able to access the Internet. I am using avg(as I had already installed it in my pc) 9.0 anti-virus command line scanner. How do I go on the links provided by some of you if I even can't connect to the Internet..
P.s I have a netbook hence no cd drive
0
 

Author Comment

by:spirose
ID: 34242779
Here is the gist of the log file avgrep.txt
(please bear with me as I am typing this via my phone)

AVG 9.0 Anti-Virus command line scanner
Copyright (c) 1992 - 2010 AVG Technologies
Program version 9.0.870, engine 9.0.871
Virus Database: Version 271.1.1/3287 2010-11-29

....
C:\Windows\system32\drivers\IPSec.sys virus identified Win32/Patched.DX
....
C:\Documents and Settings\MainUser\Local Settings\Temp\F1.tmp Trojan horse Agent2.BLQU object was moved to virus vault.
C:\Documents and Settings\MainUser\Local Settings\Temporary Internet Files\Content.IE5\7J4VK8EH\sun[1].db Trojan horse Generic19.ADXU  object was moved to virus vault.
....
----------------------------------------------------------------------------------------------------

Objects scanned: 228420
Found infections: 3
Found PUPS: 0
Healed infections: 2
Healed PUPS: 0
Warnings: 0
-----------------------------------------------------------------------------------------------------



0
 
LVL 23

Accepted Solution

by:
phototropic earned 2000 total points
ID: 34244395
"...Right now, I am in safe mode ..."  My suggestion was Safe Mode with Networking, assuming you are behind a router.

AVG 9.0 is an old version of AVG - the latest version is AVG 10.0.1170. When you get connected again, you should upgrade.

You will need to download the tools I suggested in my first post using another working computer. Save them to a flash drive, then run them on the infected pc.

Another tool which would help is Combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This tool will not run if AVG is installed. But you need to update your AVG, so you could uninstall it prior to running Combofix.
When you save it to a flash drive, be sure to rename it. Under "File Name" type "cf.bat" (without the quotes), and then change "Save as Type" from "Application" to "All Files".

When Combofix has completed, please post the log here.  And then install AVG 2011:

http://free.avg.com/gb-en/226187

This is AVG's downloader. If you are installing from a flash drive, you will need the full exe file:

 http://www.filehippo.com/download_avg_antivirus_32/

Please post any scan logs here.

Right now here in the UK it is 1.00am. I will check in again in 8 hours time.

Good luck!!!

0
 
LVL 33

Expert Comment

by:Paul Sauvé
ID: 34244579
Just out of curiosity, if you cannot access the Internet, how have you managed to get your questions posted? Another computer? ;-)

I am assuming that you must have limited Internet access, so you can go to HijackThis (or on a friend's computer) & download the application. Then install it on your laptop and run it. Copy the resulting log file & post it. Perhaps we can give you some guidance. Also, you can download & install some of the other suggested solutions, but most AVs' apps virus definitions are not up to date when you do a fresh install...

GL

PaulS
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 34250601
I would recommend running sfc /scannow on command prompt.

Just make sure you have the Windows Media CD ready with you before you hit that command. That would replace/add any corrupted files/missing files on your system.

Sudeep
0
 
LVL 5

Expert Comment

by:Moose Mclinn
ID: 34251770


I've seen this before some trojens and bots will change your proxy settings to make you think you can't get to the internet.


1.Open Internet Explorer, click "Tools" and then click "Internet Options."

2.Click the "Connections" tab and then click on "LAN Settings."

3.Uncheck the box marked "Use a proxy server for this connection" and then hit the "OK" button. The changes you made will be immediately applied and IE will no longer use a proxy server to connect to the Internet.

... what some trojens do is set the proxy to 127.0.0.1  which is a loopback to the same machine.
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question