Patched.b.gen Trojan with eset nod32

Posted on 2012-08-14
Medium Priority
Last Modified: 2012-09-11
Eset kept saying services.exe had patched.b.gen Trojan
I ran the steps in

Once completed with full scan the desktop.ini was stated to have infiltration
So I removed it.  
Then eset would not load correctly saying services wouldn't load.  So I tried to repair eset but it said it couldn't.  I then uninstalled eset an reinstalled.  At that point it said it had an mbr type root kit however the full scan prior to reinstall should nothing.   What is a good program to use to clean this up?  
I will check back at work tomorrow an see but it has me stomped.  Thanks for any solution.
Question by:TechyT
  • 2
LVL 38

Accepted Solution

younghv earned 1000 total points
ID: 38296184
Here are some basic steps you can take:

http://www.experts-exchange.com/A_4922.html Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_5124.html Stop-the-Bleeding-First-Aid-for-Malware

Please review and post back any questions you have. If you do run any of the tools/scanners recommended, please post the logs generated here for us to review.

I just started testing a new tool that looks promising. Please read about it and give it a try:
"Emsisoft Emergency Kit 2.0"

Author Closing Comment

ID: 38297491
thanks I got it resolved!!!

Expert Comment

ID: 38388786
If none of the files above do it for you, I just removed this using Combofix.  You can download it here.  Run with caution.  A couple times I had Combofix remove infected system files that really messed up the system.  Both times I was able recover by re-installing the latest OS service pack.
LVL 38

Expert Comment

ID: 38389059
@cdeme123 -
If you will read the EE Articles I linked in my comment above, you will see the reference to using ComboFix - along with the proper links for downloading it (with instructions).

Please be aware that it never enough to tell someone to "run this" or "run that". Many variants of malware will block the tools/scanners from running and that is why I recommend one of the 'rogue process stoppers' before doing scans.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question