Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
BCM
Member Login

Site Notices
4/18/2021 9:59:29 PM
Posted: 10/7/2012 5:57:18 AM EDT
Somewhere I got a computer virus or something, I first noticed it when I was being redirected when entering in web addresses. I've since ran Malwarebytes, AVG, and Avira. Avira's "realtime protection" keeps blocking it from running so the pc's working fine right now except for the annoying prompt constantly letting my know that it denied access. The virus is somehow attached to my windows/services.exe file. Avira calls it W32/Patched.UA. It keeps making 3 other ones named TR/ATRAPS.Gen2. I obviously can't delete the services file but if I delete the other 3 they just come back. AVG only detects the 3 other ones but not the main one. How the hell do I get rid of this, short of nuking it from orbit.
Link Posted: 10/7/2012 6:10:31 AM EDT
Best option is to wipe the hard drive and reinstall from original CD/DVD media. Second best option is to restore from a backup, but depending on the age of the backup it's possible the backup might be infected.  Third option if Malwarebytes and others don't work is to run Combofix...
How to use Combofix
Download Combofix

Edit to add: Also try booting into safe mode and running Malwarebytes and the other anti virus/malware programs.
Link Posted: 10/7/2012 6:15:38 AM EDT
FPNI.

eta:

Link Posted: 10/7/2012 6:21:25 AM EDT
I'd recommend downloading the ISO from the link below, put it on a USB key or cd, boot from it, scan your drive.
http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline


Posted Via AR15.Com Mobile
Link Posted: 10/7/2012 12:05:39 PM EDT
Quoted:
Best option is to wipe the hard drive and reinstall from original CD/DVD media. Second best option is to restore from a backup, but depending on the age of the backup it's possible the backup might be infected.  Third option if Malwarebytes and others don't work is to run Combofix...
How to use Combofix
Download Combofix

Edit to add: Also try booting into safe mode and running Malwarebytes and the other anti virus/malware programs.


I did all the scans while in safe mode
I'll check out combofix
Link Posted: 10/7/2012 12:11:19 PM EDT
Quoted:
I'd recommend downloading the ISO from the link below, put it on a USB key or cd, boot from it, scan your drive.
http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline


Posted Via AR15.Com Mobile


Giving this a try right now
Link Posted: 10/7/2012 12:44:38 PM EDT



Quoted:


Best option is to wipe the hard drive and reinstall from original CD/DVD media. Second best option is to restore from a backup, but depending on the age of the backup it's possible the backup might be infected.  Third option if Malwarebytes and others don't work is to run Combofix...

How to use Combofix

Download Combofix



Edit to add: Also try booting into safe mode and running Malwarebytes and the other anti virus/malware programs.


Combofix

and

malwarebytes



Run both from safe mode.
If they can't clean it, it's most likely not going to get clean. ( it's possible, but can be extremely time consuming )



 
Link Posted: 10/7/2012 12:45:18 PM EDT
Link Posted: 10/7/2012 1:14:01 PM EDT


LOL you get an apple so you can have trojan.
Flash back trojan
Link Posted: 10/7/2012 1:20:40 PM EDT
Quoted:
Somewhere I got a computer virus or something, I first noticed it when I was being redirected when entering in web addresses. I've since ran Malwarebytes, AVG, and Avira. Avira's "realtime protection" keeps blocking it from running so the pc's working fine right now except for the annoying prompt constantly letting my know that it denied access. The virus is somehow attached to my windows/services.exe file. Avira calls it W32/Patched.UA. It keeps making 3 other ones named TR/ATRAPS.Gen2. I obviously can't delete the services file but if I delete the other 3 they just come back. AVG only detects the 3 other ones but not the main one. How the hell do I get rid of this, short of nuking it from orbit.


"Somewhere"
Link Posted: 10/7/2012 1:52:26 PM EDT
Quoted:
Quoted:
Somewhere I got a computer virus or something, I first noticed it when I was being redirected when entering in web addresses. I've since ran Malwarebytes, AVG, and Avira. Avira's "realtime protection" keeps blocking it from running so the pc's working fine right now except for the annoying prompt constantly letting my know that it denied access. The virus is somehow attached to my windows/services.exe file. Avira calls it W32/Patched.UA. It keeps making 3 other ones named TR/ATRAPS.Gen2. I obviously can't delete the services file but if I delete the other 3 they just come back. AVG only detects the 3 other ones but not the main one. How the hell do I get rid of this, short of nuking it from orbit.


"Somewhere"


Okay, Porn dammit!!!
Link Posted: 10/7/2012 1:57:30 PM EDT


Tryed the Windows Defender and it found them and "said" it removed them but It wouldn't boot after, so I did a System Restore and am now back too square one. I wonder If reruning it and then use the installation disk to repair Windows would work?
Link Posted: 10/7/2012 2:24:54 PM EDT
Reran AVG and it stills pulls up the main Trojan that's attached itself to Windows\System32\services.exe. It says it's white-listed and cannot be removed because its a critical/system file. This is probably why I got the bsod after rebooting from Windows Defender. Anyone know if it is possible to pull just that file off of the installation disk and replace the corrupted one with it?
Top Top