Over 1 million tech questions and answers.

Spoolsv.exe Win32/PePatch virus cannot be removed

Q: Spoolsv.exe Win32/PePatch virus cannot be removed

Hi,

Recently I installed AVG 8.5 and discovered that my spoolsv.exe is infected with Win32/PePatch. However AVG is unable to remove it and I keep getting a virus detected by resident shield. I tried running CureIT but is unable to detect it. Is there something wrong with AVG?

this is the event log for AVG

"C:\autorun.inf";"Virus found Worm/AutoRun";"Moved to Virus Vault"
"C:\WINDOWS\system32\spoolsv.exe";"Virus found Win32/PEPatch";"Object is white-listed (critical/system file that should not be removed)"
"G:\download\The Witcher (.MDS file).rar";"Trojan horse Generic10.ATYN";"Deleted"
"G:\download\The Witcher (.MDS file).rar:\The Witcher (.MDS file)\Alcohol 120% Patch.exe";"Trojan horse Generic10.ATYN";"Deleted"

Hope someone can help me. Thanks in advance

RELEVANCY SCORE 200
Preferred Solution: Spoolsv.exe Win32/PePatch virus cannot be removed

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Spoolsv.exe Win32/PePatch virus cannot be removed

Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note:-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. Note 2:-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Read other 5 answers
RELEVANCY SCORE 135.2

Received initial assistance here: http://www.bleepingcomputer.com/forums/t/224622/spoolsvexe-win32pepatch-virus-cannot-be-removed/ ~ OBHi,Recently my AVG resident shield keep detecting the Win32/PePatch in the Spoolsv.exe. I am unable to remove it. Would appreicate any help to remove it. I have tried malwarebytes Anti Malware, Spyware Search and Destroy, Super Antispyware but non of them can detect the virus. Nelow is my log. I was unable to run DDS.scr but manage to run RSIT.exe . I have attached the log beblow. Thanks in advance.Logfile of random's system information tool 1.06 (written by random/random)Run by moo at 2009-05-13 23:45:14Microsoft Windows XP Professional Service Pack 2System drive C: has 5 GB (13%) free of 38 GBTotal RAM: 2046 MB (52% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:45:23 PM, on 5/13/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeg:\... Read more

A:Spoolsv.exe Win32/PePatch virus cannot be removed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 109.6

I have tried eveything and cannot get rid of this damn virus

AVG resident shield picks it up on opening and all I can do is select remove threat as power user and ignore it, there is no option to remove/clean it.

Here is my HJT log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:45 AM, on 22/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32... Read more

A:Virus found Win32/PEPatch in ...windows/spoolsv.exe

Can I get some help with this please?
 

Read other 1 answers
RELEVANCY SCORE 98.8

Hi...

Yesterday evening I had problems with my PC... Windows XP ground to a halt. Task manager showed me that explorer.exe was consuming 100% CPU even though I didn't have anything open.
I rebooted, updated antivir (AVG Free) and firewall (Comodo Pro), and let the usual nightly full-scan run.

This morning checked the results and found 4 infections:

Infections
File;"Infection";"Result"
C:\Program Files\COMODO\Firewall\cmdagent.exe (1272);"Virus found Win32/PEPatch";"Infected"
C:\Program Files\COMODO\Firewall\Repair\heur.cav;"Virus found Win32/PEPatch";"Moved to Virus Vault"
C:\Program Files\COMODO\Firewall\SCANNERS\heur.cav;"Virus found Win32/PEPatch";"Infected"
C:\Program Files\COMODO\Firewall\scanners\heur.cav;"Virus found Win32/PEPatch";"Infected"

I have not attemted to move or remove the infections yet.

I suspect that the Win32/PEPatch may possibly be a false positive, as the late AVG updates have not always been fully trustworthy. But I'd like to check for sure....

Any help would be appreciated, thanks in advance!!

Michael.

(Please let me know if more information is needed - versions, updates etc.)

A:Win32/PEPatch virus detected but not removed

HEllo,OK let's get a second opinion..SASFrom your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left,... Read more

Read other 13 answers
RELEVANCY SCORE 78.4

Hi Bleeps :Zonelabs found the above infections, which it was unable to repair or quarantine. Ran both Adware 2007 and Spybot - nothing showed there. Also seem to have trouble with sending emails and IE 6.0 is shutting down, when working in live.com maps or Google Earth (related?), on the whole it's running slow and getting worse.Working with Win2000 SP4 on an office network PC (mine acts as server). Drive F: is used as a back-up for other PCs on the network - some no longer exist. Per Kaspersky, I have 31 viruses, 450 infected files and 8 suspicious objects. Couldn;t include Kaspersky because file was too large (even for attachment).Please Help !!! Thanks.Deckards SS - Main.txt:Deckard's System Scanner v20071014.68Run by Administrator on 2008-04-09 16:24:19Computer is in Normal Mode.--------------------------------------------------------------------------------System Drive C: has 2.01 GiB (less than 15%) free.-- HijackThis (run as Administrator.exe) ---------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:24:39 PM, on 04/09/2008Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeF: ... Read more

A:Packet.win32.pepatch.bq & "not-a-virus.pswtool.win32.productkey.e

HelloApologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one will be maximizedextra.txt <- this one will be minimizedIf not, they both can be found in the C:\Deckard\System Scanner folder.Please copy (Ctrl+C) and paste (Ctrl+V) the c... Read more

Read other 2 answers
RELEVANCY SCORE 76

I am currently running AVG Free as my anti-virus and few days ago it detecting this virus called Win32/PEPatch, and I moved it to vault. But yesterday it found it again.

So, i run complete scan with AVG Free and BitDefender Online, but found nothing...

anyway here's my HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:19 PM, on 9/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskswitch.exe
C:\PROGRA~1\AVG\AVG8\avg... Read more

Read other answers
RELEVANCY SCORE 76

On msn i was just chatting when this link came up and i stupidly clicked it. Many things came up and it keeps turning on and trying to log on my name, sending it to all my friends on there. I ran my AVG and viruses showed and i dont know how to get rid of them please can someone help.

Edit: i use this windows XP, thats why i reposted it here
 

A:Win32/PEPatch virus, help!!

Welcome to TSG....

To download HJTsetup.exe To Download HijackThis go to the following: http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item5
Filename = 1137518044HJTsetup.exe

Save the file to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\HijackThis.
Continue to click Next in the setup dialog boxes until you get to the Select Additional Tasks dialog.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialog box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
At the top of the Notepad HJT log screen, hit Edit then Select All then click Edit and then click Copy doing that copies the text to the clipboard, you won't see it yet....
Come back here to this thread and Paste the log in your next reply. DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

A security expert should take a look at your log - please be patient.
 

Read other 3 answers
RELEVANCY SCORE 75.2

I am currently running AVG Free as my anti-virus and it keeps detecting this virus called Win32/PEPatch. I'm not even sure what the virus/trojan does. At first, the virus was found in the f:/system volume information/_restore..... folder in a file called A0007803.dll, i would move the file to the vault and it would come back every couple of weeks. The one problem i did have then was that sometimes i would be using IE and it would close all my windows without warning. Just a couple days ago, AVG started to detect the virus in 2 files located in f:/program files/internet explorer, shdocvw.dll and xpsp2res.dll, but now IE no longer closes my windows without warning. Strange. I have tried looking up this virus and anything connected to trojans/viruses in these two files and there doesn't seem to be anything wrong with my system, ie. there are no registry keys added, or files downloaded, so i'm not sure what to do.
Can anyone help?
 

A:Win32/PEPatch trojan/virus?

Read other 16 answers
RELEVANCY SCORE 75.2

Hi Guys,
Thanks for the help in advance.Below is my Hijackthis notepad doc:
Logfile of HijackThis v1.99.1
Scan saved at 10:25:11, on 27/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\blueyonder\PCguard\fws.exe
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
H:\Program Files\Common Files\Command Software\dvpapi.exe
H:\Program Files\CyberLink\Shared files\RichVideo.exe
H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\nvraidservice.exe
H:\Program Files\SSC Service Utility\ssc_serv.exe
H:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
H:\WINDOWS\system32\wbem\unsecapp.exe
H:\Program Files\blueyonder\PCguard\Rps.exe
H:\PROGRA~1\Grisoft\AVG7\avgcc.exe
H:\WINDOWS\vsnpstd2.exe
H:\Program Files\dvd43\dvd43_tray.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newzbin.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet ... Read more

A:win32/pepatch virus found

Hi and welcome

Download AVG Anti-Spyware from HERE and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.

Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.

Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:

Launch AVG Anti-Spyware by double ... Read more

Read other 1 answers
RELEVANCY SCORE 75.2

hi,

i'm just after installing avg free edition on my laptop and since then i keep getting alerts saying how a Win32/PEPatch was found. it always appears in new locations and i put it into the virus vault each time.

any help would be greatly appreciated!

thanks!
 

A:Win32/PEPatch virus keeps coming up

To download HJTsetup.exe fromTrendSecure To Download HijackThis go to the following at the File Repository
Click on the link below to Download HijackThis Self Installer:

http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Save the file to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\HijackThis.
Continue to click Next in the setup dialog boxes until you get to the Select Additional Tasks dialog.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialog box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
At the top of the Notepad HJT log screen, hit Edit then Select All then click Edit and then click Copy doing that copies the text to the clipboard, you won't see it yet....
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
A security expert with a gold shield to the right of their name should take a look at your log - please be patient.
 

Read other 2 answers
RELEVANCY SCORE 74.4

Hello I have avg virus scanner I found this win32/pepatch virus a couple of days ago and I tried deleting with the scanner, but unfortunately today I scan my computer again and just so happen's it's on my computer again, Can anyone help me get rid of this evil virus please? Thanks to anyone who helps
 

A:Solved: win32/pepatch virus found

Read other 16 answers
RELEVANCY SCORE 74.4

A few days ago I contracted a pretty bad virus/malware. It completely hijacked AVG and turned all components off, prevented ComboFix from running, as well as hijacked IE/FF. So I broke out my arsenal of programs to try and fix it. After using HijackThis, Dr Web CureIt, Malwarebytes, and ATF Cleaner, I managed to get AVG functionality back. I scanned and removed threats with that (various things in System Volume Info and other crazy places), and I also got ComboFix functionality back. The name of the virus was Win32.pepatch.ao, and it infected files like winlogon.exe but I THINK all of that is fixed. The only problems left are two 010 strings (unkown file in Winsock LSP) in HijackThis that I know are malware DLL's, but HJT can't remove them, and neither can LSDFixer. Also, FF and IE are hijacked and will make pop ups once in awhile. Google search results are hacked too, and it runs like a snail. I have attached my most recent MB, HJT, and Combofix log. What do I do from here?EDIT Took matters into my own hands. Ran SDFix, SmitfraudFix, HSFix, WinsockFix, and ATF Cleaner one more time. I think WinsockFix was the key, because I ran HJT again and the log was clean. I'm going to run ComboFix, AVG, and MB once more each tonight just to make sure everything's clear, but as of right now everything seems like it's back to normal!
 ComboFix.txt   10.19KB
  16 downloads
 mbam_log_2009_09_25__05_36_17_.txt   1.26KB
  15 downloads
&nbs... Read more

A:New Malware/Virus Problem (Win32.PePatch.AO and more)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 74.4

AVG keeps detecting this and still cant remove it ((((

Please help me I am online here and we can chat on yahoo also if needed. - Thanks,

I will apprciate the help.
 

Read other answers
RELEVANCY SCORE 73.6

Hello everybody,I just signed up here after going through some topics, and I must say this is the best pc forum ive come across on the world wide web.I was hoping someone could help me out with this problem right here:http://www.bleepingcomputer.com/forums/t/38954/please-help-explorerexe/Im having exactly the same problem and its driving me nuts!I also am experiencing some strange issues with AVG and my wininet.dll file..it seems to be infected with Win32/PEpatch.av.. but only AVG seems to see that haha ?Ill post a HJT log and a SmitFraud log I already have:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:19:20, on 25-8-2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG7\avgamsvr.exeC:\PROGRA~1\AVG7\avgupsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXEC:\Documents and Settings\Ramses\Bureaublad\stinger.exeC:\Documents and Settings\Ramses\Bureaublad\HiJackThis.exeR1 - HKCU\S... Read more

A:Explorer Error: 0xc0000022 And Virus Win32/pepatch.av

Hi,I also am experiencing some strange issues with AVG and my wininet.dll file..it seems to be infected with Win32/PEpatch.av.. but only AVG seems to see that hahaThis is a false positive and it happens on almost every dutch PC where AVG is installed, and since you sent me a PM in dutch, I assume this is the same issue here.So what I suggest you to do is.. Please register at the AVG Forums: http://forum.grisoft.cz/freeforum/Notify them again that they are incorrectly flagging wininet.dll (because A LOT of dutch users are suffering from this problem unfortunately)Misschien beter om verder in het Nederlands te posten, maar zo kunnen engelstaligen dit probleem in ieder geval ook verstaan.Heb je de zogezegde geinfecteerde wininet.dll teruggeplaatst van de Virusvault? Doe dit alvast eerst en deinstalleer daarna AVG, want zodra hij die wininet.dll ziet zal hij deze terug als geinfecteerd aanzien terwijl deze helemaal niet geinfecteerd is.Ik moet wel zeggen, het is best mogelijk, sinds je de wininet.dll terug hebt geplaatst van de Virus Vault van AVG, dat AVG deze corrupt heeft gemaakt. Zelfs het herplaatsen van een andere Wininet.dll lost het probleem niet op en de foitmeldingen blijven komen. Dus indien dit ook het geval bij jou is, raad ik je aan om een Windows repair install uit te voeren. Dit verwijdert niet je bestanden. Lees hier hoe dit te doen: http://www.michaelstevenstech.com/XPrepairinstall.htmDit is een spijtige zaak wat AVG doet wat betreft Nederlandstalige versies van... Read more

Read other 4 answers
RELEVANCY SCORE 73.6

... continuing to attempt to remove a Win32/PEPatch virus and get AVG free antivirus software running properly.The original topic can be found here:http://www.bleepingcomputer.com/forums/t/204978/win32pepatch-virus-detected-but-not-removed/In summary the infection:InfectionsFile;"Infection";"Result"C:\Program Files\COMODO\Firewall\cmdagent.exe (1272);"Virus found Win32/PEPatch";"Infected"C:\Program Files\COMODO\Firewall\Repair\heur.cav;"Virus found Win32/PEPatch";"Moved to Virus Vault"C:\Program Files\COMODO\Firewall\SCANNERS\heur.cav;"Virus found Win32/PEPatch";"Infected"C:\Program Files\COMODO\Firewall\scanners\heur.cav;"Virus found Win32/PEPatch";"Infected"The AVG problem:The automatic updater for AVG fails.Manual updating appears to work, but after completing the required re-boot, and checking the status of the databases, they continue to be out-of-date (17 Feb. 2007). Plus I get an AVG message every few hours: "this system needs a restart" (for the updates to complete installation)Uninstalling AVG was without success:Local machine: installation failedInstallation:Error: Action failed for file avg.snu: creating backup....Error 0x80070002 %DESTINATION% = "C:\Program Files\AVG\AVG8\avg.snu.install_backup_1", %SOURCE% = "C:\Program Files\AVG\AVG8\avg.snu"Also, any help in cleaning up of unwanted programs running on the side would be great!!!Thanks for your help !!!Michael.I have run the DDS tool, logs as follows:DDS (Ver_09-02-01.01) - NTFSx86 Run by test at 19:47:02.20 on ... Read more

A:Win32/PEPatch virus & AVG free update problem.

Hi mike=)).,Welcome to Bleeping Computers My name is Tomk_. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.The fixes are specific to your problem and should only be used for the issues on this machine.Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.It's often worth reading through these instructions and printing them for ease of reference.If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.Please reply to this thread. Do not start a new topic.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.I apologize for the delay in response. We get overwhelmed at times but we are trying our best to keep up.You appear to be running a very out to date version of AVG anti-virus. It won't get updates because it is no longer supported.Please uninstall the one you have and choose one of these current free ones (personally, I think AVG is a resource hog so I like Avast or Avira):1) Antivir PersonalEditionClassic -Free ... Read more

Read other 32 answers
RELEVANCY SCORE 62.8

can anyone plz help. i hav win XP on my computer, some 10-15 days ago while transferring some data by bluetooth to my friends cell, AVG 7.5 Free Detected Win32/PEPatch virus on my comp. later i did a complete scan and it was all over the place, mainly system files or exe files of all the softwares i have. so after 2-3 days i formated my c drive (there was no detection in d drive) partition and reloaded win xp, everything was ok, scanned again with avg and found no viruses.

today all of a sudden while using word avg detected a threat called trojan and when i scanned with avg, again the same win32/pepatch was every where. i have moved them to virus vault and deleted them from there

i dont know what to do now, is it deleted or its still there somewhere. how harmful is it. i am afraid it might harm my comp, can any one plz help me.

thanks in advance
 

Read other answers
RELEVANCY SCORE 62.8
A:Win32/pepatch.av

Since above post was edited, I assume this issue is resolved. So this thread is closed.

Read other 1 answers
RELEVANCY SCORE 62.8

I aquired this virus on the 15th. it has not effected my performance other than it prevents me from accessing the internet. So basically I am connected but all of my programs that need to connect state I do not have a valid IP address.

please help,

bullboy
 

A:Win32/PEPatch

Closing duplicate.

http://forums.techguy.org/malware-removal-hijackthis-logs/632388-i-cant-connect-internet.html
 

Read other 1 answers
RELEVANCY SCORE 62.8

On msn i was just chatting when this link cam up and i stupidly clicked it. Many things came up and it keeps turning on and trying to log on my name, sending it to all my friends on there. I ran my AVG and viruses showed and i dont know how to get rid of them please can someone help.
 

A:HELP!! Win32/PEPatch

http://forums.techguy.org/windows-nt-2000-xp/523522-win32-pepatch-virus-help.html

Closing duplicate, reply to that thread.
 

Read other 1 answers
RELEVANCY SCORE 62.8

I have picked up the same virus win32/PEPatch

Have read the information on this post and downloading the programs recommended

This is the file that has shown up in avg as infected

WINDOWS\System32\shdocvw.dll

listed below in log file, could you help me to be able to repair, I am currently following each of the steps in this post, if you need to keep it separate from existing thread, I will save this message to resubmit as a new post.

Logfile of HijackThis v1.99.1
Scan saved at 12:59:12 PM, on 16/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~2\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~2\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\GlobalSCAPE\Secure FTP Server\cftpstes.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Wil... Read more

A:WIN32/PEPatch

Hi, copywriter

That is due to the presence of Instant Buzz in your computer. The file in question is legit, but is being exploited by the Malware.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [Instant Buzz Daemon] C:\Program Files\Instant Buzz\IBDaemon.exe
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\System32\shdocvw.dll

Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

Close Hijackthis.

Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Instant Buzz

Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Instant Buzz

Restart the computer back in Normal Mode.

Let us know how it goes.
 

Read other 1 answers
RELEVANCY SCORE 62.8

This morning AVG picked up a virus called Win32/pepatch. It says it healed the infected files, but right after a box popped up saying files that are needed to run windows have been changed and are not valid. It told me to insert WindowsXP disc 2 to fix the problem but I only have backup discs as laptop did not come with operating system discs.

I have done a Hijack this and posted it below. Hoping someone can help

Thanks in advance,

Susan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:41, on 31/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Sec... Read more

A:Help! Win32/PePatch

Read other 13 answers
RELEVANCY SCORE 62.8

Hello there, I'm new to these forums and a member no less because I have noticed that there are people here who could most likely identify the problem which is right under my nose.

Considering help is better than deleting random processes and going on a witch hunt for a malware that is probably attached to some place on my system I require a proper solution.

First, I'll just highlight how I encountered this malware just about two nights ago (Thursday). Shortly after downloading and installing an SP3 update, even though my system has always ran under Windows XP SP2, I encountered a pop up from AVG about a "Win32/PEPatch." I naturally hit "remove/move to vault" and then my Spybot TeaTimer asked me a similar thing about this patch attempting to make a change in the system.

I naturally denied this change, and after I had to reboot for the aforementioned Windows update the screen went into a light blue colored screen with "loading..." and slowly but surely I was brought back to desktop. Again, TeaTimer asked if Win32/PEPatch could make changes and I denied anything involving it. The system ran rather slow for a while, or maybe that was due to my AVG system scans, but it seemed off routine from how fast my PC usually ran.

Later AVG detected it in a full system scan which I set to occur at startup, and the ability to remove/move it wasn't happening when I selected the option to do so. For a while it seemed as if things were at status... Read more

A:Win32/PEPatch.CA (need help)

Update, now another AVG popped up...this thing is spreading...

AVG Resident Shield Alert

Multiple threat detection

1.) C:\System Volume Information\_restore{3BF68EE1-9D0D-4031-902D-DA517BF6EB90}\RP311\A0046986.dll

Threat name: Virus found Win32/Heur

Detected an open

2.) C:\System Volume Information\_restore{3BF68EE1-9D0D-4031-902D-DA517BF6EB90}\RP311\A0046695.dll

Threat name: Virus identified Win32/PEPatch.CA

Detected an open

3.) C:\System Volume Information\_restore{3BF68EE1-9D0D-4031-902D-DA517BF6EB90}\RP311\A0046695.dll

Threat name: Virus identified Win32/PEPatch.CA

Detected an open.

4.) C:\System Volume Information\_restore{3BF68EE1-9D0D-4031-902D-DA517BF6EB90}\RP311\A0046695.dll

Threat name: Virus identified Win32/PEPatch.CA

Detected an open.

5.) C:\System Volume Information\_restore{3BF68EE1-9D0D-4031-902D-DA517BF6EB90}\RP311\A0046695.dll

Threat name: Virus identified Win32/PEPatch.CA

Detected an open.

Details

1.) Process Name: C:WINDOWS\System32\svchost.exe
Process ID: 1144

2.) Process Name: C:WINDOWS\System32\svchost.exe
Process ID: 1144

3.) Process Name: C:WINDOWS\System32\svchost.exe
Process ID: 1144

4.) Process Name: C:WINDOWS\System32\svchost.exe
Process ID: 1144

5.) Process Name: C:WINDOWS\System32\svchost.exe
Process ID: 1144

Just hit "Remove Threats" shortly after...

Now I remember encountering "Heur" the second time AVG scanned for the PEPatch upon my computer startup, but I believed it was removed and done with. No... Read more

Read other 1 answers
RELEVANCY SCORE 62.8

I need help and don't know what to do next. I have run the hijackthis from another message I had seen on this same virus.
Here is a copy of that log:
Logfile of HijackThis v1.99.1
Scan saved at 7:34:18 AM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
C:\WINDOWS\system32\fxredir.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\PROGRA~1\Gris... Read more

Read other answers
RELEVANCY SCORE 62.8

hello...pls if anyone can help me on this...noticed this Win32/PEPatch virus infecting few exe. files. im using winxp sp2 and avg... AVG doest give a healing option.. hv noticed that only AVG users hv seem to be havin this prob. Thankful for any advice
 

Read other answers
RELEVANCY SCORE 62

Hello,I'm running Windows XP Professional, SP2. I've been running it for years without any problems, and I mistakenly opened a file the other day. I didn't have any antivirus (a mistake of mine), but I immediately downloaded AVG Free and scanned. It's been popping up saying that winlogon.exe is infected, as well as lsass.exe, and other critical system processes.Also, the shell - explorer.exe will randomly disappear. I'm using Litestep as my shell, but I still use explorer.exe to navigate through the File System. I've already tried running sfc.exe /scannow, and it runs without any errors or messages.. but the problem still persists.Here is my HijackThis log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:12 PM, on 5/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system... Read more

A:Infected with Win32/PEPatch.A0

Bump? Any replies would be appreciated. Thanks again.===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it ... Read more

Read other 9 answers
RELEVANCY SCORE 62

avg has found win32/pepatch virs in system32 but it cant delete it. i have also problems with sounds , when i quit a game and start it again , there wont be any sound. also an error pop up always once in an hour : generic host process for win 32 services has encountered a problem and its closing .here is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 10:18:52, on 10.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sozluk.sourtimes.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ba&#287;lant&#305;lar
O2 - BHO: A... Read more

A:win32/pepatch virüs

Read other 9 answers
RELEVANCY SCORE 62

Hi, I am running an xp pro sp2 laptop. i detected the Win32/Pepatch with avg which found it in a host of firefox files. Avg looked to have removed it/moved it to the virus vault but then it came back and infected Internet explorer.

I have pasted the hijack this results below. Any help gratefully received as I am not sure how to remove this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:24, on 06/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Fi... Read more

A:Removing Win32/Pepatch

Read other 16 answers
RELEVANCY SCORE 62

Well I have my computer infected with the following virus: PEPatch.AO.
I've tried many programs such as Adware, ComboFix and AntySpyware.
The infected files with the virus are:
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\system32\services.exe

I appreciate all your help, thank you.

EDIT: I'm using xp sp2.

A:Win32/PEPatch.AO(Trojan)

Hello and welcome .Please run these next.....run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" ... Read more

Read other 1 answers
RELEVANCY SCORE 62

Alright, long story.Parent's friend brought his laptop over, said it was running slow. Booted it up, noticed that SpySweeper was hanging on start up, locking up the system whenever it tried to boot. Got into safe mode, dumped 13.6 GB's of quarantine files (155k files). SpySweeper began working normally again.Installed AVG Anti-Virus, which immediately begin flagging a file (simp_dll.dll) as a virus (Win32/PEPatch). At this point, SpySweeper began flagging a suspicious file as trying to start, every 10 seconds or so (Exact same file). Quarantining/deleting the file did nothing, which led me to believe there was something further down spawning it.Booted the computer into safe mode, scanned with AVG. It picked up Win32/PEPatch again, along with 3-4 others. Cleaned/Quarantined, rebooted into safemode a second time, then scanned. It picked up PEPatch by its lonesome, attached to a different file (Still in C:\Windows\System 32 directory). Cleaned it, rebooted the computer, ended up with:"The file C:\Windows\System32\ntoskrnl.exe is missing". Spent a while, got that patched up from a recovery disk of Windows XP Professional, booted the computer. It hung on regular boot repeatedly, got into safe mode, system restored it back to right after cleaning the SpySweeper quarantine. Tried scanning again, EXACT same issue occurred.At that point, I decided to come here.Laptop is currently running Windows XP Home Edition, Service Pack 2. It's missing the last ... Read more

A:Win32/pepatch And Assorted

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Regards,

Rosty.

Note: please do not post your log between code tags, thats very difficult to read for us!! Use the add reply button and copy and paste the log into here.

Read other 5 answers
RELEVANCY SCORE 62

Hello,

I'm running Windows XP Professional, SP2 in my office. recently i've installed avg 8.5 to my computer. Upon installation its immediately deteced WIN32/PEPATCH.AO on my system (explorer.exe spools.exe winlogon.exe) But as u all know i cannot delete the files as it is whitelisted.
Hope to solve these problems immediately as this is my office computer.
Thanks

A:WIN32/PEPATCH.AO [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 8 answers
RELEVANCY SCORE 62

Hey guys, ive just got a brand new comp and strait from go, after installing drivers and anti-virus programs (with stacks of problems along the way) i have got something called Win32/PEPatch It's terrible im pretty sure its a trojan i need help bad!! brand new computer ive been trying for 3 days to get rid of it please!!! someone help me!!!
 

A:Help! Bad Trojen! Win32/pepatch

Hi and welcome

* Click here to download HJTsetup.exe.
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 1 answers
RELEVANCY SCORE 61.2

I'll be pleased if anyone can help me with this virus. I've seen that another person already told about this virus ( Win32/PEPatch )...
I have Windows XP and I'm currently running AVG Free Edition on my computer and it keep detecting Win32/PEPatch Trojan Virus on many files, and it moves to Virus Vault.

Please help me with this problem.
Thank you.
 

A:Solved: I'd like some help with Win32/PEPatch Trojan...

Read other 14 answers
RELEVANCY SCORE 61.2

The computer runs so slow and the cpu usuage is up to nearly 100% most of the time with svchost.exe using up most of it.
 
I ran malwarebytes and it detected nothing. Ran avg and it found Win32/PEPatch but the svchost.exe is still using up all the cpu. Terminating the process does nothing and it returns a few minutes later.
 
DDS notepad files zipped and attached.

A:Win32/PEPatch detected - svchost.exe using all the cpu

Hello derekwatters, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Toipic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

   Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  I will be analyzing your log. I will get back to you with instructions.  1.Do you have a USB Flash Drive you can use? 2.    Download RogueKiller on the desktop
    Close all the running processes
    Under Vista/Seven, right click -> Run as Administrator
    O... Read more

Read other 37 answers
RELEVANCY SCORE 61.2

So I've gotten a virus and I thought I removed it. However out of all the tests and programs I have ran to see if I removed it or not, AVG Free antivirus is still coming up with this Win32/PEPatch under dllhost.exe (6000). Currently I'm running the AVG scan in safe mode so we'll see soon. I've researched the virus and one thing I saw a lot was to go to C:/WINDOWS/SYSTEM32/WINS and delete the entire WINS folder, however I do not have that folder. Here is the hijackthis for kicks. The computer is a netbook with windows 7 starter.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:38:05 AM, on 12/15/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Safe mode with network support

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\wininit.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:... Read more

Read other answers
RELEVANCY SCORE 61.2

I have described the problem in another log http://www.bleepingcomputer.com/forums/t/220562/detected-virus-cannot-be-eliminated/. That was before I tried HijackThis. Now the detection of virus keeps coming up as it attaches to a number of critical files. It comes up almost every time I run something.DDS (Ver_09-03-16.01) - NTFSx86 Run by SysAdmin at 18:56:58.36 on Sun 19/04/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_06Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.238.46 [GMT 10:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\NETGEAR\WG511v2\wlancfg5.exeC:\Documents and Settings\SysAdmin\Desktop\dds.scrC:\Program Files\AVG\AVG8\avgcsrvx.exe============== Pseudo HJT Report ===============uStart Page = about:blankTB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No FilemRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exemRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /autodRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - ... Read more

A:Trojan horse Win32/PEPatch.AO

Hello! My name is Sam and I will be helping you. Let me reiterate what's already been said. You appear to have a very serious infection and there is a definite possibility that you will need to format your drive. You may want to prepare for this now and begin to back up any photos or media files that you would not want to lose. Do NOT backup any exe files as they may be infected.Download Dr.Web CureIt to the desktop:ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exeDoubleclick the drweb-cureit.exe file and Allow to run the express scanThis will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.Once the short scan has finished, mark the drives that you want to scan.Select all drives. A red dot shows which drives have been chosen.Click the green arrow at the right, and the scan will start.Click 'Yes to all' if it asks if you want to cure/move the file.When the scan has finished, in the menu, click file and choose save report listSave the report to your desktop. The report will be called DrWeb.csvClose Dr.Web Cureit.Please post the contents of the log from DrWeb in your next reply.

Read other 14 answers
RELEVANCY SCORE 61.2

Hi I managed to pick up the win32/pepatch trojan virus on my pc by following a link in a hotmail message, (beware of greetings cards).
It took a few days to take hold, when it did it attacked my tcpip, system file and a tcpip.dll file. I removed both but that rendered my internet connection useless and then my AVG packed up!
So I copied a tcpip file from another PC and placed it back on this system and today Im finally back on the net!
Ive followed the Hijack this advice in other posts and here is my log file. I know this virus must still be here, can anyone please tell me what I need to fix with hijack this please. Here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 09:27:03, on 16/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyag... Read more

A:PC win32/pepatch infected. log attached

bump
 

Read other 3 answers
RELEVANCY SCORE 61.2

The trojan in the topic title is what is affecting my laptop! It is everywhere in the winlogon and explorer and everything. Someone please tell me this can be fixed without reinstalling windows. What started first was that I was affected with the redirect virus and tried to get rid of it. My husbands friend who "is" a comp tech said I made it worse and have to reinstall, so I have prepared for that by backing up all my photos and things. Some please help!!!!!!!

A:Trojan horse Win32/PEPatch.A0

Hello Becca09Welcome to Welcome to BleepingComputer =====================Download OTListIt2 to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Read other 76 answers
RELEVANCY SCORE 61.2

I have tried and tried all kinds of things and suggestions to get rid of Win32/PEPatch and nothing has worked. Can some one please help me get rid of this thing. My computer is getting worse by the day. I tried to do the dds scan but it won't complete. I did the rootkit scan and didn't get much. But here it is.Thanks LisaROOTKITGMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-10-11 16:24:39Windows 6.1.7600 Running: gmer.exe---- Files - GMER 1.0.15 ----File C:\Users\Lisa\AppData\Local\Mozilla\Firefox\Profiles\f4o69gey.default\Cache\4593C049d01 42954 bytesFile C:\Users\Lisa\AppData\Local\Mozilla\Firefox\Profiles\f4o69gey.default\Cache\39B5BC22d01 21479 bytesFile C:\Users\Lisa\AppData\Local\Mozilla\Firefox\Profiles\f4o69gey.default\Cache\A399F372d01 31695 bytesFile C:\Users\Lisa\AppData\Local\Mozilla\Firefox\Profiles\f4o69gey.default\Cache\55DBFC86d01 21820 bytesFile C:\Users\Lisa\AppData\Local\Mozilla\Firefox\Profiles\f4o69gey.default\Cache\B43B314Dd01 21358 bytesFile C:\Users\Lisa\AppData\Local\Mozilla\Firefox\Profiles\f4o69gey.default\Cache\256BEEDCd01 31989 bytesFile C:\Users\Lisa\AppData\Local\Mozilla\Firefox\Profile... Read more

A:Win32/PEPatch is taking over my computer please help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

Read other 2 answers
RELEVANCY SCORE 61.2

hello guys,

have been facing a lot of problem due to the virus WIN32/Pepatch in svchost.exe and proxy.dll in system 32.

opearting system is windows xp professional...
however i m not able to locate my files on my laptop and internet connectivity is also gone now thanks to this virus...

help me out with it...
 

Read other answers
RELEVANCY SCORE 60.8

i already got rid of this virus before, but after coming back from vacation, i scanned my computer and it's back again.

if anyone could please help, i'd be very happy, because the hijackthis log had different entries from the last time, so here it is:
Logfile of HijackThis v1.99.1
Scan saved at 10:03:28 PM, on 7/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
D:\Installers\Printer\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program... Read more

A:Solved: win32/PePatch, win xp, drive C, infected again :(

Read other 16 answers
RELEVANCY SCORE 60.8

win XP SP3AVG reported a virus, Win32/PE patch in the memory of internet explorer and can not remove it. As well as everytime ie starts the taskmanager shows two ie's running. OK, 1stly, I shut off restore point,searched for SRDISKID.DAT and W1nudate.exe they dont seem to exsist to delete(registry was searched also), Plus I cant find iexplore spelt with zero instead of an o as some suggested. Scanned computer with Malwarebytes, Ewidos, panda soft online scanner, and used combofix all from safe mode as well as normal, to remove problem to no avail. (below i will attach said logs). For over 2 days i've been scanning and rescanning, this has frustrated me and i need someone more knowledgeable then me to give me advice.please helpthanx

A:win32 pepatch 2 internet explorers running help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

Read other 15 answers
RELEVANCY SCORE 60.8

Well recently I have installed gametap with a gold account for the sake of gaming, and I found out it has overlord, so i downloaded this. i could not play it though because i didnt have latest Direct X (which i do now), didnt know what the problem was, so I deleted it. I fixed the problem and now I am trying to redownload it, but every time it gets to 29% three virus popups come up from AVG and the virus is Win32/PEPatch x_x
is there anything i can do?
 

A:Win32/PEPatch when downloading Overlord from gametap

Read other 12 answers
RELEVANCY SCORE 60

Hi, i use AVG anti-virus, and it detected a virus called win32/PePatch, and i couldn't seem to get it out, i've read the other threads about it, but i'm not sure how to proceed.

i've already downloaded the Hijackthis program, and here's the log:
Logfile of HijackThis v1.99.1
Scan saved at 7:46:13 AM, on 6/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\win32host.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
D:\Installers\Printer\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\win32update.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\DataViz\DvzIncM... Read more

A:Solved: win32/PePatch for windows xp, drive C infected

Read other 8 answers
RELEVANCY SCORE 60

When I start the computer, AVG9 comes up with the Crypt.OIO Trojan in userinit.exe. The AVG9 scan is clean until I start Outlook. If I run a scan while Outlook is open, it very shortly comes up with 206 infections of Win32/PePatch in memory of Outlook.exe. I was unable to get a GMER log as the first time I ran it the PC rebooted itself after 5-10 minutes. The second time I ran it, I checked on it periodically and it was up to ~40 minutes? when I walked in to a BSOD with PFN_LIST_CORRUPT Stop: 0x04E. I've included a HJT log in lieu of the GMER log - if that helps at all.Edit: If I try booting into safe mode I get a BSOD with Stop: 0x07E, no error code listed tho.DDS (Ver_09-12-01.01) - NTFSx86 Run by Pontt at 16:14:02.20 on Fri 02/05/2010Internet Explorer: 8.0.6001.18702============== Running Processes ============================= Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/uSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/ieuDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070603uInternet Settings,ProxyServer = http=127.0.0.1:5555uInternet Settings,ProxyOverride = <local>mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=usBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [SUPERAntiSpyware] c:\pro... Read more

A:Win32/PePatch & Crypt.OIO Trojan (Outlook & Userinit)

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 2 answers
RELEVANCY SCORE 60

Avg detects win32/pepatch and trojan but keeps coming back, Ive scanned and deleted these infections 3 times now but every few days they come back. what are these viruses and how can i fix them?
 

A:Avg detects win32/pepatch and trojan but keeps coming back

Closing duplicate to: http://forums.techguy.org/malware-r...s/605877-why-cant-i-get-help.html#post4984818

Please do not post duplicates, your thread will get looked at as soon as the chance arises.
 

Read other 1 answers
RELEVANCY SCORE 59.2

Trojan/Virus found ... Win32/PEPatch.SO
infected files include winlogon.exe, services.exe ...
Downloaded AVG and seems it has done some actions(clean?) to the above infected files, and the computer starts to act abnormally, which is freezes right after boot into normal mode just a while after the AVG prompt infected files are found. Not exactly frozen, the cursor is still active but one cannot clicks on anything, and opened window is not responsive, cannot do anything.

Please help.
 

Read other answers