The online racing simulator
Virus Help....Oh dear
1
(45 posts, started )
Virus Help....Oh dear
Hello guys,

Need some help on a Trojan that appears to have made it's way onto my Computer. I was surfing YouTube looking at some Videos, and next thing I know, AVG is going nuts telling me it has detected two viruses.

Here's what it says.

C:\\WINDOWS\system32\winlogon.exe - Virus Identified Win32/Patched.FM.

C:\\WINDOWS\explorer.exe - Virus Identified Win32/Patched.FL

Now, being important Windows files, there is nothing I can do. AVG will not quarantine or delete these files due to them being white listed. I've tried using Malwarebytes Anti-Malware and that does nothing either. AVG's Resident Shield will just stay open constantly notifying me of these errors.

I really need some help on how to Remove or Repair them files without having to Re-Format my Computer, as that is not an option at the moment. I'm really confused as to where this Virus could of come from, as I was only browsing YouTube, and I have never visited any sort of dodgy sites, so I'm baffled.

Any help?

Regards,
Nathan

EDIT: Just noticed that Opera sometimes opens Tabs on it's own containing adverts, so I assume it is from YouTube.
#2 - Jakg
"C:\\"?

Double slash is... unusual. Sure thats right?

EDIT - Imma go out on a limb here. Is it possible on C:\ you have a folder of name "blank" and within this folder you a duplicate "explorer.exe"? That would give you the file path of C:\\{whatever}

(I have no idea if this is even possible...)
According to AVG, yep.

EDIT: Hmm, I will take a look and report back. Give me a minute...
Just noticed something in my Windows folder. There are two explorers. One of them is the normal icon (Computer Tower and Monitor) and if I open it, it opens up Explorer. The other is a folder that says "Windows Explorer Command" and if I open this, it also opens Explorer and goes straight to my C Drive. Is the Explorer Command one needed?
#5 - PoVo
Quote from Nathan_French_14 :Just noticed something in my Windows folder. There are two explorers. One of them is the normal icon (Computer Tower and Monitor) and if I open it, it opens up Explorer. The other is a folder that says "Windows Explorer Command" and if I open this, it also opens Explorer and goes straight to my C Drive. Is the Explorer Command one needed?

PM me, and I'll send you a trojan remover.

And both Explorers are needed.
If you use Windows Search and let it find the "winlogon" and "explorer", how many files it finds and what's their location?
The LFS Technical Assistance forum is for technical assistance regarding the running and configuring of LFS. Not any other computer related troubles.
Quote from PoVo :PM me, and I'll send you a trojan remover.

And both Explorers are needed.

PM Sent.

Quote from MadCatX :If you use Windows Search and let it find the "winlogon" and "explorer", how many files it finds and what's their location?

For WinLogon, it found 3. Two Executables and one .PF file.

For Explorer, it found 7. 1 Application, 1 command prompts and 5 shortcuts.

Quote from Bob Smith :The LFS Technical Assistance forum is for technical assistance regarding the running and configuring of LFS. Not any other computer related troubles.

Noted.
I think the pf files are for the prefetcher/Superfetch...

What exactly is wrong with the PC?... I had a av update recently that gave false positives on its own exe and 1/2 of windows...
Quote from Foilpact :I think the pf files are for the prefetcher/Superfetch...

What exactly is wrong with the PC?... I had a av update recently that gave false positives on its own exe and 1/2 of windows...

Performance wise, nothing seems wrong and it does everything exactly the same as it did before this popped up. I thought it might of been an AVG fault too, so I downloaded NOD32 and that also went crazy, saying the exact same files were infected.

I'm baffled.
Maybe try uploading the file to an online virus checker and see what u get back...

It looks like its either a false positive that loads of people are getting, Or its a real patching virus that will need a format to get rid of...

Most people are getting it after updating their av in th last few days... Are the file dates wildly different from other windows files?...

U could also try System restore to a few weeks ago t see if it still shows...
#12 - arco
Ditch AVG. Download and run ComboFix. Then install either Avast or MSE (Microsoft Security Essentials).
They're all wank imo i tried pretty much every spyware shit out there and it did nothing, only system restore worked for me.

Infact, what happened was, it blocked all my anti viruses so they wouldn't open! How messed up is that? Pay money for anti-virus made by huge companys and they are beaten by some spotty kid hidden in his bedroom. It was thatvirus that tries to get you to pay for their antivirus telling you there viruses on your pc.
AVG is old to me but I recommend you to use NOD32
why do people bash avg so much? i've seen machines at work with viruses that mcafee and norton will ignore for months...
avira is amazing. one advertisement to buy a day, its nothing major. and a quick scan every day. it doesnt slow down anything or get in the way.
Quote from logitekg25 :avira is amazing. one advertisement to buy a day, its nothing major. and a quick scan every day. it doesnt slow down anything or get in the way.

i get pissed off when avg runs their quarterly ad campaigns, i couldn't tolerate a daily ad.
it got slightly annoying when it stopped being needed cause it blocked everything in its path
Just chuck all your files on a external hard drive and reformat
#21 - PoVo
Quote from Jacko1 :Just chuck all your files on a external hard drive and reformat

Some viruses copy themselves with other files, so copying it to the External HDD, will also copy the virus
Quote from PoVo :Some viruses copy themselves with other files, so copying it to the External HDD, will also copy the virus

Depends what virus you're talking about. The one this guy's got sounds like it's a pretty good one
Quote from pearcy_2k7 :They're all wank imo i tried pretty much every spyware shit out there and it did nothing, only system restore worked for me.

Infact, what happened was, it blocked all my anti viruses so they wouldn't open! How messed up is that? Pay money for anti-virus made by huge companys and they are beaten by some spotty kid hidden in his bedroom. It was thatvirus that tries to get you to pay for their antivirus telling you there viruses on your pc.

If you have a firewall, This is amazingly easy, This comes up from a hack of double.click.net ads, Which is why Modzilla and NoScript or AdBlockPlus will help, If you have something that says <RandomName> (It should come up like "fjdfueksuz.exe Is trying to accept connections from the internet")

Go to C:\Documents And Settings\Your_user\AppData\ <Exenamehere>\

After that, You should see the EXE, If it hasn't run, Rename it (If you have it to where you must type out the extentions, DO NOT put .EXE in it, Seriously bad things will happen, Just rename it LOLOLOF-UVIRUS (Seriously, That would work) And restart, go to the same folder, remove it, As it's not on, Problem solved.
Well if only you are infected a virus called WORM.32 which copies many duplicate files and fake Folders.exe
1

Virus Help....Oh dear
(45 posts, started )
FGED GREDG RDFGDR GSFDG