Patched-AKC Trojan contracted... Please help!

Hi,

My system has been infected with the virus “Patched-AKC” which is disguises itself as “services.exe”. I have scanned the system drive and tried to remove it to no avail in normal mode and booting in safe mode. There are no other signs or traces of it anywhere else on my system that I can see/find. I have attached all the necessary logs. Please help me.

Peace

Monitoring 8)

Hi, bodhione.

I will be working on your Malware issues.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.

We need to use the RKill Tool by Grinler

Rkill.com <— Download site
[*] Please Download Rkill.com. Save it to your Desktop.
[*] Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.

[*] NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

[*] Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
[*] Please be patient while the program looks for various malware programs and ends them.
[*] When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running.

You will then be able to proceed with the rest of the steps for running Combofix.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Then…

Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

( If not… ) Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.

How to disable avast:

[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.

[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.

Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.

Hi,

Thanks for taking this one :slight_smile:

Log attached.

Peace

How is your computer running now?

Hey man,

Looking good so far! My Ram usage while idle still looks a little higher than normal so I’m going to monitor it and see if I have any other problems but other than that it’s looking better. Did the logs show all traces of the virus had been removed?

Thanks for all your help :smiley:

Peace and love

Ok. First we need to remove used tools.

It is necessary to uninstall ComboFix :

[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.

On Windows7 or Vista you may use Start Search field if Run is not available.

[*] In the line of text type in (Copy) the following:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

[*] then click OK (or press Enter ).

Wait for the uninstall process is complete.

Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.