Threat: Win32: Patched-AKC [Trj]

Ran a quick scan and this was the only threat that couldn’t be repaired, deleted or moved to chest.
The file name is c:\Windows\System32\services.exe with a High severity. When I try to repair it, it says, Error: The process cannot access the file because it is being used by another process (32) and when I try to delete or move to chest, it says Error: The specified file is read only (6009).

I also notice that on this laptop, when I switch on the wireless, It affects the internet on my modem and I am not able to use internet on this laptop, on my other laptop nor on the PS3, Iphone etc. When this laptop is switched off, the wireless works fine on my other laptop. I am currently using the laptop using the ethernet cable with the wireless off and this doesn’taffect the uses of internet for the laptop, ps3 or iphone.

PLEASE can someone help me on removing the trojan completely and let me know whether the wireless is due to this trojan or a completely seperate issue…and what I should do with that!!! ASAPPPP…thank you

Hi follow the steps in this thread http://forum.avast.com/index.php?topic=53253.0

Then attach the logs here

Only allowed 4 attachments per post and I have more attachments to give, bear with me, I will let you know when I have attached all logs.

These are the last 2 logs…the FSS document is the Farbar Service Scanner…i ran this due to the internet connection problems

Look forward to hearing from you soon

I can see the net problems, several services are corrupted

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
O2 - BHO: (Blekko Search Bar) - {5ce808f4-c861-4392-b55e-c97a89fbe2dd} - C:\Program Files (x86)\blekkotb_005\blekkotb_005X.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{5ce808f4-c861-4392-b55e-c97a89fbe2dd} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{5ce808f4-c861-4392-b55e-c97a89fbe2dd} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.

:Files
C:\Windows\Installer\{7261ccd0-3e01-73f4-3f8f-6b390ad0d736}
C:\Users\Ali\AppData\Local\{7261ccd0-3e01-73f4-3f8f-6b390ad0d736}

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

During Combofix, it had disinfected the file which had the trojan on it, and restored the original which was good. After Combofix, I realised Windows Update, Defender and Firewall had began to work again which it previously hadn’t been, which was also good. I had about 50 Windows updates which I downloaded and installed so hopefully I am up to date. I then ran Avast! Quick Scan and it came back all clear which means the trojan is completely gone…I think lol. Thank you very much for your help! The only problem now is still my wireless is playing up. I took the ethernet off the laptop, switched the wireless on, and it tried to connect to my wireless modem but it always went to Limited Access, then it went back to Identifying Connection until eventually it couldn’t find my wireless modem at all. And this happens all the time, it does’t allow me to connect at all. Also, as soon as i switch the wireless on this laptop, it cuts off my internet connection, the wifi on my iphone, and my other laptop. Help me please!!!

Lets reset the net connections now. After this could you let me know if the problem is resolved

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Files
ipconfig /flushdns /c
netsh int ip reset /c
netsh winsock reset catalog /c

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Completed the quick scan
Shall I turn the wireless on without the ethernet, to see if it connects?

Yes please

It connected for literally 2seconds…and then went back to Limited Access…and then when I tried to diagnose the problem with ‘Network and Sharing Center’, my internet modem completely disappeared from the list of available wireless networks!!!
What do I do!!! lol

Did the network troubleshooter state what problem it found

Ran the Windows Network Diagnostics
It tries to identify access and it comes back with unidentified access…public network, and it has no access to the internet

It tells me to investigate router or access point issues…basically turning the modem on and off which doesn’t seem to help at all

Then it tells me to plug an ethernet cable into the cable which is what I’m currently doing…so i skip this
then tells me to connect to an available network…and surprise surprise, my wireless has disappeared and isn’t on the list
i skip this and it ends up with the following ( check the attachment)

Could you turn off the wireless (If it is a laptop)
Reboot then turn it back on again

Then could you go Start > Run (or press the windows+R key together)
Type in devmgmt.msc

In the box that opens are there any yellow exclamation marks

Did as you said…and the attachment shows what came up
From what I can see…no yellow exclamation marks…when I opened each little section up…there was no yellow exclamation marks there either

Could you go to control panel > network
And select manage networks
Is your wireless evident there

Sorry for the late reply, yes it is evident there…just as you showed me in the 2nd screenshot

Could you double click that network and ensure that the box is as shown

yup…exactly the same

So the wireless connects and then drops out is that correct ?

Please download MiniToolBox, save it to your desktop and run it.

https://dl.dropbox.com/u/73555776/minitoolbox.JPG

Checkmark the following checkboxes:

[]Flush DNS
[
]Report IE Proxy Settings
[]Reset IE Proxy Settings
[
]Report FF Proxy Settings
[]Reset FF Proxy Settings
[
]List content of Hosts
[]List IP configuration
[
]List Winsock Entries
[]List last 10 Event Viewer log
[
]List Installed Programs
[]List Devices
[
]List Users, Partitions and Memory size.
[*]List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using “Reset FF Proxy Settings” option Firefox should be closed.

ye, sometimes it connects for about 3-4seconds…then goes to limited access and then it drops out
and then sometimes it doesn’t connect at all…it just goes straight to limited access

results are attached