Win32:Patched-CK [trj]

This trojan seems to have attacked me - Win32:Patched-CK [trj].

I’ve tried to remove/move to chest/repair…no luck with any.

I’m unable to connect to the internet, I believe due to this issue. So, it is a little difficult to troubleshoot.

It seems to be affecting the following files…and I don’t know how to fix.
windows\system32\winlogon.exe
windows\system32\svchost.exe
windows\system32\lsass.exe
windows\explorer.exe

Can someone please help!?

:slight_smile: Hi :

It appears you have a very serious malware “infection” and will need the
assistance of a “Malware Removal Specialist” ; an example of what probably
will need to be done is the Thread at
www.spywareinfoforum.com/index.php?showtopic=117672 .

If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:

  1. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

  2. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in url=http://support.microsoft.com/default.aspx?scid=kb;en-us;315222]SafeMode[/url] (repeatedly press F8 while booting).
    If avast does not detect it, you can try DrWeb CureIT! instead.

  3. It will be good if you download, install, update and run SUPERantispyware, MBAM or SpywareTerminator.
    If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
    About legit antispyware applications or the bad ones: http://www.spywarewarrior.com/rogue_anti-spyware.htm#sites

  4. If you still detecting any strange behavior or even you’re sure you’re not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster for XP/Vista. For XP only: Panda.

  5. Also, if you still detecting strange behaviors or you want to be sure you’re clean, maybe making a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.

  6. After you’re clean, disable System Restore on Windows ME, XP or Vista. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After disabling you can enable it again. To use System Restoration it’s necessary to disable avast! self-protection: avast! settings > Troubleshooting > Disable avast! self-defence module then start a System Restore.

  7. Use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

  8. Finally, when you’re clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.

Manual removal instruction can be found here:
http://www.mydigitallife.info/2007/04/19/manual-clean-removal-instruction-for-wormpabugck-or-wormpabugco/

polonus