Home > Avg Found > AVG Found A Virus :O( Win32/Patched.Cg

AVG Found A Virus :O( Win32/Patched.Cg

Connect with BullGuard Company About UsPressPartnersContact UsCareersAffiliate program Products Internet SecurityAntivirusPremium ProtectionMobile Security Downloads AntivirusInternet SecurityMobile SecurityPremium Protection Support Help CentreProduct GuidesForumLive Technical Support © 2016 BullGuard. If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. Please post them in a new topic, as this one shall be closed. I used my windows recovery disk to replace the atapi.sys as I thought it was the cause of the win32/patched.cg but it still shows the infection message in my resident shield check over here

AVG is detecting this virus Win32/Patched.CG on file c:\Windows\System32\drivers\nvstor.sys . Please double click on the file you downloaded. I greatly appreciate what you and other helpers are doing to help those like myself. This will start ComboFix again.5. https://www.bleepingcomputer.com/forums/t/313498/infected-with-win32patchedcg-virus/

Quote Report Back to top Post a reply Unread posts or replies No unread posts or replies Unread Posts (Read Only Forum) No Unread Posts (Read Only Forum) Forum Thank you. March 31, 2009 16:46 Re: Update fails #5 Top jonath Senior Join Date: 31.3.2009 Posts: 32 Sorry for omissions - now collected here I hope. Infected Win32/Patched/CG Started by oasi5 , Mar 18 2010 05:45 PM Page 1 of 5 1 2 3 Next » This topic is locked 69 replies to this topic #1 oasi5 Reading up on it, it appears to be some sort of program allowing spammers access.

Check that your Windows HOSTS file does not contain an entry for any AVG / Grisoft websites in it... Please follow our pre-posting process outlined here: http://www.techsupportforum.com/f50/...lp-305963.html After running through all the steps, you shall have a proper set of logs. scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'explorer.exe'(3048)c:\windows\system32\WININET.dllc:\program files\Unlocker\UnlockerHook.dllc:\windows\system32\ieframe.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\LEXBCES.EXEc:\windows\system32\LEXPPS.EXEc:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Java\jre6\bin\jqs.exec:\windows\System32\nvsvc32.exec:\windows\System32\WLTRYSVC.EXEc:\windows\System32\bcmwltry.exec:\progra~1\AVG\AVG8\avgrsx.exec:\progra~1\AVG\AVG8\avgnsx.exec:\program files\AVG\AVG8\avgcsrvx.exec:\windows\system32\wscntfy.exec:\windows\BCMSMMSG.exec:\program Quote Report Back to top Posted 3/31/2010 3:21 PM #84419 Shawn Johnson Member Date Joined Nov 2016 Total Posts: 4 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-30 00:51 . 2009-12-05

Thank you for your patience. ;) Bleepingcomputer Malware Response TeamPlease do NOT PM anyone with HJT logs, read this and post your logs here. Some of the executables in the firewall permissions list don't appear among those in the AVG 8 folder (avgam.exe, avgnsx.exe) Firewall has no provision for 'safe' Internet addresses. Using the site is easy and fun. https://forums.avg.com/us-en/avg-forums?sec=thread&act=show&id=78241 uStart Page = hxxp://www.google.com/ IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - ORPHANS

Our team, as well as our helpful visitors will assist in solving your issues. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. Thanks again!OTS log http://www.mediafire.com/?etujyayzqwiComboFix 10-03-23.03 - John Le 03/24/2010 1:00.2.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.175 [GMT -7:00]Running from: c:\documents and settings\John Le\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\John Le\Desktop\CFScript.txtAV:

Thanks for your patience.PS. Spybot resident usually on but makes no difference if switched off Previously had AVG 7.5 with no troubles at all Allowed AVG 8 Free to uninstal 7.5 March 31, 2009 Took the actions suggested by rdsok. I ran my Symantec antivirus program (twice) along with MalwareBytes and SpyBot.

Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dllmURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dllBHO: ElnkBhoGuard Class: {00000000-0000-0000-0000-000000000002} - c:\program files\embarq totalaccess\toolbar\toolbar\EScamBlk.dllBHO: &Yahoo! http://100linux.com/avg-found/avg-found-something.html Please advise if you need any additional information from me, otherwise I hope that we can eliminate this virus from my PC. The report will be called DrWeb.csv Close Dr.Web Cureit. MSIVXcount or MSIVX virus : My antivirus detected these files but cannot remove...

Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.Before we go scanning hidden autostart entries ... c:\windows\system32\dllcache\atapi.sys[7] 2010-08-15 . this content Please do not worry, that is normal.

When the scan has finished, in the menu, click file and choose save report list Save the report to your desktop. I am trying to clean up a Windows XP machine that had multiple virus infections and I have been successful in cleaning up all of the viruses except for one: Win32/Patched.CG After reboot, (in case it asks to reboot), please post the following report/log into your next reply:Combofix.txt .2) Upload files for analysisTo enable the viewing of Hidden files follow these steps:Close

can some one help me?

scanning hidden files ... I ran combofix, and here are the logs ComboFix 10-03-29.04 - My Love 03/31/2010 11:11:31.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.492 [GMT -4:00] Running from: c:\documents and settings\My Love\Desktop\ComboFix.exe The other time it actually ran for more than two hours. CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . .

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply. __________________ « Small Blue Pop Up Window Virus | Bleepingcomputer Malware Response TeamPlease do NOT PM anyone with HJT logs, read this and post your logs here. c:\windows\system32\drivers\atapi.sys[-] 2010-11-11 . 1494C60EE680E8E79A2D3E25D5FE50FF . 96512 . . [5.1.2600.2180] . . have a peek at these guys Close any open browsers.2.

scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(1320)c:\program files\SUPERAntiSpyware\SASWINLO.dllc:\windows\system32\WININET.dll- - - - - - - > 'explorer.exe'(4148)c:\windows\system32\WININET.dllc:\docume~1\OWNER~1.SEA\LOCALS~1\Temp\IadHide5.dllc:\progra~1\WINDOW~3\wmpband.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\program files\Common Files\aolshare\aolshcpy.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dllc:\docume~1\OWNER~1.SEA\LOCALS~1\Temp\catchme.dll.------------------------ Other The following will help with routing table issues... 1. you can at least get back to "now" if it doesn't work. Any ideas?

Thanks to rdsok and Anoqoq for patience and help

Go to Select AVG Forums General Information Information AVG ZEN AVG Zen Dashboard Hope to hear from you soon.