07-19-2012 06:35 AM
My boss brought me his laptop and told me it has a virus. We use Symantec Endpoint Protection. I logged into the system and did a full scan. All but one issue got fixed.
The C:\windows\system32\services.exe is infected with trojan.patchep!sys. I'm new to this post/forum and don't know what to do next. Please advise as soon as you can.
Solved! Go to Solution.
07-19-2012 09:03 AM
Welcome to the Norton Community
Please don't do anything further while waiting for Quads who is our volunteer expert malware removal person. As you can see he is helping many others. He will want to know most likely what operating system and if it is 32 bit or 64 bit. He will probably ask you if you have a flash drive. If you give him these answers, it will help him to get a start with you. He is most likely in a different time zone than you are in, so there may be a little wait for him to respond also. Please don't try and do what he has recommended to others to do as each case is different. Thanks.
Success always occurs in private and failure in full view.
07-19-2012 06:45 PM
ANY other user other than the thread starter is not to use any instructions, scripts or proceedures, The work though in cleaning a system is individual and only for that system due to a number of factors.
Please do not run any tools unless instructed to do so.
4. Cleanup (including system as a whole)
Please read every post completely before doing anything.
Read Slowly and all of it.
Please download http://www.bleepingcomputer.com/download/farbar-re
Transfer it on to the Flash Drive / portable Hard Drive.
Enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
On the System Recovery Options menu you will get the following options:
Windows Complete PC Restore
Windows Memory Diagnostic Tool
07-20-2012 01:12 AM
Download the script attached, needs to be the same file name as well (fixlist.txt), Copy across to flash drive
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Now please enter System Recovery Options again. Like previously
07-20-2012 06:34 PM
Please read carefully Read all of this message first
Download Combofix http://www.bleepingcomputer.com/download/anti-viru
Right click the combofix.exe on the desktop and select from the menu "Run as Administrator"
****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.