February 1, 2014 02:46 Win32/Patched Virus #239681
Reply with Quote | Quick Reply | Top
garensmith

Avatar

Novice
Join Date: 30.7.2009
Posts: 11
Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
AVG Version: 10.0.1432
Virus Database version: 3684/6550

I am getting Threat detected!

File name: c:\Windows\System32\rpcss.dll

Threat Name: virus found Win32/Patched
detected on open

Ignore
The identified file will remain in its current location on your disk. To ensure you are protected, Resident Shield will not allow you to access files that are infected.


This window pops up every minute. What do I do about it?

February 1, 2014 12:10 Re: Win32/Patched Virus #239690
Reply with Quote | Quick Reply | Top
BIG AL 43

Avatar

Moderator
Join Date: 19.6.2014
Posts: 0
@ garensmith

In order for the AVG Team to analyze your issue please provide more information (AVG scan result export, Msinfo output, GMER scan result).


AVG Forums Volunteer ModeratorAVG Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063
Alan
How-To Articles | FAQ | Free Support
February 2, 2014 04:44 Re: Win32/Patched Virus #239718
Reply with Quote | Quick Reply | Top
garensmith

Avatar

Novice
Join Date: 30.7.2009
Posts: 11
Big Al,

Here are the AVG scan results and the msinfo. I will have to try the GMER scan again. Is it supposed to take over 7 hours and have a giant list or is my computer really, really corrupted? I had to stop it after 7 hours as I had to take my laptop home from my moms. Is this looking for rootkits? At this point this is just a scan and not removing anything, right? If it removed everything on the list, I wouldn't have an operating system left.

I don't know if I am sending these results right. Let me know if they don't come through and how to get them to you if they don't get through.
February 2, 2014 04:54 Re: Win32/Patched Virus #239719
Reply with Quote | Quick Reply | Top
garensmith

Avatar

Novice
Join Date: 30.7.2009
Posts: 11
I didn't see my scan results come with my last post. They showed in the preview. I will try again. I put the scan results in with the attach file link.

February 6, 2014 01:01 Re: Win32/Patched Virus #239856
Reply with Quote | Quick Reply | Top
garensmith

Avatar

Novice
Join Date: 30.7.2009
Posts: 11
I have not been successful in completing the Gmer scan. The first time after 7 hours I had to close up my computer to come home from my moms. The next 2 nights after 5 hours or so I would find a blue circle rotating for the pointer and the scan would be halted. I did rename the file tools.exe. And of course the resident shield alert of threat detected would be present numerous times. So I decided to try the older version of Gmer. I also renamed that file. I tried that 2 times and both times that scan wouldn't last more than 15 min and I would get the blue screen of problem has been detected and windows will be shut down to protect your computer. The screen was full of writing which I didn't even have time to read let alone copy down, but it didn't sound good. It sounded like I might be doing harm to my computer.

In safe mood I got this on the blue screen warning: Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.768.11
Locale ID: 1033

Additional information about the problem:
BCCode: 50
BCP1: B2A00000
BCP2: 00000000
BCP3: B1698B91
BCP4: 00000002
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\020414-20826-01.dmp
C:\Users\Karen\AppData\Local\Temp\WER-56690-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

So I have aborted using the older version. I have tried 2 more times to run the Gmer scan during the night and once I found the scan stopped with the blue rotating circle and this morning a black screen with the blue rotating circle.

The scan is the only thing that freezes. I can use the computer otherwise. Any suggestions on how I might get this scan to finish?

Can you help me with my problem without having this scan? I get the resident shield alert continually.
February 12, 2014 12:11 Re: Win32/Patched Virus #240089
Reply with Quote | Quick Reply | Top
Pokornyz

Avatar

Administrator
Join Date: 29.11.2010
Posts: 8245
Hello garensmith,

Please use AVG Rescue CD and restore your MBR as described here (refer to Offline mode using AVG Rescue CD). Then, scan the system using AVG Rescue CD and remove detected threats.

Should the detection be still present after restart, please provide us with new GMER anti-rootkit scan result and new AVG full computer scan result export. Also, please provide us with a screenshot of your partition table listing as follows:
1. Run the AVG Rescue CD.
2. Switch to the linux terminal by the left ALT + F2 key combination.
3. Login as the root user.
4. Execute the fdisk -l command.
5. Take a picture of your screen and attach it to your reply.
6. Use the left ALT + F1 key combination to switch back to the AVG Rescue CD menu.

Thank you.



AVG Team
How-To articles | FAQ | Free Support