nod 32 found bug in microsoft patch

[rainslyn]

computer began closeing down I did a nod 32 full scan and it sends me this message

C:\WINDOWS\system32\WS2_32.dll Win32/PatchedEDPatched ...found in operating memory no action can be taken while the file is in memory click leave to cont and subsequently run the cleaning of all local disks system memory infection originated from...
i have tried to run the scan and it finishes that all is clean except for that. what do I do? please any help you could offer I would be very Thankful. Im still working on other lap top for xp error installation so this is the only access I have now what? Thank you, rain

 

[kjv1611]

Does it not give you any question to ask if you want to reboot to allow it to clean the infection? If not, you might need to try another scanner to take care of that for you.

Or before you even go that route, first boot into safe mode, and scan from safe mode. It may be that the file won't load in safe mode.

If safe mode scan doesn't work, then try any/one of these:

Malwarebytes Antimalware

SuperAntiSpyware

Avira Antivir

Avira Rescu CD

DrWeb LiveCD

And another option if none of that works would be to run HiJack This (HJT), and see if it gives you the option to delete that particular item, if so, ONLY delete that one, and see if it takes care of the issue.

All the above programs can be downloaded for free at

http://www.download.com...

EXCEPT for maybe one or two of the CD programs... Avira Rescue and DrWeb LiveCD... I think the DrWeb one is on download.com, I'm not sure about Avira LiveCD. If you have trouble getting any of them downloaded/installed/run, let us know, and we'll help where we can.

--

"If to err is human, then I must be some kind of human!" -Me

 

[rainslyn]

Thank you, I went into safe mode and ran the nod32 it was able to clean and or delete almost everything that it found,, with one odd exception. most were in the system restore so i turned off the system restore and booted and turned it back on to get all possible restore points off. but in windows files this one comes up and with some adjusting to the set up it detects it, unable to clean so quarantines and deletes after the reboot. i rescan just that file and its there again i do the same thing and it stores the copies to quarantine i am now up to 5 what is happening here? However, first please accept my thanks for such a quick and helpful reply. since using nod32 i am just never seen anything in the way of infection it sees problems way before they get in. I could see a rapid take over and if you hadn't been so great It would have been a train wreck. You are the best!

C:\WINDOWS\system32\WS2_32.dll Win32/PatchedEDPatched ** This one I seem to be deleting over and over with success? or is this a false alarm?

 

[smah]

Just out of curiosity, what makes you think that this is a Microsoft patch? This is a trojan that has nothing to do with MS. Removal instructions are easily findable with google and usually involve using the smitfraudfix utility. For example

http://www.spyware-techie.com/trojanwin32patched-removal-guide/

 

[rainslyn]

Look, please don't get me wrong I apologise if i offended you, and i in fact did not mean it was put in by them. However, not long ago i spent a great deal of time hand picking out worms sent in my Microsoft updates and so i am very careful thus. ..my nod32/ I just know its in the widows file at the moment. or many were. that doesn't mean i am accusing it means i am upset and express perhaps badly. I am sure for you it would be easily understood. Question...Is bill gates your brother? It appears to me you are far more defensive to this then might the casual observer.

 

[guitarzan]

Is bill gates your brother? It appears to me you are far more defensive to this then might the casual observer

OK, you're given accurate advice, in a polite manner, and your response that smah is being defensive??? Well then, you're gonna love this...

Your worms did not come from Microsoft. And I should know, I'm Bill Gates brother.

 

[rainslyn]

I nearly lost material that were the last connection of someone i loved very much and died not a year ago. So I do admit as stated that i was anxious but please tell me where in my post Is a personal statement or an opinion of my own? any reference to Windows or Microsoft were direct copy from alerts and scans. I copied them here to be sure I gave you only exactly information of what i was seeing in the scan and alerts. As for polite and helpful, the first reply was just that professional and objective. I as you can see told that person how great a job they did and how grateful I was. The repay you defend, I took to two different people to see if they felt the same as I, it was someone who spoke down to me in a way that was very demeaning. I made that statement about bill gates in a tongue in cheek way show him, It felt like a very personal attack. I hope maybe in the future you may see people like myself, as just anxious. All behavior has meaning, I will try to understand why you both feel I am in need of a public thrash. Please do continue to do the good work you are so well known for. Maybe just keep in mind the questions have real people behind them who do not have your gift of this technology. Maybe some are about to loose so much more then mere hardware. I did not say that this sent to me by Microsoft, i merely copied to you the alerts and scan reports. objective information.
Thank you, rain

 

[guitarzan]

I did not say that this sent to me by Microsoft

Yes you did. Specifically, you said you were "hand picking out worms sent in my Microsoft updates".

i merely copied to you the alerts and scan reports. objective information.

No you didn't. At least, not that demonstrates that there is any relation to your infection and Microsoft updates.

The point I was driving home was that the "worm" did not come from Microsoft. I'm not concerned that Microsoft's name is being smeared, and I'm not defending Microsoft. But if believe that MS sent you an infected update, you will likely not apply future critical updates, leaving your important data at a greater risk. Believe what you are comfortable with.

If you have important data, your first step should be to back that data up. If you can run scans, then you can back up your information

And by the way, my comments were tongue-in-cheek, just like yours. Sorry that you took offense. But "thrashed", "demeaned", and "attacked"? Come on.

 

[smah]

Just because a virus or worm is in the folder named Windows does not mean that it came from Microsoft or that it has anything to do with Microsoft. I am not offended and was in no way being defensive; I was simply correcting what might be misunderstood by some of the other billions of internet users that might some day come across this discussion. In any event, the link that I've already posted should help you to remove it.

 

[kjv1611]

So, guitarzan, what's it like being a billionaire's brother? I didn't even know he had any siblings.

;p

Hint: yes, this is just a joke question, I caught the tongue in cheek part.

--

"If to err is human, then I must be some kind of human!" -Me

 

[edfair]

If you find the file on the system again after a previous removal it is an indication that you scanner is overlooking the sentinel file, the original source of the problem.
Time to try another scanner, as kjv1611 suggested in an earlier post in the thread.

Sometimes, when infected, you can watch a taskmanager window and see the sentinel added stuff back in after you delete it.

Ed Fair
Give the wrong symptoms, get the wrong solutions.