im infected! need to block .exe files! ANY IDEAS?

im infected with the 'Pate.B' virus. ive installed numerous applications found @ http://www.wilders.org - but heh, im NOT able to get rid of the DAMN frustrating Pate.B virus!! that Pate.B virus brings me .exe files such as 'scguard.exe' and 'servicetask.exe' files and it just keep coming and coming back even if i delete those .exe files in Safe Mode!!

HOW DO I PREVENT THE Pate.B VIRUS, THE 'scguard.exe' AND 'servicetask.exe' FILES TO GET INTO MY COMPUTER?! WHAT applications should i install??

as of now; i have these applications installed on my computer, without ANY luck (well, they remove the viruses for a while, and then it comes back after a reboot or two *sighs*):

- Ad-Aware SE
- AntiVirusKit 2005 Pro English
- CookieJar
- HiJackThis
- IE-Spyad
- ProcessGuard
- Spybot - S&D
- SpywareBlaster
- SpywareGuard
- Stinger.exe (McAfee)
- Wormguard

now, HOW do i manage to make my system work properly again, huh?

and do i seriously need ALL those applications installed?! if not, then what could i "leave out"??

ANY help would be GREEEATLY appriciated!

sidenote: ive constantly been trying to make this to work since NOVEMBER! i sure hope SOMEONE can help me! this is starting to slowly frustrate me... though i am calm... still. -_-

oh, and this post is about the same as in "castlecops", since they werent able to help...

 

Hi Elgy welcome to Wilders.

From what I have just read you should be able to remove Pate.B by following the comprehensive steps found in General Cleaning.

If these steps do not resolve your situation, you will need to download and run “Hijack This” found here and post your log at one of the forums found at A-SAP. The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

The steps mentioned in General Cleaning use software that ought to be part of your security, as an absolute minimum.

Once your system is clean, you may want to take a look here for further discussion on security and how to make your system that much stronger and here for more.

This is what works really well for me, very simple to use and maintain.

Hope this helps...

Let us know how you go.

Cheers

 

Hi, this is a very bad virus/worm; it infects the memory an every PE & SCR file on your PC.

If you have had it for a while, I definitely recommend a full reinstall. If only new try an follow the instructions HERE .


As far as I know this virus can not be removed by any scanner if it has been on the system for awhile.


Please post back a let us know how things work out.

 

Hmm... So if I am infected with that "Pate.B" virus, I should reinstall my whole system?! Oh well... thanks for the help anyways...

I've got another issue...

HOW do I block/prevent ads like the one in spy01.jpg file to popup when I enter a particular site? I do have Google Toolbar installed, but apparently that doesn't seem to be helpful either. How do I block this? Any ideas?

Another thing...

When I run 'Spybot - S&D', it manages to locate a couple of ads/spyware/whatsoever (as shown in spybot01.jpg), but when I select them for deletion and start the process, only that "DSO Exploit" gets "fixed" (although it keeps coming back for some reason... probably a Spybot bug or something) while the rest of the ads stay there! (as shown in spybot02.jpg). HOW do I delete these and HOW do I _block_/avoid these ads to get on my computer again? What sort of applications do I need to prevent that? (see my HJT logfile for a list of SOME of my running AV applications!)

Note: Rebooting when Spybot asks me that question doesn't work. It doesn't run Spybot - S&D when I reboot, which means that those ads will stay there!

ANY help would be greatly appriciated!

Oh... and as for the HJT log, here's my new HJT logfile:



Removed HJT log again. Please do NOT post another one. See my reply below - snap



Did that give you any ideas, or?

Thanks for bothering to help me and thanks for welcoming me to the forums.

 

Hi elgy,

I'm afraid we no longer provide the HijackThis log analysis service here at Wilders. Please see this announcement post regarding this change:

https://www.wilderssecurity.com/showthread.php?t=42148

You mentioned you had posted a log at CastleCops (ComputerCops), do you have a link to that thread?

You also mentioned they were unable to help you. Can you give us more information about that?

Regards,

snap

PS - if another unsolicited HJT log is posted, I will lock this thread.

 

From what I'm seeing it doesn't sound quite so catastrophic. Pate.B is also known as Parite.B. It is listed anywhere from a mild to medium threat. I don't know why anyone would give you the advice that it can't be removed when there are removal tools.

Panda has such a tool.

http://www.pandasoftware.com/virus_...view.aspx?lst=sol&idvirus=18181#ELIMINARPANDA

http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=18181&sind=0

 

Hi elgy,

Sweetie(*)(*)'s advice is on target. Removing the infection is one thing, but undoing the damage that remains is another. From W32/Pate.b:

"This is an encrypted parasitic file-infecting virus and network aware worm. It appends PE EXE and SCR files in the Windows directory and subdirectories on the local system, as well as on any accessible network share. The virus creates an additional PE section with a random 3 letter section header followed by the character "•".

The virus creates the following Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Explorer\PINF

The virus does not store the original file size, and hence cleaning of this virus will not leave the original executables at their original size. In the majority of cases this will not cause an issue as the growth in file size is non-infectious "garbage" data at the end of the file. Certain applications which undertake a self-check will not run after cleaning and should be deleted and restored from backup.

Additionally the virus may mis-infect files with an incomplete virus body and leave the executable non-functioning. These damaged samples are detected as W32/Pate.b.dam, cannot be repaired, and should be deleted and restored from backup."

I suppose running SFC might restore your system files. Having a slipstreamed OS CD handy will make that easier. Reinstalling third-party apps might be a problem depending on how many you have.

Nick

 

She said it can't be removed. It can. You might have to delete infected files and reinstall that software but it can be removed from Explorer.exe.