Results 1 to 10 of 10

Thread: how to remove services.exe virus - trojan.win32.patched.aa

  1. #1
    shape Guest

    Default how to remove services.exe virus - trojan.win32.patched.aa

    firstly, i scanned a downloaded file w/ the latest Zone Alarm and it came up saying it was clean. after launching the file, i get all these trojans popping up in ZA and all these security/internet access warnings coming up one after another. i keep selecting 'apply' to take action on this virus (trojan.win32.patched.aa) in windows/system32/services.exe and it says 'delete after reboot' so i apply again and again, i reboot and then the same routine continues. this is a nightmare! i cant even use my PC now and all my apps are fried and keep giving me errors, on top of constant invisible ads playing audio in the background. how can i remove this virus? ZA is not able to. if it would have caught it when i scanned the file before launching, none of this would have happened.

    any help would be appreciated.

    Last edited by shape; October 2nd, 2009 at 12:26 AM. Reason: typo

  2. #2
    Join Date
    Nov 2004

    Default Re: how to remove services.exe virus - trojan.win32.patched.aa

    please follow ALL steps as detailed here.


    Click here for ZA Support
    Monday-Saturday 24x6 Pacific time
    Closed Sundays and Holidays

  3. #3
    shape Guest

    Default Re: how to remove services.exe virus - trojan.win32.patched.aa

    hi, thanks a lot for the help. i had no luck with ZA in safe mode. it kept labeling it as delete on reboot but then it would reappear again after rebooting. MBAM + superspyware cleaned out everything and said i was totally clean after finding a lot of stuff & then quarantining them. but then a-squared is labeling seemingly half the exe files on my machine as viruses & trojans!! is this accurate if the other 2 apps + ZA say i'm 100% clean? if i quarantine all these files, then no apps will ever launch again.

  4. #4
    shape Guest

    Default Re: how to remove services.exe virus - trojan.win32.patched.aa

    unbelievable. A2 was not able to connect to the server to update (said to check network/proxy) so i thought not having an updated version was probably the issue with all the false positives. i cancelled, then rebooted and now my PC (win XP sp 3) will not boot up. i just get the green screen and nothing shows up. yet i can bring up the task manager but cant do anything from there. is this maybe a conflict between having several anti-virus apps at the same time? i've just spent about 70 hrs straight (except for a little sleep in between) trying to get my system up and running due to an unfathomable amount of issues. i finally get everything installed and working flawlessly and after installing A2 i cant bootup. i dont even know what to do now this is so messed up. i've never experienced this before. my ext backup drive just died half a day before getting the virus attack. insane.

  5. #5
    naivemelody Guest

    Default Re: how to remove services.exe virus - trojan.win32.patched.aa

    A-Squared comes with anti-virus and can conflict with your ZA Suite av( you should post back complete info about your OS, XP SP 2 or 3/ Vista SP 1 or 2 ; ZA firewall - ZA Suite, ZA Extreme, etc. and it's version number)
    __________________________________________________ _____
    My personal opinion on A-Squared - prone to false positives; my suggestion - un-install it. Keep Malwarebytes and SuperAnti-spyware for now - both the free version -only.
    __________________________________________________ ____
    NaiveMelody NYC - 10-3-09 - I Will Survive - Gloria Gaynor

  6. #6
    shape Guest

    Default Re: how to remove services.exe virus - trojan.win32.patched.aa

    hey, thanks for the reply. actually, i did state above for OS i'm using Win XP SP 3. for ZA, it's the Suite v9 but i actually turned this off before i ran the other virus apps and b/c of some other problems i thought might be related (i unplugged my PC from the internet though while ZA was off).

    hmm, so i guess all those viruses are false positives. A2 found over 130 just in the windows -> system32 folder (dll's and exe's). the other 3 apps found none, all w/ the latest virus defs.

    so i should just keep the free versions of those 2 apps? any specific reason for that vs the full versions?

    also, any suggestions on how to access my drive since i cant load my desktop? if i could just uninstall A2 it should be fine. everything seemed perfect before i installed it.

    Last edited by shape; October 4th, 2009 at 12:07 AM. Reason: typo

  7. #7
    naivemelody Guest

    Default Re: how to remove services.exe virus - trojan.win32.patched.aa

    Of the 2 apps, I've read some past 'small' test reviews - from the likes pcmag/ pcworld types - that claim the additional 'real-time' protection/ paid versions was "negligible" and - it has the potential for conflicts with ZA real time protection/ layers of security features. The free versions work fine and don't ask for more RAM - if you have XP with a Suite that can be critical.
    I've had A-Squared Free before ( before it had av) and it had the most false positives of all security software - rid it.
    __________________________________________________ ______
    Oh, back to your malware - you may need to shut off 'pc restore' - malware can survive and come back there - need to 'temporarily' shut off 'restore' while your actually running your clean up scanners. Turn back on after you are clean.
    __________________________________________________ _______
    Another odd thing you can try... look at Kaspersky forum and see if there are similar postings (ZA av is Kaspersky av) > see how it is handled.

    __________________________________________________ ____

    That's about as far as I have for now.
    (sorry I missed/ forgot your pc info.)
    NaiveMelody NYC - 10-4-09 - Don't Look Back - Boston
    Last edited by naivemelody; October 4th, 2009 at 01:00 AM.

  8. #8
    shape Guest

    Default Re: how to remove services.exe virus - trojan.win32.patched.aa

    ok, i see - thanks for clarifying. i was checking out ZA trial and also wanted to check out Comodo and Online Armor. from most things i've read, people prefer Comodo, and then OA behind that. anything about ZA that really stands out? is it better/simpler for people who arent firewall experts? i'm a pretty advanced mac user but with PCs i'm not great, so on a mac i never had to deal with viruses and the built-in OSX firewall works fine.

    the other thing is, what if i just used MBAM & superspyware pro paid versions along with ZA firewall (not the suite)? is there anything in the AV engine that would be more beneficial than the other 2 apps?

    anyway, after removing A2 i still got the green screen. i went back ran some utiities in safe mode, and did a windows Chkdsk on bootup and then it was able to load the system in normal mode. i keep getting this windows error now though: Data Execution Prevention: To help protect your computer windows has closed this program: Image Mastering API (Microsoft Corp.). well, whatever happened with A2 install, it corrupted something. i found this here but have no idea what i should do - i'm not finding any malware so maybe i should just disable it for this IMAPI app?
    Last edited by shape; October 4th, 2009 at 01:43 PM.

  9. #9
    naivemelody Guest

    Lightbulb Re: how to remove services.exe virus - trojan.win32.patched.aa

    Big question - do you have an Acer pc??
    __________________________________________________ ____
    ZA Suite - good things: uses Kapersky av = will usually be a top performer in standardized av testing organizations, Kaspersky will usually have a 'faster' detection of 'new unknowns/ PUP - potentially unwanted programs/ zero-day malware' and deliver signatures faster than most other av companies.

    It is usually said the anti-virus is the primary security engine - as it detects malware better and faster than standard/ basic anti-spyware. So having a good anti-virus should be a key factor in pc security.

    In ZA product line - they have a nice software called ForceField - as a stand-alone - that can be used in conjunction with any security software(other brands, too) - uses virtual/ sandboxie technology to further protect users 'beyond' the standard signature based scanners we all have (for which malware writers -try to bypass). ZoneAlarm Extreme is a 'suite' that integrates ForceField features and is their top-of-the line item. Look into ForceField/ ZA Extreme info in ZA website.
    __________________________________________________ ______
    NaiveMelody NYC - 10-4-09 - Makin' It - David Naughton

  10. #10
    shape Guest

    Default Re: how to remove services.exe virus - trojan.win32.patched.aa

    no, i have a Dell Dimension E521 Athalon.

    ok, thanks for the AV info. i'll check that out.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts