Results 1 to 8 of 8

Thread: HELP!

  1. #1
    5 Star Lounger petesmst's Avatar
    Join Date
    Dec 2009
    Location
    Cape Town, South Africa
    Posts
    790
    Thanks
    38
    Thanked 43 Times in 33 Posts
    I know the Lounge is not a specilist forum wrt clearing of infected PCs, but in desperation I seek the collective wisdom of you all.

    Has anybody had experience with an infection called PE_PATCHED.SME? Trend Titanium is being used as the all-inclusive protection software on the infected PC. It now continuously picks up this PE_PATCHED.SME and states that the explorer.exe file and winlogon.exe is infected, but cannot be resolved - "access denied".

    Any ideas? What will happen if flash-drives etc are used with this PC? Will they get infected? I can find no reference to this threat anywhere on the Web (including virus knowledge bases, customer support and "google", "Bing" etc. There is, however, reference to PE_PATCHED.IF and other "similar" threats, but none to the .SME variant.

    Any help as to what should be done to disinfect and get the PC running "clean" again? Edit: (Other than the obvious clean re-installation of all software after a disk format, or a full backup image restoration)
    (My Setup: Custom built: 4.00GHz Intel Core i7-6700K CPU; MSI Z170A Gaming Carbon Motherboard (Military Class III); Win 10 Pro (64 bit)-(UEFI-booted); 16GB RAM; 512GB SAMSUNG SD850 PRO SSD; 120GB SAMSUNG 840 SSD; Seagate 2TB Barracuda SATA6G HDD; 2 X GeForceGTX 1070 8GB Graphics Card (SLI); Office 2013 Prof (32-bit); MS Project 2013 (32-bit); Acronis TI 2017 Premium, Norton Internet Security, VMWare Workstation12 Pro). WD My Book 3 1TB USB External Backup Drive). Samsung 24" Curved HD Monitor.

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    Quote Originally Posted by Peter S View Post
    Has anybody had experience with an infection called PE_PATCED.SME? Trend Titanium is being used as the all-inclusive protection software on the infected PC. It now continuously picks up this PE_PATCHED.SME and states that the explorer.exe file and winlogon.exe is infected, but cannot be resolved - "access denied".
    It might help to get a second opinion -- and a second detection name. Try uploading the two .exe files (or copies of them) to http://www.virustotal.com/ and see whether other AV engines pick up the infection and provide other names.

    Quote Originally Posted by Peter S View Post
    What will happen if flash-drives etc are used with this PC? Will they get infected?
    Some USB flash drives have a switch similar to the old write-protect switch on a 3.5" floppy drive, so that you can use it without any risk of infecting the flash drive. If you want to run a program that fits on a CD, perhaps use a CD rather than a flash drive.

    Quote Originally Posted by Peter S View Post
    Any help as to what should be done to disinfect and get the PC running "clean" again? Edit: (Other than the obvious clean re-installation of all software after a disk format, or a full backup image restoration)
    You could try SFC; that's less drastic than reinstalling Windows. See Description of Windows XP and Windows Server 2003 System File Checker (Sfc.exe) for more information.

    Edit: above article updated for Windows 7: How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7.

  3. #3
    5 Star Lounger petesmst's Avatar
    Join Date
    Dec 2009
    Location
    Cape Town, South Africa
    Posts
    790
    Thanks
    38
    Thanked 43 Times in 33 Posts
    @ jscher2000: Thanks for the advice. I will get back to the Lounge after trying out your suggestions.
    (My Setup: Custom built: 4.00GHz Intel Core i7-6700K CPU; MSI Z170A Gaming Carbon Motherboard (Military Class III); Win 10 Pro (64 bit)-(UEFI-booted); 16GB RAM; 512GB SAMSUNG SD850 PRO SSD; 120GB SAMSUNG 840 SSD; Seagate 2TB Barracuda SATA6G HDD; 2 X GeForceGTX 1070 8GB Graphics Card (SLI); Office 2013 Prof (32-bit); MS Project 2013 (32-bit); Acronis TI 2017 Premium, Norton Internet Security, VMWare Workstation12 Pro). WD My Book 3 1TB USB External Backup Drive). Samsung 24" Curved HD Monitor.

  4. #4
    2 Star Lounger
    Join Date
    Jun 2010
    Location
    philippines
    Posts
    185
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Peter S View Post
    I know the Lounge is not a specilist forum wrt clearing of infected PCs, but in desperation I seek the collective wisdom of you all.

    Has anybody had experience with an infection called PE_PATCED.SME? Trend Titanium is being used as the all-inclusive protection software on the infected PC. It now continuously picks up this PE_PATCHED.SME and states that the explorer.exe file and winlogon.exe is infected, but cannot be resolved - "access denied".

    Any ideas? What will happen if flash-drives etc are used with this PC? Will they get infected? I can find no reference to this threat anywhere on the Web (including virus knowledge bases, customer support and "google", "Bing" etc. There is, however, reference to PE_PATCHED.IF and other "similar" threats, but none to the .SME variant.

    Any help as to what should be done to disinfect and get the PC running "clean" again? Edit: (Other than the obvious clean re-installation of all software after a disk format, or a full backup image restoration)
    what AV do you used? you can resolved this by doing a scan on safemode

  5. #5
    5 Star Lounger petesmst's Avatar
    Join Date
    Dec 2009
    Location
    Cape Town, South Africa
    Posts
    790
    Thanks
    38
    Thanked 43 Times in 33 Posts
    @bong tubera: As mentioned in my post, Trend Titanium is the installed securty software and yes, I scanning in safe mode has been performed. The infection is detected, but cannot be resolved "access denied". I have, as yet, been unable to find any site that knows this particular infection (Is this the first reported infection? Surely not!!). Thanks for your assistance.
    (My Setup: Custom built: 4.00GHz Intel Core i7-6700K CPU; MSI Z170A Gaming Carbon Motherboard (Military Class III); Win 10 Pro (64 bit)-(UEFI-booted); 16GB RAM; 512GB SAMSUNG SD850 PRO SSD; 120GB SAMSUNG 840 SSD; Seagate 2TB Barracuda SATA6G HDD; 2 X GeForceGTX 1070 8GB Graphics Card (SLI); Office 2013 Prof (32-bit); MS Project 2013 (32-bit); Acronis TI 2017 Premium, Norton Internet Security, VMWare Workstation12 Pro). WD My Book 3 1TB USB External Backup Drive). Samsung 24" Curved HD Monitor.

  6. #6
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Calif
    Posts
    182
    Thanks
    0
    Thanked 14 Times in 13 Posts
    Hi Peter :

    Your request for help on the Trend MIcro Community Forums has had
    a recent Reply from an employee ; I recommend you follow his advice
    at http://community.trendmicro.com/t5/H...SME/td-p/16478 .

    You do realize that Trend Titanium uses the suspect cloud-based
    approach to protection !? Did you read a "Review" of this program
    like the One at http://www.pcmag.com before putting this on your
    computer !?

    Edit : For an unknown reason, this forum will NOT allow me to Post
    the link to the PC Mag article on this product !?
    For the BEST in what counts in Life :

    http://www.ctftoronto.com

  7. #7
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    Quote Originally Posted by Robin Taylor View Post
    Edit : For an unknown reason, this forum will NOT allow me to Post
    the link to the PC Mag article on this product !?
    The board truncates pasted-in URLs at the first comma. To resolve this issue, use the link button above the compose area to create your link.

  8. #8
    5 Star Lounger petesmst's Avatar
    Join Date
    Dec 2009
    Location
    Cape Town, South Africa
    Posts
    790
    Thanks
    38
    Thanked 43 Times in 33 Posts
    Hi there guys and thanks for all the advice. The "issue" now seems to have been cleared. It involved Scanning in Safe Mode (more than once) and repairing Windows (more than once). First attempt appeared to clear up the problem, but a re-scan in Safe Mode revealed new infected Temp files. Once they had been cleared and Windows repaired, no further signs of infection were detected. So, for now, it seems all is back to normal.
    Thanks once again: I knew the Loungers would come up trumps.

    (Edit: corrected a typo)
    (My Setup: Custom built: 4.00GHz Intel Core i7-6700K CPU; MSI Z170A Gaming Carbon Motherboard (Military Class III); Win 10 Pro (64 bit)-(UEFI-booted); 16GB RAM; 512GB SAMSUNG SD850 PRO SSD; 120GB SAMSUNG 840 SSD; Seagate 2TB Barracuda SATA6G HDD; 2 X GeForceGTX 1070 8GB Graphics Card (SLI); Office 2013 Prof (32-bit); MS Project 2013 (32-bit); Acronis TI 2017 Premium, Norton Internet Security, VMWare Workstation12 Pro). WD My Book 3 1TB USB External Backup Drive). Samsung 24" Curved HD Monitor.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •