Virus Removal – Win32/Patched.FM and Win32/Patched.FLLast updated on March 13th, 2021
Having been given a neighbours laptop that has been attacked by viruses, I found that the main issue was a Win32/Patched.FM and Win32/Patched.FL which had infected explorer.exe and winlogon.exe.
The issue with these viruses is that they “patch” Windows files to include themselves. This means critical system files like explorer.exe are infected, making removal more difficult.
After some thinking through, I ran AVG in Windows Safe mode. This however deleted infected files, and left the system unable to boot. I considered options to place the missing files back, but in the end used the AVG Rescue Disk to replace the files from the Virus Vault (still infected), to give access to Windows back, and used a very good, and free, rootkit infection remover called Combofix to remove the issue. Combofix is available from bleepingcomputer.com, and removes critical files, replacing them from ServicePack backups, and hence leaving the system operable.
Hope this helps others with these and other critical system infections.