Virus Removal – Win32/Patched.FM and Win32/Patched.FL

Having been given a neighbours laptop that has been attacked by viruses, I found that the main issue was a Win32/Patched.FM and Win32/Patched.FL which had infected explorer.exe and winlogon.exe.

The issue with these viruses is that they “patch” Windows files to include themselves. This means critical system files like explorer.exe are infected, making removal more difficult.

After some thinking through, I ran AVG in Windows Safe mode. This however deleted infected files, and left the system unable to boot. I considered options to place the missing files back, but in the end used the AVG Rescue Disk to replace the files from the Virus Vault (still infected), to give access to Windows back, and used a very good, and free, rootkit infection remover called Combofix to remove the issue. Combofix is available from, and removes critical files, replacing them from ServicePack backups, and hence leaving the system operable.

Hope this helps others with these and other critical system infections.


I'm passionate about technology, and particularly helping people make the most of it. I've spent the last 30 years helping others make the most of technology. My career started in IBM, but I choose to move into smaller business environments, to use a breadth of skills, and help businesses step change their IT services. My skills range from user based technology, through business systems (applications) to infrastructure. I also have a long background in IT security. I focus on what I consider to be "productive technology", i.e. adding genuine value to peoples lives. I'm not a big gamer, and don't hold much interest in what I consider to be disposable consumer technologies. During the day, you'll find me consulting with businesses or heading up an IT department. At the weekend, you'll find me sat at my Linux PC, writing PHP or Python code, or trying to help others on Twitter, this blog, or my YouTube channel: Artexic.