F-Secure Malware Information Pages: Trojan.Win32.Patched

Main Index

Security Guide

F-Secure World Map

Security Alerts

Virus Statistics

Malware Removal Tools

Malware Code Glossary

Submit Malware Sample

Select local site

Main Index » Security Centre » Descriptions

F-Secure Malware Information Pages: Trojan.Win32.Patched

[Summary] \| [Disinfection]
Name :	Trojan.Win32.Patched
Alias:	Trojan:W32/Patched
Type:	Trojan
Category:	Malware
Platform:	W32

Radar

Summary

Files detected as "Trojan.Win32.Patched" are usually Windows components that are patched by a malicious application. The purpose of patching varies. For example, certain malware patches system components in order to disable security, such as the Windows Safe File Check feature. Other malware can add parts of its code to a system component and then patch certain functions of the original file to point to an appended code. The most frequently patched components are:

winlogon.exe
wininet.dll
kernel32.dll
iexplore.exe

Back to the Top

Disinfection

It is not advised to delete, rename or quarantine patched Windows components because it may affect system stability. Even though Windows locks its main files while it is active, it might be still possible to affect them.

If your F-Secure Anti-Virus detected a certain file as Trojan.Win32.Patched, please first try to select the "Disinfect" action. In this case, F-Secure Anti-Virus will create a copy of a patched file, try to restore its contents, and then it will add a renaming command into the Windows Registry in order to replace the patched file with a cleaned one during the next Windows startup.

In case the approach described above fails, try to restore one of the recent System Restore points. In many cases a patched system component will be replaced with a clean one. Before restoring a System Restore point it is advised to backup all personal data to avoid loosing it when Windows rolls back to a previously saved state.

Windows Installation discs contain a repair option. Boot from the CD and select the option to repair. Again, it is advised to backup your personal data.

If nothing helps to clean an patched system component, the last resort is to attach a hard drive with a patched file as slave to a similar Windows-based system, boot up and to replace a patched file with a file taken from a clean system. Note that a file used for replacement must be the same version as a patched file! This operation should be done by an experienced computer technician only.

Back to the Top

F-Secure Corporation

Last Modified: February 20, 2007