Home / malware Virus:Win32/Patchload.A
First posted on 08 February 2010.
Source: SecurityHomeAliases :
Virus:Win32/Patchload.A is also known as Trojan.Win32.Patched.hl (Kaspersky), Win32.Patchload.A (VirusBuster), TR/Patched.FF.1 (Avira), Win32/Patched.EC (ESET), Trojan.Patched (Ikarus), W32/PatchLoad (McAfee), Win32.Loader.gd (Rising AV), W32/Patched-B (Sophos), Virus.Win32.Patchload.a (Sunbelt Software).
Explanation :
Virus:Win32/Patchload.A is a detection for files, typically DLL files, that are infected by a virus. When an infected file is executed it attempts to execute or load other files, which are often malicious.
Top
Virus:Win32/Patchload.A is a detection for files, typically DLL files, that are infected by a virus. When an infected file is executed it attempts to execute or load other files, which are often malicious. In the wild, Windows system files such as <system folder>\dsound.dll and <system folder>\ddraw.dll have been infected and are then detected as Virus:Win32/Patchload.A. Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32. Some of the file names it attempts to execute or load are: AVF.tmp
AV13.tmp
AV17.tmp
CHIBAV19.tmp
TIXAAV1A.tmp
AIONAV82.tmp
JXSJAV12.tmp
LVZTAV14.tmp
TLBBAV15.tmp
JXS3AV16.tmp
TIXAAV1A.tmp
CHIBAV1C.tmp
Analysis by Francis Allan Tan SengLast update 08 February 2010
