词条 | Patched (malware) |
释义 |
| Image = | Technical name = win32/Patched | Aliases =
| Family = Malware | Type = Computer virus | Subtype = Trojan | Platform = W32 | IsolationDate = 2008 }}Win32/Patched is a Computer Trojan targeting the Microsoft Windows operating system that was first detected in October 2008.[1] Files detected as "Trojan.Win32.Patched" are usually Windows components that are patched by a malicious application. The purpose of patching varies. For example, certain malware patches system components in order to disable security, such as the Windows Safe File Check feature. Other malware can add parts of its code to a system component and then patch certain functions of the original file to point to an appended code.[2] OperationThis Trojan operates through modification to legitimate systems files on an infected system.[3] Additionally, malware can add parts of its code to a system component and then patch certain functions of the original file to point to an appended code. The most frequently patched components are:
Initial Infection
SymptomsThere are no obvious symptoms that indicate the presence of this malware on an affected machine. Additionally, There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).[1] Removal And DetectionIt is not advised to delete, rename or quarantine patched Windows components because it may affect system stability. Even though Windows locks its main files while it is active, it might be still possible to affect them. If your Anti-Virus software detected a certain file as Trojan.Win32.Patched you can attempt to have it create a copy of a patched file, try to restore its contents, and then it will add a renaming command into the Windows Registry in order to replace the patched file with a cleaned one during the next Windows startup. A restoration to one of the recent System Restore points may be advisable. In many cases a patched system component will be replaced with a clean one. Before restoring a System Restore point it is advised to backup all personal data to avoid losing it when Windows rolls back to a previously saved state. Windows Installation discs contain a repair option that can replace the patched file. Another course of action includes attaching a hard drive with a patched file as slave to a similar Windows-based system, boot up and to replace a patched file with a file taken from a clean system.[2] Prevention
References1. ^1 2 {{citation|url = http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Virus%3aWin32%2fPatched.C|title = Malware Encyclopedia: Virus:Win32/Patched.C|publisher = Microsoft|date= 2008-10-22|accessdate = 2012-07-06}} {{Malware}}2. ^1 2 {{citation|url = http://www.f-secure.com/v-descs/trojan_win32_patched.shtml|title = Virus and threat descriptions: Trojan:W32/Patched|publisher = F-Secure|accessdate = 2012-07-06}} 3. ^1 {{citation|url = http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Virus%3aWin32%2fPatched.A|title = Malware Encyclopedia: Virus:Win32/Patched.A|publisher = Microsoft|date= 2009-09-30|accessdate = 2012-07-06}} 4. ^{{citation|url = http://encinocomputerrepair.com/inthefield-analysis-of-trojan-horse-patched-clyt-virus/|title = In-The-Field Analysis of "TrojanHorse:win32/Patched.c.LYT" Virus|publisher = RapidWhiz|accessdate = 2012-07-06|deadurl = yes|archiveurl = https://archive.is/20130122053830/http://encinocomputerrepair.com/inthefield-analysis-of-trojan-horse-patched-clyt-virus/|archivedate = 2013-01-22|df = }} 5. ^{{citation|url = http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FPatched.R|title = Malware Encyclopedia: Virus:Win32/Patched.R|publisher = Microsoft|date= 2010-01-16|accessdate = 2012-07-06}} 6. ^{{citation|url = http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FPatched.I|title = Malware Encyclopedia: Virus:Win32/Patched.I|publisher = Microsoft|date= 2010-01-16|accessdate = 2012-07-06}} 4 : Trojan horses|Social engineering (computer security)|Spyware|Web security exploits |
随便看 |
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。