请输入您要查询的百科知识:

 

词条 Patched (malware)
释义

  1. Operation

      Initial Infection  

  2. Symptoms

  3. Removal And Detection

  4. Prevention

  5. References

{{Infobox computer virus
| Image =
| Technical name = win32/Patched
| Aliases =
  • W32/Patched.
  • Win32.Patched.
  • Virus:Win32/Patched.
  • Trojan:WinNT/Patched.

| Family = Malware
| Type = Computer virus
| Subtype = Trojan
| Platform = W32
| IsolationDate = 2008
}}Win32/Patched is a Computer Trojan targeting the Microsoft Windows operating system that was first detected in October 2008.[1] Files detected as "Trojan.Win32.Patched" are usually Windows components that are patched by a malicious application. The purpose of patching varies. For example, certain malware patches system components in order to disable security, such as the Windows Safe File Check feature. Other malware can add parts of its code to a system component and then patch certain functions of the original file to point to an appended code.[2]

Operation

This Trojan operates through modification to legitimate systems files on an infected system.[3] Additionally, malware can add parts of its code to a system component and then patch certain functions of the original file to point to an appended code. The most frequently patched components are:

  • winlogon.exe
  • wininet.dll
  • kernel32.dll
  • iexplore.exe
  • services.exe.[2][4]

Initial Infection

  • Variant R replace the original legitimate system file "sfc.dll" with a patched version. The original "sfc.dll" may have been placed by malware into another location within the same computer. Trojan:Win32/Patched.R is capable of loading other files. It may be installed by other malware.[5]
  • Variant I represent malicious, and packed, Win32 programs. Many malicious programs are packed with particular utilities in an attempt to avoid detection.[6]
  • Variant C defines corrupted DLL files that are modified to load an additional DLL. This variant may also attack and corrupt the services.exe executable[1]
  • Variant A can modify a legitimate DLL file on an infected system.[3]

Symptoms

There are no obvious symptoms that indicate the presence of this malware on an affected machine. Additionally, There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).[1]

Removal And Detection

It is not advised to delete, rename or quarantine patched Windows components because it may affect system stability. Even though Windows locks its main files while it is active, it might be still possible to affect them.

If your Anti-Virus software detected a certain file as Trojan.Win32.Patched you can attempt to have it create a copy of a patched file, try to restore its contents, and then it will add a renaming command into the Windows Registry in order to replace the patched file with a cleaned one during the next Windows startup.

A restoration to one of the recent System Restore points may be advisable. In many cases a patched system component will be replaced with a clean one. Before restoring a System Restore point it is advised to backup all personal data to avoid losing it when Windows rolls back to a previously saved state.

Windows Installation discs contain a repair option that can replace the patched file.

Another course of action includes attaching a hard drive with a patched file as slave to a similar Windows-based system, boot up and to replace a patched file with a file taken from a clean system.[2]

Prevention

  • Enable a firewall on your computer.
  • Get the latest computer updates for all your installed software.
  • Use up-to-date antivirus software.
  • Use caution when opening attachments and accepting file transfers.
  • Use caution when clicking on links to web pages.
  • Protect yourself against social engineering attacks.

References

1. ^{{citation|url = http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Virus%3aWin32%2fPatched.C|title = Malware Encyclopedia: Virus:Win32/Patched.C|publisher = Microsoft|date= 2008-10-22|accessdate = 2012-07-06}}
2. ^{{citation|url = http://www.f-secure.com/v-descs/trojan_win32_patched.shtml|title = Virus and threat descriptions: Trojan:W32/Patched|publisher = F-Secure|accessdate = 2012-07-06}}
3. ^{{citation|url = http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Virus%3aWin32%2fPatched.A|title = Malware Encyclopedia: Virus:Win32/Patched.A|publisher = Microsoft|date= 2009-09-30|accessdate = 2012-07-06}}
4. ^{{citation|url = http://encinocomputerrepair.com/inthefield-analysis-of-trojan-horse-patched-clyt-virus/|title = In-The-Field Analysis of "TrojanHorse:win32/Patched.c.LYT" Virus|publisher = RapidWhiz|accessdate = 2012-07-06|deadurl = yes|archiveurl = https://archive.is/20130122053830/http://encinocomputerrepair.com/inthefield-analysis-of-trojan-horse-patched-clyt-virus/|archivedate = 2013-01-22|df = }}
5. ^{{citation|url = http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FPatched.R|title = Malware Encyclopedia: Virus:Win32/Patched.R|publisher = Microsoft|date= 2010-01-16|accessdate = 2012-07-06}}
6. ^{{citation|url = http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FPatched.I|title = Malware Encyclopedia: Virus:Win32/Patched.I|publisher = Microsoft|date= 2010-01-16|accessdate = 2012-07-06}}
{{Malware}}

4 : Trojan horses|Social engineering (computer security)|Spyware|Web security exploits
随便看

 

开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。

 

Copyright © 2023 OENC.NET All Rights Reserved
京ICP备2021023879号 更新时间:2024/9/24 6:21:09