Follow:

 

Virus:Win32/Patchload.A


Virus:Win32/Patchload.A is a detection for files, typically DLL files, that are infected by a virus. When an infected file is executed it attempts to execute or load other files, which are often malicious.


What to do now

Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as Microsoft Security Essentials, or the Microsoft Safety Scanner. For more information about using antivirus software, see http://www.microsoft.com/security/antivirus/av.aspx.

Threat behavior

Virus:Win32/Patchload.A is a detection for files, typically DLL files, that are infected by a virus. When an infected file is executed it attempts to execute or load other files, which are often malicious.
 
In the wild, Windows system files such as <system folder>\dsound.dll and <system folder>\ddraw.dll have been infected and are then detected as Virus:Win32/Patchload.A.
 
Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.
 
Some of the file names it attempts to execute or load are:
 
AVF.tmp
AV13.tmp
AV17.tmp
CHIBAV19.tmp
TIXAAV1A.tmp
AIONAV82.tmp
JXSJAV12.tmp
LVZTAV14.tmp
TLBBAV15.tmp
JXS3AV16.tmp
TIXAAV1A.tmp
CHIBAV1C.tmp
 
Analysis by Francis Allan Tan Seng

Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).

Prevention


Alert level: Severe
First detected by definition: 1.71.2473.0
Latest detected by definition: 1.173.2181.0 and higher
First detected on: Jan 20, 2010
This entry was first published on: Feb 02, 2010
This entry was updated on: Apr 17, 2012

This threat is also detected as:
  • Trojan.Win32.Patched.hl (Kaspersky)
  • Win32.Patchload.A (VirusBuster)
  • TR/Patched.FF.1 (Avira)
  • Win32/Patched.EC (ESET)
  • Trojan.Patched (Ikarus)
  • W32/PatchLoad (McAfee)
  • Win32.Loader.gd (Rising AV)
  • W32/Patched-B (Sophos)
  • Virus.Win32.Patchload.a (Sunbelt Software)