Strange new trojan -> TR/Patched.O.2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hello all,
Please consider my problem - after recently holiday's we have a virus
(win xp sp2) here:
c:\windows\system32\advapi32.$$$

Avira Antivir detected this trojan as TR/Patched.O.2
This file can't delete, only move...

Exactly this file name is advapi32.$$$, therefore is not easy to find
any description in search systems for "advapi32.$$$"

Most antivirus software can't detect this virus, please see here:
http://work.nm.ru/tmp/advapi32-virustotal.html

And here see some info from logs:
[DETECTION] Is the Trojan horse TR/Patched.O.2
[INFO]      A backup was created as '47fb5d50.qua'  ( QUARANTINE )
[WARNING]   The file could not be deleted!

Please give some advise how fix and delete this virus,

Best regards,

Oleg

Re: Strange new trojan -> TR/Patched.O.2


| Hello all,
| Please consider my problem - after recently holiday's we have a virus
| (win xp sp2) here:
| c:\windows\system32\advapi32.$$$
|
| Avira Antivir detected this trojan as TR/Patched.O.2
| This file can't delete, only move...
|
| Exactly this file name is advapi32.$$$, therefore is not easy to find
| any description in search systems for "advapi32.$$$"
|
| Most antivirus software can't detect this virus, please see here:
| http://work.nm.ru/tmp/advapi32-virustotal.html
|
| And here see some info from logs:
| [DETECTION] Is the Trojan horse TR/Patched.O.2
| [INFO]      A backup was created as '47fb5d50.qua'  ( QUARANTINE )
| [WARNING]   The file could not be deleted!
|
| Please give some advise how fix and delete this virus,
|
| Best regards,
|
| Oleg

This could be a Trojanized EXE/DLL file.  An EXE/DLL file that has been modified
by a
Trojan.

Such as;  advapi32.dll

Was this a Heuristic detection ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Site Timeline