Strange new trojan -> TR/Patched.O.2

  • Thread starter Thread starter Oleg
  • Start date Start date
O

Oleg

Hello all,
Please consider my problem - after recently holiday's we have a virus
(win xp sp2) here:
c:\windows\system32\advapi32.$$$

Avira Antivir detected this trojan as TR/Patched.O.2
This file can't delete, only move...

Exactly this file name is advapi32.$$$, therefore is not easy to find
any description in search systems for "advapi32.$$$"

Most antivirus software can't detect this virus, please see here:
http://work.nm.ru/tmp/advapi32-virustotal.html

And here see some info from logs:
[DETECTION] Is the Trojan horse TR/Patched.O.2
[INFO] A backup was created as '47fb5d50.qua' ( QUARANTINE )
[WARNING] The file could not be deleted!

Please give some advise how fix and delete this virus,

Best regards,

Oleg
 
From: "Oleg" <[email protected]>

| Hello all,
| Please consider my problem - after recently holiday's we have a virus
| (win xp sp2) here:
| c:\windows\system32\advapi32.$$$
|
| Avira Antivir detected this trojan as TR/Patched.O.2
| This file can't delete, only move...
|
| Exactly this file name is advapi32.$$$, therefore is not easy to find
| any description in search systems for "advapi32.$$$"
|
| Most antivirus software can't detect this virus, please see here:
| http://work.nm.ru/tmp/advapi32-virustotal.html
|
| And here see some info from logs:
| [DETECTION] Is the Trojan horse TR/Patched.O.2
| [INFO] A backup was created as '47fb5d50.qua' ( QUARANTINE )
| [WARNING] The file could not be deleted!
|
| Please give some advise how fix and delete this virus,
|
| Best regards,
|
| Oleg

This could be a Trojanized EXE/DLL file. An EXE/DLL file that has been modified by a
Trojan.

Such as; advapi32.dll

Was this a Heuristic detection ?
 
Back
Top