Avast WEBforum

Other => Viruses and worms => Topic started by: rdraper9 on January 30, 2009, 11:48:27 PM

Title: Win32SysPatch
Post by: rdraper9 on January 30, 2009, 11:48:27 PM

Summary
Type Virus/Worm
Aliases Backdoor.Zapinit, Win32/Pruserinf, Trojan.Win32.Patched.bb, Trojan.Win32.Patched.dr, Win32/Pinit
Platform Windows
Known locations %WINDIR%\system32

Description
Win32:SysPatch injects the user32.dll file with its own data and forces it to load malicious DLLs. These DLLs are intended to collect network traffic data and are able to control locally running processes from a remote machine and to download/send data through an open backdoor.

Detection/Removal
avast! with VPS file 081222-0 or later is able to detect this family of malware. For the removal instructions please visit our forums.

CANNOT move or repair.  Sometimes when I am running application they just disappear.  What can I do to get rid of this problem?

Title: Re: Win32SysPatch
Post by: micky77 on January 31, 2009, 12:04:38 AM

You could try Drweb cureit tool.Have a look at the link,some claim the tool removed the threat.I think, you need to scan in safe mode.

http://forum.avast.com/index.php?topic=41227.0 (http://forum.avast.com/index.php?topic=41227.0)

http://www.freedrweb.com/ (http://www.freedrweb.com/)

Title: Re: Win32SysPatch
Post by: rdraper9 on February 02, 2009, 05:55:32 PM

Thanks - I did run drwebb - and it did find and cure the problem. 

Title: Re: Win32SysPatch
Post by: DavidR on February 02, 2009, 06:32:46 PM

Thanks for the feedback, welcome to the forums.