Content
W32/Patcher!8102de064852
- Type
- Virus
- SubType
- -
- Discovery Date
- 08/21/2009
- Length
- 190649
- Minimum DAT
- 5716 (08/21/2009)
- Updated DAT
- 5716 (08/21/2009)
- Minimum Engine
- 5300.2777
- Description Added
- 08/21/2009
- Description Modified
- 08/21/2009 11:53 AM (PT)
Tab Navigation
Characteristics
| File Property | Property Value |
|---|---|
| FileName | Unavailable |
| McAfee Artemis | Artemis!8102de064852 |
| McAfee Detection | W32/Patcher |
| Length | 190,649 bytes |
| CRC | 2C393350 |
| MD5 | 8102DE0648528CB27CB464A9C664C5D6 |
| SHA1 | 3979379BA2F8B61D7BDFAB1E35D3CBB19B076E2E |
Other Common Detection Aliases
| Company Name | Detection Name |
|---|---|
| avast | Win32:Trojan-gen {Other} |
| AVG (GriSoft) | Agent |
| Avira | TR/Crypt.XPACK.Gen |
| BitDefender | GenPack:Backdoor.PCClient.TFD |
| Dr.Web | BackDoor.Update.214 |
| Eset | Win32/PcClient.NEH trojan |
| FortiNet | W32/Patcher |
| Kaspersky | Backdoor.Win32.PcClient.apuq |
| microsoft | Backdoor:Win32/PcClient.DF |
| panda | Trj/CI.A |
| Sophos | Mal/Generic-A |
| Symantec | Backdoor.Formador |
| Trend Micro | BKDR_PCCLIEN.BHS |
| vba32 | Backdoor.Win32.PcClient.aaqa |
Other detections that have been observed.
| FileName | McAfee Supported |
|---|---|
| %WINDIR%\system32\eflvon.dll | BackDoor-CKB.gen.m |
This sample can be identified by the following symptoms.
System Changes
These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files
The following files were analyzed:
The following files have been added to the system:
The following registry elements have been created:
- description = microsoft .net framework tpm
- start = 2
- servicedll = %systemroot%\system32\eflvon.dll
- description = microsoft .net framework tpm
- start = 2
- servicedll = %systemroot%\system32\eflvon.dll
- servicedll = %systemroot%\system32\eflvon.dll
The following registry elements have been changed:
- yxrzjc = yxrzjc
- description = microsoft .net framework tpm
- start = 2
- servicedll = %systemroot%\system32\eflvon.dll
- description = microsoft .net framework tpm
- start = 2
Symptoms
This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.
Method of Infection
Viruses are self-replicating. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.
Removal
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Variants
Variants
N/A
All Information
Overview -
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then further propagate the virus. Although many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Characteristics
Characteristics -
| File Property | Property Value |
|---|---|
| FileName | Unavailable |
| McAfee Artemis | Artemis!8102de064852 |
| McAfee Detection | W32/Patcher |
| Length | 190,649 bytes |
| CRC | 2C393350 |
| MD5 | 8102DE0648528CB27CB464A9C664C5D6 |
| SHA1 | 3979379BA2F8B61D7BDFAB1E35D3CBB19B076E2E |
Other Common Detection Aliases
| Company Name | Detection Name |
|---|---|
| avast | Win32:Trojan-gen {Other} |
| AVG (GriSoft) | Agent |
| Avira | TR/Crypt.XPACK.Gen |
| BitDefender | GenPack:Backdoor.PCClient.TFD |
| Dr.Web | BackDoor.Update.214 |
| Eset | Win32/PcClient.NEH trojan |
| FortiNet | W32/Patcher |
| Kaspersky | Backdoor.Win32.PcClient.apuq |
| microsoft | Backdoor:Win32/PcClient.DF |
| panda | Trj/CI.A |
| Sophos | Mal/Generic-A |
| Symantec | Backdoor.Formador |
| Trend Micro | BKDR_PCCLIEN.BHS |
| vba32 | Backdoor.Win32.PcClient.aaqa |
Other detections that have been observed.
| FileName | McAfee Supported |
|---|---|
| %WINDIR%\system32\eflvon.dll | BackDoor-CKB.gen.m |
This sample can be identified by the following symptoms.
System Changes
These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files
The following files were analyzed:
The following files have been added to the system:
The following registry elements have been created:
- description = microsoft .net framework tpm
- start = 2
- servicedll = %systemroot%\system32\eflvon.dll
- description = microsoft .net framework tpm
- start = 2
- servicedll = %systemroot%\system32\eflvon.dll
- servicedll = %systemroot%\system32\eflvon.dll
The following registry elements have been changed:
- yxrzjc = yxrzjc
- description = microsoft .net framework tpm
- start = 2
- servicedll = %systemroot%\system32\eflvon.dll
- description = microsoft .net framework tpm
- start = 2
Symptoms
Symptoms -
This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.
Method of Infection
Method of Infection -
Viruses are self-replicating. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.
Removal -
Removal -
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
