Win64/Patched.A is a highly dangerous Trojan which comes from the same family as Win64/Patched.B.Gen. This Threat does not only cause damages to affected files, it may also provide some actions that can lead to system malfunction. It infects target computers by exploiting software vulnerability. Once it gains an access, it will apply an advance technique that aims to conceal itself and evades anti-virus detection.
This malicious virus can be detected by AVG, reporting it is located in windows\system32\services.exe. It prevents users from deleting or quarantining itself. After installed, it can drop harmful files and make several changes on computer settings. Thus, it is not surprised that your PC is running out of order. It is getting slower and slower or even frozen all the time. Besides, this type of Trojan can open a doorway on infected computer to allow remote attacker to gain full access. It may cause identity theft and money loss to the computer users. In a word, such malicious Trojan should be deleted as soon as possible once upon detection.
1. Reboot your computer to safe mode with networking. As your computer restarts but before Windows launches, tap “F8” key constantly.

2. Show hidden files and folders.
Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
Click the View tab.
Under Advanced settings, click Show hidden files and folders, uncheck Hide protected operating system files (Recommended) and then click OK.

3. Open Registry entries. Find out the malicious files and entries and then delete all.
Attention: Always be sure to back up your PC before making any changes.
a. Press the “Start” button and then choose the option “Run”. In the “Open” field, type “regedit” and click the “OK” button.


b. All malicious files and registry entries that should be deleted:
%Documents and Settings%\[UserName]\Application Data\[random]
%AllUsersProfile%\Application Data\.exe(Win64/Patched.A)
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Random
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\Random.exe
If you failed to remove Win64/Patched.A with the instructions above or need any assistant, you are welcome to contact YooCare experts to resolve all the problems completely.
Published by on July 16, 2012 8:53 am, last updated on August 17, 2012 4:58 pm
 
          
  
         
Leave a Reply
You must be logged in to post a comment.