Over the past couple of weeks, AVG has identified a virus that it is unable to remove. I have been getting the exact pop up from AVG saying that “Virus identified Win64/Patched.C” with “c:\Windows\System32\rpcss.dll”. This virus keeps coming up as an AVG security threat which cannot be removed. I have run Malwarebytes either but it was unable to remove it too. I searched on the web and it said the virus should be removed manually. Also I am getting pop ups and random ads on google chrome. Are these pop ups most likely being caused by this virus and if so, how do I get rid of it for good if AVG cannot actually delete them?
Win64/Patched.C is categorized as a Trojan virus used to destroy 64-bit Windows computers and another one that targets on 32-bit computers is called Win32/Patched.C. This type of Trojan was first detected in October 2008 and spread by email attachment, file share, freeware download or malicious websites. It can do different things, including downloading and running other files, contacting remote hosts and disabling security features. This virus operates through modification to legitimate systems files on an infected system. Additionally, it can add parts of its code to a system component and then patch certain functions of the original file to point to an appended code. It can replace the original legitimate system file rpcss.dll to be a malicious one. Therefore, victims will get annoying pop up: Win64/patched. c:\Windows\System32\rpcss.dll from their antivirus program every few minutes. Unfortunately, antivirus programs cannot replace the infected rpcss.dll file with a good system file and heal the issue automatically now, instead it is advised that users remove Win64/Patched.C manually to make it go away permanently.
Win64/Patched.C Virus has illegal purposes and it can allow remote attackers to access your computer and download and activate possible malware on the infected system without your knowledge. Also you may see many obvious symptoms include slow PC performance, crazy pop-up ads and random shut down etc. This Trojan poses a huge risk as it will open a doorway on infected computer to allow remote attacker accessing and gathering your essential data like credit card details, login number, bank information etc. Computers with low browser security settings or outdated anti-virus software are highly vulnerable to this Trojan infiltration. It is suggested users should be extremely cautious when clicking unknown links and download files, especially if they come attached in an e-mail (even one from a friend) and as part of pop-ups. More importantly, don’t hesitate to remove Win64/Patched.C Virus from the PC.
Slow down your PC speed notably.
Add other dangerous Trojan or Spyware to your system secretly.
Allow the hacker to access your entire system.
Collect all your personal information and transfer to a remote hacker.
Destroy critical system files and make PC unstable.
From malicious drive-by-download scripts from corrupted porn and shareware / freeware websites.
Through spam email attachments, media downloads and social networks.
When clicking suspicious pop-ups or malicious links.
Open unknown email or download media files that contain the activation code of the virus.
Note: No matter how the virus accesses your PC, users should know that there are no tools can remove this pesky Trojan automatically at this moment, it is suggested users not spend much time in downloading or paying any security software which claims can delete this stubborn virus. It is totally useless. To completely get rid of Win64/Patched.C, professional manual guide is needed.
Currently many computer users had the same experience that this virus couldn’t be removed by any anti-virus applications. So the manual approach is always required to combat this virus. And here is the step-by-step removal guide for all computer users.
1. End the malicious process from Task Manager.
Once Win64/Patched.C virus is installed, computer user may notice that CPU usage randomly jumps to 100 percent. At any time Windows always has many running processes. A process is an individual task that the computer runs. In general, the more processes, the more work the computer has to do and the slower it will run. If your system’s CPU spike is constant and remain at a constant 90-95%, users should check from Task Manager and see if there is a suspicious process occupying system resources and then end it immediately.
(The name of the virus process can be random.)
Press Ctrl+Shift+Esc to quickly bring up Task Manager Window:
2. Show hidden files and folders.
Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
Click the View tab.
Under Advanced settings, click Show hidden files and folders, uncheck Hide protected operating system files (Recommended) and then click OK.
3. Open Registry entries. Find out the malicious files and entries and then delete all.
Attention: Always be sure to back up your PC before making any changes.
a. Press Windows key + R to open Run box. In the “Open” field, type “regedit” and click the “OK” button.
Then a Registry Editor window will pop up as the following picture shows:
b. Search malicious files and registry entries and then remove all of them:
%AllUsersProfile%\[random]
%AppData%\Roaming\Microsoft\Windows\Templates\[random]
%AllUsersProfile%\Application Data\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\[random]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Temp
Win64/Patched.C is a dangerous virus that compromises your security. In the vast majority of occasions you will have no knowledge that you have become a victim – until you get constant security alerts from your antivirus program. Once this virus is executed on the computer, it will drop several harmful files and even Rootkits to your machine which will inject a harmful code on legitimate Windows process that makes the Trojan to run as a legal system process. It may also add a couple of invalid registry entries so that this Trojan will load each time Windows starts. You will find your computer performance is poor and you always need several minutes to start up your machine or open a certain web page. Sometimes when you surf online or search something on Google, it will redirect you to another page that may contain viruses or potentially unwanted programs and show you endless pop-up ads. To avoid any further damages, it is highly recommended that you remove Win64/Patched.C manually.
Note: If you are not knowledgeable enough to be able to distinguish the location of this virus, or you are afraid of making mistake during the manual removal, please contact experts from Yoocare Online Tech Support for further help.
Published by & last updated on December 8, 2014 2:07 am
Leave a Reply
You must be logged in to post a comment.