Contents of this article pertain to W32/Patched.UA. This page includes description, technical aspects, and removal guide to delete the threat from your computer.
W32/Patched.UA is a generic detection for legitimate Windows systems files that are modified by a malware. It may also infect other files on the computer such as .HTML and other executable format. The Trojan may spread locally via removable drives and risky network shares. W32/Patched.UA will open a backdoor on the affected computer in order to allow a remote attacker to take control of it.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista/7
If W32/Patched.UA is executed on the computer, it will instantly patched Windows components. The objective of appending system files may vary from one variant to another. Although, one common act observed is to disable security programs installed. Other versions of this malware simply inject parts of its code into legitimate processes and include a function so that it will execute the main Trojan file when it runs. Mostly, W32/Patched.UA attacks are files like winlogon.exe, wininet.dll, kernel32.dll, iexplore.exe.
Once the Trojan is running, it will create a backdoor port and start communicating to a remote server. Typically, it accomplishes this task by injecting a code to web browser’s processes. With this technique, backdoor can function of the Trojan can pass-though Windows firewall. Through this channel, attacker may send command and control the infected PC. The connection may also allow W32/Patched.UA to download and execute more threats.
W32/Patched.UA is mainly distributed as part of Trojan Downloader. File-sharing networks and spam email messages are also considered as other method for its propagation. Locally, this Trojan may infect other systems by creating a copy of itself onto removable media devices and unsafe file-sharing network.
How to Remove W32/Patched.UA
1. Temporarily Disable System Restore if you are using Windows XP. For Windows Vista/7 users, you may use System Restore to return Windows to a previous clean state. However, you must have a saved restore points to accomplish this. Otherwise, proceed with the removal process.< p/>
2. Open your antivirus application and update the virus definitions. This method ensures that your antivirus program can detect even newer variants of W32/Patched.UA .
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Select Safe Mode with Networking.
- System will boot Windows loading only necessary drivers and system files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Online Virus Scanner:
Another way to remove W32/Patched.UA without the need to install additional antivirus application is to perform a thorough scan with free online virus scanner that can be found on websites of legitimate anti-virus and security provider.
5. Go to Online Virus Scanner list and run a virus scan. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.
6. After completing the necessary download, your system is now ready for online virus scanning.
7. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
8. Remove or delete all detected items.
9. When scanning is finished, you may now restart the computer in normal mode.
Automatic Removal of W32/Patched.UAIn order to completely remove the threat, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.
Alternative Removal Method for W32/Patched.UA
Option 1 : Use Windows System Restore to return Windows to previous state
If W32/Patched.UA enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before W32/Patched.UA infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.