W32/Liger-A
This page contains data and removal guide to delete W32/Liger-A from an infected computer. Follow the instruction carefully to get rid of the Trojan instantly.
W32/Liger-A will infect Windows DLL file and usually spreads on local and remote shared drives. This virus is created specifically for the Windows platform. This detection aims to identify legitimate Windows file that is contaminated with a virus. Some antivirus programs detects this threat as W32/PEPatcher because it patches a code into the header of legitimate Windows files to load malicious DLL components of the virus.
Alias: Trojan.Win32.Patched.cx, W32/PEPatcher.c, PE_PATCHEP.A, Trojan:Win32/Patched.B
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
W32/Liger-A is a file infector that will inject malicious codes to Windows legitimate files like EXPLORER.EXE, LSSASS.EXE, SERVICES.EXE, SPOOLSV.EXE, SVCHOST.EXE and WINLOGON.EXE. When Windows starts, it usually loads these files. If ever they are patched with the virus code, the infection is also loaded into the system.
When activated, W32/Liger-A will run a malicious DLL file that routinely executes itself on the affected computer. It may also contact a remote computer to further download other threats. File download can be a simple configuration file to update the virus to a harmful component that can cause severe damage on the infected PC. Some patched files can be irrecoverable, thus, some user who was infected with it resort to reformatting the computer and reinstalling fresh operating.
Distribution
W32/Liger-A is a virus that enters the computer through another malware infection. Once inside, it may infect certain files that are essential to perform its tasks. However, this virus does not self-replicate once inside the compromised unit. It will not infect neighboring computers as well.
How to Remove W32/Liger-A
NOTE: We suggest that you PRINT or BOOKMARK this guide. There are steps that we may have to restart the computer in order to successfully remove the threat.
Step 1 : Run a scan with your antivirus program
1. Temporarily Disable System Restore if your system is running on Windows Me/XP. [how to]
2. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Select Safe Mode with Networking.
- Windows will boot loading only necessary drivers and system files. Expect that it will run with minimal features and low-resolution display.

3. Open your antivirus program and download the most recent update. This method ensures that your antivirus program can detect even newer variants of W32/Liger-A.
Updating your antivirus software is a one-click process. Please refer to your software manual for complete instructions.
4. Once updating is finished, run a full system scan. After the scan, delete all infected items. If unable to clean or delete, better place the threat in quarantine.
Step 2: Run another test with online virus scanner
Another way to remove W32/Liger-A without the need to install additional antivirus software is to perform a thorough scan with free online virus scanner. It can be found on websites of legitimate antivirus and security provider.
1. Click the button below to proceed to the list of suggested Online Virus Scanner. Choose your desired provider. You can run each scan individually, one at a time, to ensure that all threats will be removed from the computer. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.
2. After completing the necessary download, your system is now ready to scan and remove W32/Liger-A and other kinds of threats.
3. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
4. Remove or delete all detected items.
5. When scanning is finished, you may now restart the computer in normal mode.
Alternative Removal Procedures for W32/Liger-A
Option 1 : Use Windows System Restore to return Windows to previous state
If W32/Liger-A enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before W32/Liger-A infiltrates the PC, we highly encourage you to execute this procedure if none of the above works.
To verify if System Restore is active on your computer, you can type system restore into the Start menu search box. Typing rstrui on the same box and pressing Enter also opens this function.

If previous restore point is saved, you may proceed with Windows System Restore. Click here to see the full procedure.
Ways to Prevent W32/Liger-A Infection
Take the following steps to protect the computer from threats. Suggested tools and security setup within installed software helps prevent the same attack on your PC.
