W32/PEPatcher.c

This page shows details and results of our analysis on the malware W32/PEPatcher.c

Download Current DAT: 6618

Threat Detail

Malware Type: Virus

Malware Sub-type: Win32

Discovery Date: 2007-12-14

Next Steps:

Overview
Characteristics
Removal

Overview

W32/PEPatcher.c is a PE file based file infector.

Minimum DAT

5186 (2007-12-14)

Updated DAT

5361 (2008-08-14)

Minimum Engine

5.1.00

File Length

N/A

Description Added

2007-12-14

Description Modified

2008-07-17

Malware Proliferation

Characteristics

W32/PEPatcher.c is a file infector virus which appends itself to the last section in a PE file. On execution of the infected file, the virus code is executed first which loads a randomly named DLL before transferring control over to the original PE program. The appended section carries the name of this DLL. The DLL is used as the infector program.

Symptoms

Method of Infection

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).