TCP-Z TCP Patch and Monitor (PUA) information

The TCP-Z TCP Patch and Monitor (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What TCP-Z TCP Patch and Monitor (PUA) virus can do?

Sample contains Overlay data
Presents an Authenticode digital signature
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine TCP-Z TCP Patch and Monitor (PUA)?


File Info:
name: E964610C323DA1EA5375.mlw
path: /opt/CAPEv2/storage/binaries/70b4e3bd5cf47c8bfb1370c58614a99092cdd1981627bea0a8799c74044aed26
crc32: BFDED3B4
md5: e964610c323da1ea5375c660d4bab3e8
sha1: 947a86d09f2541f030141e1eb65c0c65fbd3fe1e
sha256: 70b4e3bd5cf47c8bfb1370c58614a99092cdd1981627bea0a8799c74044aed26
sha512: eff6e80fcb60cfd44d8cc9cdf83e03abe77d91519999085dca04bea1feceef651b9c335db811b0bd7858301b1e9b40a33ef40fabcb12f6a1136e02acfb78a337
ssdeep: 96:HPiJEeBh852aiDaG/tO0eo6UwzOxKwZyczyDElIbDX5MDXIWVjDXF2RDXU:C3eoezMKLSmVjWVV
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15F02090126A886B3E4E50EB867ED116277BEFE764721C9DF24B023D94E257D0FE34250
sha3_384: a902625a58bef7505b17fdc84c56674bf40d9a5d73b6e1c6f120783b0a97c9339c57d4c8eb7d64114a0c8d3ffc4c0406
ep_bytes: 8bff558beca10430010085c0b940bb00
timestamp: 2008-11-07 12:52:34

Version Info:
CompanyName: deepxw
FileDescription: Windows Tcpip.sys Patcher
FileVersion: 6.0.6000.2005 built by: WinDDK
InternalName: tcpz.sys
LegalCopyright: Copyright (c) deepxw Corp.1998-2008
OriginalFilename: tcpz.sys
ProductName: Windows (R) Server 2003 DDK driver
ProductVersion: 6.0.6000.2005
Translation: 0x0409 0x04b0

TCP-Z TCP Patch and Monitor (PUA) also known as:

Lionic	Worm.Win32.AutoRun.o!c
McAfee	Artemis!E964610C323D
Sangfor	PUP.Win32.Tcpz.atB
Alibaba	Worm:Win32/Autorun.983ade00
Symantec	PUA.TCPZ
Elastic	malicious (moderate confidence)
NANO-Antivirus	Trojan.Win32.AutoRun.qfziw
Avast	FileRepMalware [PUP]
Sophos	TCP-Z TCP Patch and Monitor (PUA)
DrWeb	Win32.HLLW.Autoruner1.15228
McAfee-GW-Edition	Artemis!Virus
Ikarus	Worm.Autorun
Webroot	W32.Hack.Tool
Kingsoft	Worm.AutoRun.cq.(kcloud)
Microsoft	Trojan:Win32/Wacatac.B!ml
VBA32	Worm.AutoRun
Cylance	Unsafe
Tencent	Win32.Worm.Autorun.Akym
Yandex	Worm.Autorun!nFTUYBLn/so
AVG	FileRepMalware [PUP]
Panda	Trj/CI.A

How to remove TCP-Z TCP Patch and Monitor (PUA)?

TCP-Z TCP Patch and Monitor (PUA) removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X