What is “Win32:Patched-VD [Trj]”?

The Win32:Patched-VD [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32:Patched-VD [Trj] virus can do?

Sample contains Overlay data
The PE file contains a PDB path
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Win32:Patched-VD [Trj]?


File Info:
name: E823E666762EEF0BF71B.mlw
path: /opt/CAPEv2/storage/binaries/9cdfde3237a518ebc7b2b008898c0b21aea553c1ca3ef37af5b67bc81edfc829
crc32: 6EDDD6E3
md5: e823e666762eef0bf71b80ab5fba081b
sha1: 142da3ce9ca8eee932f07ddeb725370ac106a2b1
sha256: 9cdfde3237a518ebc7b2b008898c0b21aea553c1ca3ef37af5b67bc81edfc829
sha512: ef95b53b69200972ade7e2b0fa7ad327943d7d13cfa2b6db272f0808464eadd50034e49cd59a397577501b36b5535a3f921ec81673a27ad5a3c9411b37b52be1
ssdeep: 6144:2edTBgp4EPFJP1IflvdXqlVxhmVnqfmbXviNE:znEPvgtqlVYnBDKy
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15164B42232FA651BC269637CB5AB8336E735EA20572283C75300B67B0DD22D16D1F767
sha3_384: 1e164c5225c8f6b04f5e38ab8f525cc0d26f24835cbe4b5273b126791fe55485aa3b174853acfaaaa28c769a72825b8a
ep_bytes: 558bec6aff68c052000168b81a010164
timestamp: 2000-08-04 01:17:24

Version Info:
Comments: 
CompanyName: Microsoft Corporation
FileDescription: Microsoft Data Access - Setup
FileVersion: 2.60.6526.2
InternalName: dasetup
LegalCopyright: Copyright © Microsoft Corp. 1999-2000
LegalTrademarks: Windows(TM) is a trademark of Microsoft Corporation.  Microsoft® is a registered trademark of Microsoft Corporation
OriginalFilename: dasetup.exe
PrivateBuild: 
ProductName: Microsoft Data Access Components
ProductVersion: 2.60.6526.2
SpecialBuild: 
Translation: 0x0409 0x04b0

Win32:Patched-VD [Trj] also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Patched.4!c
MicroWorld-eScan	Win32.Patched.Mebratix.A
FireEye	Win32.Patched.Mebratix.A
CAT-QuickHeal	Trojan.Patched.OD
Skyhigh	BehavesLike.Win32.Virut.fm
McAfee	Artemis!E823E666762E
Cylance	unsafe
VIPRE	Win32.Patched.Mebratix.A
Sangfor	Trojan.Win32.Patched.VD
Alibaba	Trojan:Win32/Brontok.2ddecd05
Baidu	Win32.Virus.Loader.n
Kaspersky	Trojan.Win32.Patched.od
BitDefender	Win32.Patched.Mebratix.A
NANO-Antivirus	Trojan.Win32.Patched.nizvo
Avast	Win32:Patched-VD [Trj]
Tencent	Virus.Win32.Patched.oe
Emsisoft	Win32.Patched.Mebratix.A (B)
Google	Detected
F-Secure	Malware.W32/Brontok.AE.patch
DrWeb	Trojan.Love.3
Zillya	Trojan.Patched.Win32.59831
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Patched
Jiangmin	Win32/PatchFile.jo
Webroot	W32.Malware.Heur
Varist	W32/Patched.I
Avira	W32/Brontok.AE.patch
Antiy-AVL	Trojan/Win32.Patched.od
Kingsoft	Win32.InfectCall.ff.368640
Xcitium	Malware@#29av6y784bycj
Arcabit	Win32.Patched.Mebratix.A
ZoneAlarm	Trojan.Win32.Patched.od
GData	Win32.Patched.Mebratix.A
Cynet	Malicious (score: 99)
AhnLab-V3	Win32/Mebratix
VBA32	BScope.Trojan.Patched
ALYac	Win32.Patched.Mebratix.A
MAX	malware (ai score=99)
Panda	Trj/CI.A
Rising	Virus.Patched!1.9BE4 (CLASSIC)
Fortinet	W32/Patched.OD!tr
BitDefenderTheta	AI:FileInfector.22D4884818
AVG	Win32:Patched-VD [Trj]
alibabacloud	Virus:Win/Patched.od

How to remove Win32:Patched-VD [Trj]?

Win32:Patched-VD [Trj] removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X