Home Malware Programs Spyware Win32/Patched.HN


Posted: July 15, 2011

Win32/Patched.HN is a Trojan that can exhibit a variety of characteristics related to dropper Trojans, backdoor Trojans and spyware. These Win32/Patched.HN attacks can include stealing passwords, installing harmful programs without your consent, altering your security settings in negative ways and allowing remote attackers to gain access to your PC. There are strong disincentives for removing Win32/Patched.HN by manual methods such as by deleting Win32/Patched.HN's files, since Win32/Patched.HN frequently is one of many. sophisticated infection components. To delete Win32/Patched.HN with no side effects or other unexpected problems use an anti-virus program that's capable of scanning your PC for Win32/Patched.HN and all related infections.

Win32/Patched.HN: A Trojan with Countless Ways to Violate Your Privacy

Win32/Patched.HN is a Trojan with many variations that can be installed along with, not only other Trojans, but also rootkits. The high likelihood of Win32/Patched.HN not being alone makes complete and in-depth system scans with anti-virus programs your best choice for removing Win32/Patched.HN infections. Some of the common problems that are related to Win32/Patched.HN and affiliated infections include:

  • Some variants of Win32/Patched.HN are aliases of PWS:Win32/Frethog.gen!B, a Trojan that specializes in stealing account login information from mmorpg applications. Many other types of Win32/Patched.HN are also associated with other kinds of spyware that may be capable of stealing cached passwords, recording keystrokes or taking screenshots.
  • Other types of Win32/Patched.HN may install other hostile programs. Some typical Trojan payloads include fake security programs that show false positive infection warnings, ransomware programs that lock your computer until you pay a fee and browser hijacker redirects your browser to a dangerous website.
  • Still other types of Win32/Patched.HN may content themselves with bringing your computer's security settings down by a notch or three. Signs of Win32/Patched.HN security attacks can include open ports, a disabled firewall, altered firewall settings or an inability to use basic Windows programs like Task Manager.

Why You May Have to Look Hard to See Win32/Patched.HN At Work

Even though Win32/Patched.HN can create a small army of attacks against your PC, spotting these attacks to begin with, can be a difficult process. Most Trojans, including Win32/Patched.HN do what they can to avoid being seen – in Win32/Patched.HN's case, this is often accomplished by Win32/Patched.HN injecting Win32/Patched.HN's malicious code into natural Windows processes.

However, you may be able to detect Win32/Patched.HN's files, which tend to be .dll files that are hidden in a subdirectory of either the Windows directory or the Documents and Settings directory. Another sign of Win32/Patched.HN infection can be interface problems in Windows Explorer; if you're unable to use this program to access your files, try the Command Prompt instead, which Win32/Patched.HN, so far, hasn't been reported to attack.

Many of those who have been savaged by Win32/Patched.HN's attacks also reported that their anti-virus software will fail to open or exhibit errors, when they try to delete Win32/Patched.HN. In most cases, your anti-virus programs should be unharmed, and a simple reboot into Safe Mode or a boot using an external source will let you launch them to get rid of Win32/Patched.HN.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Temp%\.exe
    2 %UserProfile%\Application Data\.dll

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings 'ProxyOverride' = ''HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System 'DisableTaskMgr' = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce 'SelfdelNT'HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USER\ Software\ Microsoft \Windows\ CurrentVersion\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\