Virus.Patchload.O

Posted: June 10, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	8/10
Infected PCs:	8,132

First Seen:	June 10, 2011
Last Seen:	January 23, 2023
OS(es) Affected:	Windows

Virus.Patchload.o is a label for files that have been successfully-infected or patched by a virus. Although the functions that can be included in a Virus.Patchload.o attack may vary, SpywareRemove.com malware experts note that Virus.Patchload.o often loads other types of harmful files and is not part of a multi-component infection. Since Virus.Patchload.o is usually installed by another PC threat and is often used to coordinate attacks by still more types of PC threats, any attempts to delete Virus.Patchload.o should also scan your entire PC to be certain of detecting and removing associated types of malicious software. As a symptom of a virus, Virus.Patchload.o may not have a separate file or memory process, although you may be able to notice Virus.Patchload.o by looking for unusual resource allocation in pre-existing processes or by noting unusual setting changes that reduce your computer's security.

Patchload.o – a Junebug That Latches Onto Your Files and Will Not Let Go

In-depth identification of Patchload.o was first developed in June of 2011, and it's recommended that you keep your anti-malware software up-to-date for at least that date to be certain of detecting potential Patchload.o infections. Although, so far, Patchload.o lacks the ability to propagate itself like a true virus, Patchload.o (also known as Virus:Win32/Patchload.o) otherwise nestles neatly into the standard definition of a virus due to being malicious code that's appended onto unrelated files. You may be able to detect the presence of Patchload.o by opening your Task Manager and watching your system processes for unusual expenditure of system resources.

Patchload.o is used to load components of other PC threats such as 'c_06860.nls,' which is often hidden in the Windows system folder. In addition to loading these components, Patchload.o may also undertake other actions – SpywareRemove.com malware experts have also noted that Patchload.o can copy files in limited instances. As a loader and potential installation tool for additional PC threats, Patchload.o has few symptoms of its presence but can be complicit in high-level attacks against your computer's security and privacy.

Good Reasons to Refuse the Patchload.o 'Patch' to Your OS

Although Patchload.o isn't designed to function in non-Windows computers, SpywareRemove.com malware experts caution that Patchload.o's presence can be a significant hazard for any Windows-based PC. The consequences of allowing Patchload.o to load PC threats unhindered can include:

Loss of control over your computer itself as hackers take advantage of Patchload.o-installed backdoors to take over the system.
Becoming a victim of informational theft by spyware that may target banking info, account passwords and identity-related information.
Being subjected to browser redirects from browser hijackers that expose you to hostile sites.
Being attacked by fraudulent alerts and other types of pop-ups that are often used by scamware or Trojan droppers that install rogue anti-malware products.

Despite these dangers, removing Patchload.o quickly and with anti-malware software can stop such possibilities before they have a chance to start – and will not damage the underlying file that's inadvertently-playing host to Patchload.o.

Aliases

Heuristic.BehavesLike.Win32.Suspicious-DTR.K [McAfee-GW-Edition]Heuristic.LooksLike.Win32.SuspiciousPE.N!84 [McAfee-GW-Edition]TR/Spy.135664.6 [AntiVir]Trojan.Generic.6113146 [BitDefender]TR/Spy.ZBot.22816.1 [AntiVir]Trojan.Generic.6124488 [BitDefender]TR/Spy.ZBot.163840 [AntiVir]Trojan.Generic.6171774 [BitDefender]TR/Spy.ZBot.1554728 [AntiVir]Trojan.Generic.6163618 [BitDefender]Trojan.Generic.6113814 [BitDefender]TR/Kazy.21128.3 [AntiVir]TR/Spy.271760 [AntiVir]Trojan.Generic.KDV.257794 [BitDefender]TR/Spy.ZBot.725344 [AntiVir]
More aliases (736)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%PROGRAMFILES%\Sony\Network Utility\NSUService.exe

File name: NSUService.exe
Size: 303.1 KB (303104 bytes)
MD5: 7ec71cc77c28516f9edc1ff3f85d4c89
Detection count: 86
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\Sony\Network Utility
Group: Malware file
Last Updated: February 20, 2012

%PROGRAMFILES%\Nero\Update\NASvc.exe

File name: NASvc.exe
Size: 584.48 KB (584488 bytes)
MD5: 34d72e433363b963087c0c48a6819b88
Detection count: 83
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\Nero\Update
Group: Malware file
Last Updated: March 13, 2012

%PROGRAMFILES%\ATK Hotkey\WDC.exe

File name: WDC.exe
Size: 151.55 KB (151552 bytes)
MD5: f1e59df2622cae37e159d6e26cf7d25d
Detection count: 44
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\ATK Hotkey
Group: Malware file
Last Updated: April 29, 2013

%PROGRAMFILES%\ATK Hotkey\Hcontrol.exe

File name: Hcontrol.exe
Size: 233.47 KB (233472 bytes)
MD5: c52b5120ab3e8afcaaba142aad1ff91e
Detection count: 41
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\ATK Hotkey
Group: Malware file
Last Updated: April 29, 2013

%PROGRAMFILES%\ASUS\ATK Hotkey\HControl.exe

File name: HControl.exe
Size: 221.18 KB (221184 bytes)
MD5: 5ac19cfd51b3a44ef77c19106007f163
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\ASUS\ATK Hotkey
Group: Malware file
Last Updated: January 8, 2013

%PROGRAMFILES%\ASUS\ATK Hotkey\ATKOSD.exe

File name: ATKOSD.exe
Size: 2.48 MB (2486272 bytes)
MD5: f77b7f9093113b785c518a3a0cf845fe
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\ASUS\ATK Hotkey
Group: Malware file
Last Updated: January 8, 2013

%WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

File name: mscorsvw.exe
Size: 69.63 KB (69632 bytes)
MD5: 567308de8e3c3867e83e91ae362e1376
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\Microsoft.NET\Framework\v2.0.50727
Group: Malware file
Last Updated: October 10, 2019

%PROGRAMFILES%\Intel\Intel Matrix Storage Manager\IAANTMon.exe

File name: IAANTMon.exe
Size: 354.84 KB (354840 bytes)
MD5: cf015d07ea94ccd7b862393b1a361244
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\Intel\Intel Matrix Storage Manager
Group: Malware file
Last Updated: March 2, 2012

%PROGRAMFILES%\UPHClean\uphclean.exe

File name: uphclean.exe
Size: 241.72 KB (241725 bytes)
MD5: 872de14f823092caf5007ebb8d49dea8
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\UPHClean
Group: Malware file
Last Updated: March 21, 2013

Anti-Malware\mbamservice.exe

File name: mbamservice.exe
Size: 366.64 KB (366640 bytes)
MD5: f736ccabb23b2018775f6b42c89964c2
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: Anti-Malware
Group: Malware file
Last Updated: November 6, 2012

%PROGRAMFILES%\Hewlett-Packard\Shared\hpqWmiEx.exe

File name: hpqWmiEx.exe
Size: 799.8 KB (799800 bytes)
MD5: 8365684df2a1265f4944ca9f9baea718
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\Hewlett-Packard\Shared
Group: Malware file
Last Updated: February 26, 2013

%PROGRAMFILES%\CyberLink\Shared Files\RichVideo.exe

File name: RichVideo.exe
Size: 272.02 KB (272024 bytes)
MD5: 3859dabf0da5cef17aa6bd9cbf6e6cc1
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\CyberLink\Shared Files
Group: Malware file
Last Updated: March 8, 2012

%COMMONPROGRAMFILES%\Ahead\Lib\NMIndexingService.exe

File name: NMIndexingService.exe
Size: 267.82 KB (267824 bytes)
MD5: 5a8907d0828129dab2de8b103de740a6
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %COMMONPROGRAMFILES%\Ahead\Lib
Group: Malware file
Last Updated: January 19, 2012

%PROGRAMFILES%\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

File name: HPWA_Service.exe
Size: 103.99 KB (103992 bytes)
MD5: a3903bbf1f8f83dddd1dfbe6a617575c
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\Hewlett-Packard\HP Wireless Assistant
Group: Malware file
Last Updated: March 2, 2012

%WINDIR%\system32\Hpservice.exe

File name: Hpservice.exe
Size: 26.16 KB (26168 bytes)
MD5: d8dcd77ae2ea01ef4eb3625acbc71fc6
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: January 19, 2012

C:\Windows\Temp\GoogleUpdate.exe.old35dc8

File name: GoogleUpdate.exe.old35dc8
Size: 135.66 KB (135664 bytes)
MD5: cc324102f89653c588b32f8d86e5f01f
Detection count: 7
Mime Type: unknown/old35dc8
Path: C:\Windows\Temp\GoogleUpdate.exe.old35dc8
Group: Malware file
Last Updated: October 6, 2021

%PROGRAMFILES%\MapsGalaxy_39\bar\1.bin\39barsvc.exe

File name: 39barsvc.exe
Size: 42.5 KB (42504 bytes)
MD5: 547b1255ecd5805a199902b1f1f541e1
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\MapsGalaxy_39\bar\1.bin
Group: Malware file
Last Updated: January 27, 2012

%WINDIR%\system32\Ati2evxx.exe

File name: Ati2evxx.exe
Size: 389.12 KB (389120 bytes)
MD5: 22728182bf0c6ea1fd1706a7e3724e12
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: January 19, 2012

%PROGRAMFILES%\ATK Hotkey\MsgTranAgt.exe

File name: MsgTranAgt.exe
Size: 110.59 KB (110592 bytes)
MD5: 64667ac7a4c7e571d79547140d171da2
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\ATK Hotkey
Group: Malware file
Last Updated: March 8, 2012

%PROGRAMFILES%\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

File name: CLSched.exe
Size: 118.78 KB (118784 bytes)
MD5: ac9316020079f3c9b9e4931de6f2b982
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\CyberLink\PowerCinema\Kernel\TV
Group: Malware file
Last Updated: February 24, 2012

%PROGRAMFILES%\IObit\IObit Malware Fighter\IMFsrv.exe

File name: IMFsrv.exe
Size: 820.56 KB (820568 bytes)
MD5: 6bcf23173cfc99e02e16111368e10fb3
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\IObit\IObit Malware Fighter
Group: Malware file
Last Updated: March 2, 2012

%WINDIR%\system32\atiesrxx.exe

File name: atiesrxx.exe
Size: 176.12 KB (176128 bytes)
MD5: fae0d8638d82a4be05cb899dd008a967
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: March 2, 2012

%WINDIR%\system32\nvvsvc.exe

File name: nvvsvc.exe
Size: 203.29 KB (203296 bytes)
MD5: 9771ec15d003673081fa5323ef9eae5d
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: February 13, 2012

%COMMONPROGRAMFILES%\Ahead\Lib\NMIndexingService.exe

File name: NMIndexingService.exe
Size: 262.14 KB (262144 bytes)
MD5: bb7fad4e5dc5c09095c20c6934dca542
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %COMMONPROGRAMFILES%\Ahead\Lib
Group: Malware file
Last Updated: March 8, 2012

More files

One Comment

Margreet says:

March 10, 2012 at 1:27 pm

Hi. Most any email client blocks those file extensions. The easiest workaround is creating a .zip file and adding the executive to it. Most email providers allow zip files.