Tool-TPatch

Tool-TPatch is a backdoor trojan that grants remote criminals access to your PC, potentially including complete control over the system. Although most early Tool-TPatch reports were seen years ago, SpywareRemove.com malware researchers have witnessed recent Tool-TPatch outbreaks as late as mid-August 2011, and Tool-TPatch should be considered an actively-distributed and high-level security risk for any Windows computer. Because Tool-TPatch runs as a background process and may try to imitate the names of native system processes, overt indications of a Tool-TPatch infection are rare. You should use an appropriate security program to detect and delete Tool-TPatch infections before serious harm occurs.

Tool-TPatch's Many Names and Expressions of Hostility Against Your PC

Tool-TPatch tries to avoid notice when it's on your PC; SpywareRemove.com malware researchers have found that many Tool-TPatch infections will try to name their processes to look similar to 'svchost.exe,' a natural Windows process. Combined with Tool-TPatch's use of Registry-based automatic startup techniques, Tool-TPatch can remain active at all times without ever giving you a reason to notice it.

In spite of its near-invisibility, Tool-TPatch is a high-level PC security threat and allows remote criminals to have total access to your PC. This may be observed in altered network and security-related settings, especially with regards to your firewall and network ports. Remote attacks that Tool-TPatch enables can be the cause of:

• Loss of privacy and private information due to Tool-TPatch's use of spyware functions such as keylogging or installation of separate spyware programs.
• The presence of fake rogue security programs that create large amounts of false infection warnings and other system errors.
• DDoS attacks that force your PC to flood websites and shut them down due to traffic overflow.
• Problems accessing various programs, particularly maintenance and security programs such as anti-virus scanners, Task Manager and MSConfig.

Tool-TPatch is known by many different aliases, including not-a-Virus.Patch.QuarkXPress, Backdoor.Graybird, Backdoor.Graybird!sd6, Win-Trojan/Xema.variant, Trojan.Feutel.AV, Trojan-Dropper.Win32.Agent.ale, Win32/Secdrop.109568!Trojan and Trojan-Dropper.Win32.VB.dp.

The Unfriendly Friends of Tool-TPatch That You Should Also Watch Out For

Although our SpywareRemove.com malware research team has found many solitary instances of Tool-TPatch infections, just as many Tool-TPatch attacks have also used the assistance of other trojans, viruses and similarly malicious software. Some of the most common infections that have been seen working next to Tool-TPatch are Trojan-PSW.Gampass, Virus.Win32.Delf.ICC, Trojan-Downloader.Win32.Delf.cq, Virus.Win32.Tipa, Virus.Win32.Bancos and Zlob.

The majority of these Tool-TPatch-allied infections are dropper trojans and, like Tool-TPatch, able to install other harmful programs. Due to the combination of security attacks and malicious software propagation that a Tool-TPatch infection indicates, trying to detect or delete Tool-TPatch and related PC threats without external assistance is inadvisable. However, some high-quality anti-malware products are capable of removing Tool-TPatch and similar trojans without serious difficulties. As is usually the case for any infection that uses an automatic startup routine, Safe Mode may be useful for disabling Tool-TPatch prior to removing it.

Technical Details