Trojan.Patched.V
I have scheduled a Quick System Scan at 2a.m. every night. The scan performed as usual tonight, but then BitDefender has found out some infected files as follow:
C:\WINDOWS\system32\dllcache\route.exe Infected: Trojan.Patched.V
C:\WINDOWS\system32\dllcache\route.exe Disinfection failed
C:\WINDOWS\system32\dllcache\route.exe Moved
C:\WINDOWS\system32\route.exe Infected: Trojan.Patched.V
C:\WINDOWS\system32\route.exe Disinfection failed
C:\WINDOWS\system32\route.exe Moved
C:\WINDOWS\I386\ROUTE.EX_=>route.exe Infected: Trojan.Patched.V
C:\WINDOWS\I386\ROUTE.EX_=>route.exe Disinfection failed
C:\WINDOWS\I386\ROUTE.EX_=>route.exe Move failed
I have tried to search for this virus (Trojan.Patched.V) in the virus encyclopedia, but what I could find was Trojan.Patched.B only. I have even tried to search the Trojan.Patched.V in google but there were no useful results about it. Can anyone tell me what I should do to remove the virus from those infected files? I have scanned a few times and every time the program just moved the files, and it seems that this route.exe is a windows file and I don't think I should simply delete it.
Comments
-
Hi!
This file is also detected at my PC, however, only starting from today (may be an update's fault). It is a windows program, I have also analyzed the files and it doesn't look like containing any malicious code. The VR will also take a look and remove the detection.
Andrei0 -
Hi!
This file is also detected at my PC, however, only starting from today (may be an update's fault). It is a windows program, I have also analyzed the files and it doesn't look like containing any malicious code. The VR will also take a look and remove the detection.
Andrei
So what should I do now? Do I just leave those infected files in the system32 folder? I'm afraid that the infected files will do something bad to harm my laptop......I still need my laptop for online assignments and school work......argh....0 -
As you can see, the so called trojan has also been detected in your windows kit. It is 99% a false postitve, however, you can move the files to quarantine until the Virus Researchers decide whether the detection will be removed or not. I haven't found any malicious code inside it. I also executed it in protected enviroment and it appears to be an utility which displays the network's routing tables.
Andrei0 -
I just got my TeamSpeak.exe file detected as Trojan.Patched.T, should I send if for analysis or the VR department will correct the definitions?
0 -
Yes, you could attach the file here. As for route.exe, I'm sure that VR have this file already on their PC's (it is a Windows program).
Andrei0 -
I scanned route.exe and it's clean most likely they have already removed the detection. The strange thing is that I don't have a subfolder called dllcache in the system 32 folder. So I recommend that you perform an update.
I am using :
virussignatures: 619920
engineversion:7.13536
teamspeak.exe is definitely a false positiv.
Regards
Niels0 -
Here it is, archive password: infected
It's a voice conference program used by gamers, and it's been installed for a long time. Today's the first time it was detected.
Regards/applications/core/interface/file/attachment.php?id=247" data-fileid="247" rel="">TeamSpeak.zip
0 -
Yep, route.exe is detected as a trojan starting from today too. I have made the last update and a deep system scan yesterday night at about 11 PM. Now, after I saw this post, I have scanned route.exe. It was found clean. After another BD update, route.exe is detected as a trojan.
Andrei0 -
I scanned route.exe and it's clean most likely they have already removed the detection. The strange thing is that I don't have a subfolder called dllcache in the system 32 folder. So I recommend that you perform an update.
I am using :
virussignatures: 619920
engineversion:7.13536
teamspeak.exe is definitely a false positiv.
Regards
Niels
There is the subfolder dllcache in system32 folder, however there are set system and hidden attributes.
PS: The file is still detected on myPC.
Andrei0 -
Indeed, it was a False-Positive. Detection has already been removed.
Andrei0 -
Yep, all normal now.
0 -
Hi Andrei
I already have enabled show hidden folders and files. But I can't still see the subfolder called dll cache. I use windows xp home edition sp2.
Strange if you had the same signature and engine version on the moment I posted route.exe wasn't detected. But because I couldn't find dll cach subfolder so I wasn't able to scan it. But now it isn't necessary anymore.
Regards
Niels0 -
Hi, Niles!
I know it's not the case, but did you also uncheck the "Hide protected Operating system files"?, Because I couldn't see the folder either until I unchecked that option.
Andrei0 -
Hi Andrei
My name is Niels and not Niles. But no big deal
I didn't unchecked that option. I always thought when you enable the option show hidden files and folders that all folders were viewable.
Regards
Niels0 -
Hi Andrei
My name is Niels and not Niles. But no big deal
I didn't unchecked that option. I always thought when you enable the option show hidden files and folders that all folders were viewable.
Regards
Niels
Hi Niels! Sorry for the mistake! My bad.
Andrei0 -
Is it normal then that when you delete route.exe it gets recreated instantly?
0 -
Is it normal then that when you delete route.exe it gets recreated instantly?
Hello ExBuM
To verify if it's the legit one do this rightclick on the file choose properties,version if you find Microsoft Corporation by company than it's legit. The route.exe file is also located in the dllcache folder so it could when you remove it that it will be replaced by the one that is located in dllcache folder.
Regards
Niels0 -
Okay thanks Niels :]
0 -
thanks guys!
it is not detected as a virus anymore
0 -
Okay thanks Niels :]
Glad that I could help you.
Regards
Niels0 -
thanks guys!
it is not detected as a virus anymore
As I previously mentioned, it was a false positive that was detected for about a few hours. BD VR saw that this was a legit file and removed the detection. Anyone who still has this problem, please update BD.
Andrei0
