Trojan.Patched.V

I have scheduled a Quick System Scan at 2a.m. every night. The scan performed as usual tonight, but then BitDefender has found out some infected files as follow:

C:\WINDOWS\system32\dllcache\route.exe Infected: Trojan.Patched.V

C:\WINDOWS\system32\dllcache\route.exe Disinfection failed

C:\WINDOWS\system32\dllcache\route.exe Moved

C:\WINDOWS\system32\route.exe Infected: Trojan.Patched.V

C:\WINDOWS\system32\route.exe Disinfection failed

C:\WINDOWS\system32\route.exe Moved

C:\WINDOWS\I386\ROUTE.EX_=>route.exe Infected: Trojan.Patched.V

C:\WINDOWS\I386\ROUTE.EX_=>route.exe Disinfection failed

C:\WINDOWS\I386\ROUTE.EX_=>route.exe Move failed

I have tried to search for this virus (Trojan.Patched.V) in the virus encyclopedia, but what I could find was Trojan.Patched.B only. I have even tried to search the Trojan.Patched.V in google but there were no useful results about it. Can anyone tell me what I should do to remove the virus from those infected files? I have scanned a few times and every time the program just moved the files, and it seems that this route.exe is a windows file and I don't think I should simply delete it.

Find more posts tagged with

Comments

AndreiASM

Hi!

This file is also detected at my PC, however, only starting from today (may be an update's fault). It is a windows program, I have also analyzed the files and it doesn't look like containing any malicious code. The VR will also take a look and remove the detection.

Andrei

gunbusterhk

Hi!

This file is also detected at my PC, however, only starting from today (may be an update's fault). It is a windows program, I have also analyzed the files and it doesn't look like containing any malicious code. The VR will also take a look and remove the detection.

Andrei

So what should I do now? Do I just leave those infected files in the system32 folder? I'm afraid that the infected files will do something bad to harm my laptop......I still need my laptop for online assignments and school work......argh....

AndreiASM

As you can see, the so called trojan has also been detected in your windows kit. It is 99% a false postitve, however, you can move the files to quarantine until the Virus Researchers decide whether the detection will be removed or not. I haven't found any malicious code inside it. I also executed it in protected enviroment and it appears to be an utility which displays the network's routing tables.

Andrei

bluesprite

I just got my TeamSpeak.exe file detected as Trojan.Patched.T, should I send if for analysis or the VR department will correct the definitions?

AndreiASM

Yes, you could attach the file here. As for route.exe, I'm sure that VR have this file already on their PC's (it is a Windows program).

Andrei

Niels

I scanned route.exe and it's clean most likely they have already removed the detection. The strange thing is that I don't have a subfolder called dllcache in the system 32 folder. So I recommend that you perform an update.

I am using :

virussignatures: 619920

engineversion:7.13536

teamspeak.exe is definitely a false positiv.

Regards

Niels

bluesprite

Here it is, archive password: infected

It's a voice conference program used by gamers, and it's been installed for a long time. Today's the first time it was detected.

Regards

/applications/core/interface/file/attachment.php?id=247" data-fileid="247" rel="">TeamSpeak.zip

TeamSpeak.zip

AndreiASM

Yep, route.exe is detected as a trojan starting from today too. I have made the last update and a deep system scan yesterday night at about 11 PM. Now, after I saw this post, I have scanned route.exe. It was found clean. After another BD update, route.exe is detected as a trojan.

Andrei

AndreiASM

I scanned route.exe and it's clean most likely they have already removed the detection. The strange thing is that I don't have a subfolder called dllcache in the system 32 folder. So I recommend that you perform an update.

I am using :

virussignatures: 619920

engineversion:7.13536

teamspeak.exe is definitely a false positiv.

Regards

Niels

There is the subfolder dllcache in system32 folder, however there are set system and hidden attributes.

PS: The file is still detected on myPC.

Andrei

AndreiASM

Indeed, it was a False-Positive. Detection has already been removed.

Andrei

bluesprite

Yep, all normal now.

Niels

Hi Andrei

I already have enabled show hidden folders and files. But I can't still see the subfolder called dll cache. I use windows xp home edition sp2.

Strange if you had the same signature and engine version on the moment I posted route.exe wasn't detected. But because I couldn't find dll cach subfolder so I wasn't able to scan it. But now it isn't necessary anymore.

Regards

Niels

AndreiASM

Hi, Niles!

I know it's not the case, but did you also uncheck the "Hide protected Operating system files"?, Because I couldn't see the folder either until I unchecked that option.

Andrei

Niels

Hi Andrei

My name is Niels and not Niles. But no big deal

I didn't unchecked that option. I always thought when you enable the option show hidden files and folders that all folders were viewable.

Regards

Niels

AndreiASM

Hi Andrei

My name is Niels and not Niles. But no big deal

I didn't unchecked that option. I always thought when you enable the option show hidden files and folders that all folders were viewable.

Regards

Niels

Hi Niels! Sorry for the mistake! My bad.

Andrei

ExBuM

Is it normal then that when you delete route.exe it gets recreated instantly?

Niels

Is it normal then that when you delete route.exe it gets recreated instantly?

Hello ExBuM

To verify if it's the legit one do this rightclick on the file choose properties,version if you find Microsoft Corporation by company than it's legit. The route.exe file is also located in the dllcache folder so it could when you remove it that it will be replaced by the one that is located in dllcache folder.

Regards

Niels

ExBuM

Okay thanks Niels :]

gunbusterhk

thanks guys!

it is not detected as a virus anymore

Niels

Okay thanks Niels :]

Glad that I could help you.

Regards

Niels

AndreiASM

thanks guys!

it is not detected as a virus anymore

As I previously mentioned, it was a false positive that was detected for about a few hours. BD VR saw that this was a legit file and removed the detection. Anyone who still has this problem, please update BD.

Andrei