win32\patched.NAW Trojan...

afer I updted my database just today, it detected that patched trojan attacking my sfc_os.dll file... Is this a glitch or is it really a bad thing hapenning on my PC?

 

Re: win32\patched NAW Trojan...

ESET please fix this fast - it is false positive.

The file sfc_os.dll is patched with nLite to disable SFC. That is why it is detected as trojan.
Mcafee had the same problem:

http://www.msfn.org/board/topic/142814-mcafee-virusscan-and-disabled-sfc/

Maybe SFC should be left enabled but right now I have literally hundreds of installed copies of this nLite tweaked XP so it will be hell to explain people that it is not a virus but false positive.

 

so does this mean this is not really a serious problem?

 

I too have this problem with my sfc_os.dll and I also think that it's a false positive.
At Virustotal only 4 out of 42 antiviruses says that is infected.
The file is also in a backup that I made when I installed Windows XP last time (3..4 months ago). And is also in my modified XP installation files as SFC_OS.DL_.
For now I have added it to exclusions.
But please fix this as soon as possible.
Thank you.

 

I too have this problem with my sfc_os.dll, since yesterday...I hope it's nothing serious...

 

don't forget to submit the file to Eset to check and fix

 

I already did.
But I submitted files before and until today I still keep them as exclusions because nothing was fixed + nobody answered to my email accounts EVER.
So my confidence isn't that high...

 

Can someone with this problem create a SysInspector log and pm me the link?

 

Had this problem this morning on multiple machines, I'm thinking it's a false positive - would be nice for an official response.

 

It's actually a sort of patched file. We've also received it among other samples from a test set from a famious AV tester.

The case is still under investigation and we're trying to determine the source responsible for patching the system file. It's a matter of fact that official installation CDs from Microsoft do not contain this file.

 

NLite 100%.
In my original XP CD sfc_os.dl_ isn't seen as infected. After using NLite is seen as infected.

 

still popping up...

 

Could you confirm you installed your Windows using nLite? Any chance you're running a cracked version of Windows?

 

We had couple of cases when nLite was NOT used to customize Win install and user is using original MS XP software...

Will send Sysinspector log...

 

Yes, all nlite mode of sfc_os.dll from original XP are marked like win32\patched.NAW Trojan
Even add this to excludes, NOD still alerts! And some apps don't want to work, because Nod block this .dll!..

 

I have a question...

Is this a potential virus or just a glitch? Should I consider backing up my files?

 

Probably just a false positive, nothing to worry about.

 

Did update 6246 fix this?
Thanks

 

I don't know what nlite is (noob) I've been running both my OS and Eset for quite sometime already. Just after the virus database update today it happens.

 

I have installed vistamizer in my OS, this problem does not occurs

 

To whom with Win32\Patched.NAW Trojan detected: this detection was for a patched system file sfc_os_dll (ie. not originating from Microsoft) which, in effect, rendered one of the important Windows security features called System File Checker disabled. For this reason it's often exploited by malware for malicious purposes so that the malware could infect system files or replace them with malicious files easily, without the operating system detecting these changes, notifying the user about them and offering replacement with a clean copy of the affected file(s).
The detection will be (at least temporarily) withdrawn as of the update 6247.

 

My personal reason to remove SFC from XP: because it's not providing real protection + it's taking from resources.
Since then I have a fast and stable OS.
And I haven't had a real virus on my OS for many years.
I know, because I check every few weeks with other 3 antiviruses.

 

Oh I do hope this is a false positive.
We have these popping up all over the network since the last update

 

No, it's not actually a false positive but the detection was eventually removed in an update released several hours ago and the quarantined files were restored.

 

Thank you for removing it.