Win32/Patched.FQ trojan

Discussion in 'ESET NOD32 Antivirus' started by XtenZ, Aug 24, 2010.

Thread Status:
Not open for further replies.
  1. XtenZ

    XtenZ Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    4
    Microsoft Windows XP 5.1.2600 Service Pack 3
    ESET NOD32 version 3.0.669 Business Ed.
    Virus Signature DB version: 5394

    I have a workstation that has been infected with what is descibed in ESET Remote Administrator Console as Win32/Patched.FQ trojan. The events report that ESET tries to delete the virus but is unable to. Is there a process to remove this safely.

    Thanks.
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It is a legit file patched by malware, hence it cannot be deleted automatically. I'd suggest replacing the affected files with clean versions.
     
  4. XtenZ

    XtenZ Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    4
    Thanks for the replies.

    I repaired the installation and installed NOD32v4. A scan returned the same results and have tasked employee to not reboot. I have created a SysInspector log file and await mail reply so I can attach.

    Marcos, it may or may not be, but there are several other occurances in the v4xx scan that v3xx did not pick up that make me believe that it perhaps it is not. A good call though.

    Thanks
     
  5. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Eset did its job, it detected it. It is the user responsibility to keep a good back up to resolve this. I have become a supporter of detecton is more important then cleaning. Everyone cleans different that is the problem. Good work Eset.:thumb:
     
  6. XtenZ

    XtenZ Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    4
    trjam, I would be willing to discuss this in another thread or privately.
     
    Last edited: Aug 26, 2010
Thread Status:
Not open for further replies.