Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Trojan.Patchep!nf ..... false positive with Norton360???

  • Please log in to reply
3 replies to this topic

#1 mapski99


  • Members
  • 2 posts
  • Local time:07:59 PM

Posted 12 May 2009 - 11:48 PM

Dell 8400, WinXP Pro SP3, fully patched.

Norton360 constantly reports a "Trojan.Patchep!nf" infection. Norton can't remove it. There is very little info via google on this one. Norton/Symantec reports that it's either low risk or high risk, and has infected a bevy of system files.

I have tried everything..... MBAM, SAS, AVG 8.5, Avira, SpybotS&D, a-squared, SDFix, Combofix, ESET online, Kaspersky online; cleaned up via HJT. Removed a lot of stuff, but none of the other apps have ever noticed "Trojan.Patchep!nf".

Could it be a false positive from Norton360?


BC AdBot (Login to Remove)


#2 scff249


    Indecisive Lurker

  • Members
  • 1,319 posts
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:09:59 PM

Posted 13 May 2009 - 12:15 AM

You shouldn't run Combofix without the supervision of an expert trained in its use. Doing so could damage your system. Also, to note ahead of time, posting logs for Combofix without being asked to by someone qualified and in the proper forum will be ignored.

Can you post the MBAM and SAS logs if there is anything on it?

Also, do you know what the full file path is? It'd help to know where it's leading to. It could be a false positive or it could be that some other malware is putting it back there.

If you know the location of the file, do this:

Anytime you come across a suspicious file for which you cannot find any information about, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
-- Post back with the results of the file analysis.

Edited by scff249, 13 May 2009 - 12:18 AM.

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo

#3 mapski99

  • Topic Starter

  • Members
  • 2 posts
  • Local time:07:59 PM

Posted 13 May 2009 - 09:33 AM

MBAM and SAS logs were clean. I will check them later to confirm, or re-run.

I don't believe Norton provides a path to the infection. I'll check.

#4 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,920 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:59 PM

Posted 13 May 2009 - 10:28 AM

Does Norton provide a specific file name associated with this malware threat?
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users