Trojan:W32/Patched is a detection for files (usually Windows components) that are patched by a malicious application.
It is not advisable to delete, rename or quarantine patched Windows components because it may affect system stability. Even though Windows locks its main files while it is active, it might be still possible to affect them.
If your F-Secure Anti-Virus detected a certain file as Trojan.Win32.Patched, please first try to select the "Disinfect" action. In this case, F-Secure Anti-Virus will create a copy of a patched file, try to restore its contents, and then it will add a renaming command into the Windows Registry in order to replace the patched file with a cleaned one during the next Windows startup.
In case the approach described above fails, try to restore one of the recent System Restore points. In many cases a patched system component will be replaced with a clean one. Before restoring a System Restore point it is advised to backup all personal data to avoid loosing it when Windows rolls back to a previously saved state.
Windows Installation discs contain a repair option. Boot from the CD and select the option to repair. Again, it is advisable to backup your personal data.
If nothing helps to clean an patched system component, the last resort is to attach a hard drive with a patched file as slave to a similar Windows-based system, boot up and to replace a patched file with a file taken from a clean system.
Note: A file used for replacement must be the same version as a patched file. This operation should be done by an experienced computer technician only.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
The purpose of patching varies. For example, some malware will patch system components in order to disable security, such as the Windows Safe File Check feature; others will add malicious code to a system component and then patch certain functions of the original file to point to the added code.
The most frequently patched components are:
The 2008-11-04_04 database contained a false positive on a German language Windows XP Service Pack 2 file called User32.dlllocated in the C:\WINDOWS\system32 folder. The detection was named Trojan.Win32.Patched.dn and is resolved in the 2008-11-04_06 update.
If you were alerted to Trojan.Win32.Patched.dn, please make sure that you have the most current update, and that User32.dll has not been renamed.