Trojan warning persists after removal

Status
Not open for further replies.
C

cottage

New Member
Thread author
Mar 11, 2023
5
I'm running Win 10 Pro X64 and Windows defender.

I downloaded a shareware program and scanned it before installing. I got a trojan warning from Windows defender and permanently deleted the shareware program (Shift + Delete). However, Windows Defender still displays the Trojan warning. Even though I deleted the offending program, I asked Defender to remove the trojan but the warning persists.

I then did a full scan with Malwarebytes and it did not pick up any problems.

I have rebooted the computer as well as run a second Win Defender full scan but the problem persists.

I have attached screen clips of the warning as well as a shot of the screen after Win Defender attempted to remove the program.

Any suggestions?
 

Attachments

  • def 2.jpg
    def 2.jpg
    66.3 KB · Views: 18
  • def 1.jpg
    def 1.jpg
    48.2 KB · Views: 18
nasdaq

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,431
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Let's see what we can find to help you.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Attach Files.
Navigate to the location of the File.
Click the file. It will appear in the reply section.
Click the Post Reply button.

Please post the logs for my review.

Let me know what problems persists.

Wait for further instructions
 
C

cottage

New Member
Thread author
Mar 11, 2023
5
Thank you nasdaq,
I'll do as you recommend but first, I want to ensure that my post wasn't misleading.

I don't believe that my computer is infected with the trojan.
  • I scanned the shareware program immediately after download (trojan identified)
  • I didn't install the program.
  • I deleted it immediately after the virus scan (Shift+ Delete)
  • The trojan waring remained in Windows Defender
  • I instructed Win Defender to delete the trojan even though the shareware program had already been deleted but the warning remained.
  • I ran Malwarebytes and the scan was clear
  • I looked at all running applications and services (Task Manager). There was nothing running and there were no suspicious services loaded.
  • I looked at task scheduler and there was nothing unusual scheduled to run.
Therefore, I'm assuming that I'm not infected. It's just that Win Defender didn't clear the warning.

Is my reasoning inaccurate?
 
C

cottage

New Member
Thread author
Mar 11, 2023
5
nasdaq said:
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Let's see what we can find to help you.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Attach Files.
Navigate to the location of the File.
Click the file. It will appear in the reply section.
Click the Post Reply button.

Please post the logs for my review.

Let me know what problems persists.

Wait for further instructions
Click to expand...
After double clicking to run Farbar, you say click Yes to the disclaimer. Is this the disclaimer?
 

Attachments

  • dis.jpg
    dis.jpg
    26 KB · Views: 13
C

cottage

New Member
Thread author
Mar 11, 2023
5
Update.....
I deleted the Windows Defender protection history and the Trojan warning has disappeared.

To be sure, I did a subsequent full scan and it is clear.
 
nasdaq

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,431
Hi,

That usually work. The additional.txt that would have been created had you executed the Farbar program would have reported it.

Good work.

I will keep tis topic open for 6 days in case you need to return to it.
 
C

cottage

New Member
Thread author
Mar 11, 2023
5
nasdaq said:
Hi,

That usually work. The additional.txt that would have been created had you executed the Farbar program would have reported it.

Good work.

I will keep tis topic open for 6 days in case you need to return to it.
Click to expand...
Thank you for your assistance.
 
Status
Not open for further replies.

Similar threads

V
    • Like
  • Locked
SPAM PDF attachement eMail
Replies
3
Views
405
Windows Malware Removal Help & Support
nasdaq
nasdaq
C
  • Locked
Emsisoft Emergency Kit's temp files detected as Trojan:Script/Wacatac.B!ml by Windows Security
Replies
8
Views
697
Windows Malware Removal Help & Support
Can't Decide
C
M
  • Locked
Spyware removal
Replies
4
Views
631
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top