Solved Trojan found on new PC


I've decided that I am going to just do a wipe, it will give me more peace of mind.
Still, you need to upgrade your security or you WILL get infected again. Free/Paid:
 

My Computer

System One

  • OS
    Windows 11 Home
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 3600 & No fTPM (07/19)
    Motherboard
    MSI B450 TOMAHAWK 7C02v1E & IFX TPM (07/19)
    Memory
    4x 8GB ADATA XPG GAMMIX D10 DDR4 3200MHz CL16
    Graphics Card(s)
    MSI Radeon RX 580 ARMOR 8G OC @48FPS (08/19)
    Sound Card
    Creative Sound Blaster Z (11/16)
    Monitor(s) Displays
    24" AOC G2460VQ6 (01/19)
    Screen Resolution
    1920×1080@75Hz & FreeSync (DisplayPort)
    Hard Drives
    ADATA XPG GAMMIX S11 Pro SSD 512GB (07/19)
    PSU
    Seasonic M12II-520 80 Plus Bronze (11/16)
    Case
    Lian Li PC-7NB & 3x Noctua NF-S12A FLX@700rpm (11/16)
    Cooling
    CPU Cooler Noctua NH-U12S@700rpm (07/19)
    Keyboard
    HP Wired Desktop 320K + Rabalux 76017 Parker (01/24)
    Mouse
    Logitech M330 Silent Plus (04/23)
    Internet Speed
    400/40 Mbps via RouterOS (05/21) & TCP Optimizer
    Browser
    Edge (No FB/Google) & Brave for YouTube & LibreWolf for FB
    Antivirus
    NoAV & Binisoft WFC & NextDNS
    Other Info
    Headphones: Sennheiser RS170 (09/10)
    Phone: Samsung Galaxy Xcover 7 (02/24)
Still, you need to upgrade your security or you WILL get infected again. Free/Paid:
Not necessarily unless the OP is very adventurous online. :)
I never had to do that.
What the OP needs is a back up plan.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 9 3900X
    Motherboard
    MSI MPG Gaming Edge Wifi (X570)
    Memory
    32GB Adata XPG DDR4
    Graphics Card(s)
    ASUS GTX 1070 8GB ROG
    Monitor(s) Displays
    LG Ultrawide 34"
    Screen Resolution
    3440x1440
    Hard Drives
    Main Boot Drive : 512GB Adata XPG RGB Gen3x4 NVMe M.2 SSD
    PSU
    EVGA 600 Watts Gold
    Case
    Deepcool Genome II
    Cooling
    Deepcool Fryzen
    Internet Speed
    1Gbps
    Browser
    Chrome
    Antivirus
    "Moderna"
  • Operating System
    Windows 11 Pro
    Computer type
    PC/Desktop
    CPU
    i7-4790K
    Motherboard
    ASRock Xtreme6 Z97
    Memory
    16GB Corsair Vengeance Pro
    Graphics card(s)
    MSI R9 290
    Monitor(s) Displays
    LG Ultrawide 34"
    Screen Resolution
    3440x1440
    Hard Drives
    Samsung M.2
    PSU
    Thermaltake 475 Watts 80 Bronze
    Case
    Thermaltake Commander I Snow Edition
    Cooling
    Deep Cool Archer Air Cooler
    Mouse
    Logitech G402
    Keyboard
    Armageddon MKA-5R RGB-Hornet
    Internet Speed
    1Gbps
    Browser
    Chrome
    Antivirus
    Moderna :)
What the OP needs is a back up plan.
That is always a good strategy, but OP's Defender had detected the trojan after the PC was already infected (active).
AV should prevent the infection, not to stop it afterwards. It has managed to do it in time, but it might not the next time.
 

My Computer

System One

  • OS
    Windows 11 Home
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 3600 & No fTPM (07/19)
    Motherboard
    MSI B450 TOMAHAWK 7C02v1E & IFX TPM (07/19)
    Memory
    4x 8GB ADATA XPG GAMMIX D10 DDR4 3200MHz CL16
    Graphics Card(s)
    MSI Radeon RX 580 ARMOR 8G OC @48FPS (08/19)
    Sound Card
    Creative Sound Blaster Z (11/16)
    Monitor(s) Displays
    24" AOC G2460VQ6 (01/19)
    Screen Resolution
    1920×1080@75Hz & FreeSync (DisplayPort)
    Hard Drives
    ADATA XPG GAMMIX S11 Pro SSD 512GB (07/19)
    PSU
    Seasonic M12II-520 80 Plus Bronze (11/16)
    Case
    Lian Li PC-7NB & 3x Noctua NF-S12A FLX@700rpm (11/16)
    Cooling
    CPU Cooler Noctua NH-U12S@700rpm (07/19)
    Keyboard
    HP Wired Desktop 320K + Rabalux 76017 Parker (01/24)
    Mouse
    Logitech M330 Silent Plus (04/23)
    Internet Speed
    400/40 Mbps via RouterOS (05/21) & TCP Optimizer
    Browser
    Edge (No FB/Google) & Brave for YouTube & LibreWolf for FB
    Antivirus
    NoAV & Binisoft WFC & NextDNS
    Other Info
    Headphones: Sennheiser RS170 (09/10)
    Phone: Samsung Galaxy Xcover 7 (02/24)
It's free - most of the offline rescue disks are. One of the few bonuses in life. They probably hope you will sign up to one of their other products if you're happy or something.

It's all on the page linked below. It's for Windows 11 as well - even though they haven't updated their web page to add Windows 11 (checked that elsewhere).

You just need a usb stick and to know how to boot from it. So you either need to know which function key takes you to the boot menu, or with some computers you just press escape repeatedly when turning on and a menu gives you options and you choose the Boot menu.

What computer is it?

So you download the Rescue disk antivirus software. Perhaps on a different computer if you have one around. Insert the usb stick and follow the instructions for getting the program onto the usb stick.

Then insert the usb stick into the computer you want to scan, while it's turned off. When you turn it on, hit the correct function key to go to the boot menu. The boot menu will give you the option to choose your hard drive or the usb stick. Use up down arrow keys to select the usb stick and hit return and it starts to boot the rescue disk.

There is no graphical interface (ie pictures) with this one - just text. So you use the arrow keys and return key on the keyboard to select things.

Easier than it sounds.

 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Pavilion 14-ce3514sa
    CPU
    Core i5
    Memory
    16gb
    Hard Drives
    Samsung 970 evo plus 2TB
    Cooling
    Could be better
    Internet Speed
    200mbps Starlink
    Browser
    Firefox
    Other Info
    Originally installed with a 500gb H10 Optane ssd
It's the same principle as booting Windows from a usb stick when you go to install it.

The rescue disk/usb bypasses windows altogether so it can check a dormant hard drive. It doesn't install anything - it's all on the usb stick.

After downloading the rescue disk software, you run the installer and it'll ask you which drive to install it onto - make sure you select the drive number for the usb drive!
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Pavilion 14-ce3514sa
    CPU
    Core i5
    Memory
    16gb
    Hard Drives
    Samsung 970 evo plus 2TB
    Cooling
    Could be better
    Internet Speed
    200mbps Starlink
    Browser
    Firefox
    Other Info
    Originally installed with a 500gb H10 Optane ssd
That is always a good strategy, but OP's Defender had detected the trojan after the PC was already infected (active).
AV should prevent the infection, not to stop it afterwards. It has managed to do it in time, but it might not the next time.
Windows Defender is supposed to be pretty good these days. If the OP uses it with Malwarebytes free it could be ok. Depending on what kind of websites you go to etc. I use a paid for AV - because I think it's worth it for about £25 a year for 5 licences (you can shop around for the best price/deal) plus Malwarebytes free.

Having said that about Defender, I just read this

"The catch with Windows Defender and the other built-in security tools and features in Windows is that you have to stick to Microsoft products. This means using Edge instead of Chrome or Firefox as your default browser, Microsoft Office 365 instead of Google Workspace or LibreOffice and Microsoft Teams instead of Slack or Zoom.

As a result, if your Chrome or Firefox browser is used to visit a malicious website, you’ll have to rely on the browser’s own protection, not Microsoft’s. To be fair though, the protection offered by Chrome and Firefox is pretty good on its own."

 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Pavilion 14-ce3514sa
    CPU
    Core i5
    Memory
    16gb
    Hard Drives
    Samsung 970 evo plus 2TB
    Cooling
    Could be better
    Internet Speed
    200mbps Starlink
    Browser
    Firefox
    Other Info
    Originally installed with a 500gb H10 Optane ssd
I disagree with a lot of you who have never done any cleaning other than to spend the time to wipe your hard drive & some Trojans will stay ! Go ask any Malware Removal Specialist if you do not believe me ! Sometimes we have had to run 3 or 4 different programs to find & remove them ! As you said WAI "they just don't go away" !
Most will be removed with a wipe but not all !
This sort of argument sounds like if you are a Pilot -- would you take a knowingly defective plane into the air and then repair it or do it while its on the ground.

I know -- (and I have held a PPL for years) that if there's any inclination of a problem then that plane stays on the ground until its repaired.

So while I would always prefer to do a totally clean install to repair an infected computer - you could use a remote machine to cleanse the infected one if you really don't want to do a clean install.

Before doing the clean install - I'd cleanse the HDD/SSD too by writing x'00' or random binary characters on every single physical sector which will totally remove any lingering code that might be stubbornly hidden on the disk. Don't forget the cache as well -- plenty of programs around to do this including various "Low Level" formatting applications.

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
Still, you need to upgrade your security or you WILL get infected again. Free/Paid:
I have to say I disagree with that statement. I have always used the Windows security with Malwarebytes for years and have been fine. This was just an unfortunate incident! If you think about it, so many of them companies have been spamming their anti-virus software for so long, for years. In magazines, etc. Lots of ways of almost forcing their software on you. But now, it seems many of them are not even needed. I'd say many of them have taken a huge hit if you compare now to many years back when they were almost looked upon as a necessity. That is my opinion anyway and is probably more geared toward home users. I'd say it's a different story for big companies.
 

My Computer

System One

  • OS
    Windows 11 Professional
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom build
    CPU
    AMD Ryzen™ 9 7950X
    Motherboard
    ASUS ROG Strix X670E-E Gaming WiFi
    Memory
    DOMINATOR® PLATINUM RGB 64GB (2x32GB) DDR5 DRAM 5200MHz
    Graphics Card(s)
    MSI GeForce RTX™ 3080 Ti SUPRIM X 12GB
    Hard Drives
    980 PRO NVMe M.2 SSD 1TB
    970 EVO Plus NVMe M.2 SSD 2TB
    PSU
    Corsair HX1000 1000 W 80+ Platinum
    Case
    Fractal Design Meshify 2
    Cooling
    iCUE H150i ELITE LCD Display Liquid CPU Cooler
It's free - most of the offline rescue disks are. One of the few bonuses in life. They probably hope you will sign up to one of their other products if you're happy or something.

It's all on the page linked below. It's for Windows 11 as well - even though they haven't updated their web page to add Windows 11 (checked that elsewhere).

You just need a usb stick and to know how to boot from it. So you either need to know which function key takes you to the boot menu, or with some computers you just press escape repeatedly when turning on and a menu gives you options and you choose the Boot menu.

What computer is it?

So you download the Rescue disk antivirus software. Perhaps on a different computer if you have one around. Insert the usb stick and follow the instructions for getting the program onto the usb stick.

Then insert the usb stick into the computer you want to scan, while it's turned off. When you turn it on, hit the correct function key to go to the boot menu. The boot menu will give you the option to choose your hard drive or the usb stick. Use up down arrow keys to select the usb stick and hit return and it starts to boot the rescue disk.

There is no graphical interface (ie pictures) with this one - just text. So you use the arrow keys and return key on the keyboard to select things.

Easier than it sounds.

Thanks a lot. I have a new USB stick here ready to use for it. It is a custom built PC, not a specific make. I will check to see about getting into the BIOS to change the boot mode.

Why do you say use a different computer, just in case this is infected? I have my older PC that has Windows 10, but that in't even hooked up to my screens and even if I plug it all back in, the data hard drives it was using for downloads is now in this new PC I have. Well, the downloads were pointing to the sata drive it that makes sense. Prob more a pain to get that plugged back in etc. :LOL:
 

My Computer

System One

  • OS
    Windows 11 Professional
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom build
    CPU
    AMD Ryzen™ 9 7950X
    Motherboard
    ASUS ROG Strix X670E-E Gaming WiFi
    Memory
    DOMINATOR® PLATINUM RGB 64GB (2x32GB) DDR5 DRAM 5200MHz
    Graphics Card(s)
    MSI GeForce RTX™ 3080 Ti SUPRIM X 12GB
    Hard Drives
    980 PRO NVMe M.2 SSD 1TB
    970 EVO Plus NVMe M.2 SSD 2TB
    PSU
    Corsair HX1000 1000 W 80+ Platinum
    Case
    Fractal Design Meshify 2
    Cooling
    iCUE H150i ELITE LCD Display Liquid CPU Cooler

My Computer

System One

  • OS
    Windows 11 Professional
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom build
    CPU
    AMD Ryzen™ 9 7950X
    Motherboard
    ASUS ROG Strix X670E-E Gaming WiFi
    Memory
    DOMINATOR® PLATINUM RGB 64GB (2x32GB) DDR5 DRAM 5200MHz
    Graphics Card(s)
    MSI GeForce RTX™ 3080 Ti SUPRIM X 12GB
    Hard Drives
    980 PRO NVMe M.2 SSD 1TB
    970 EVO Plus NVMe M.2 SSD 2TB
    PSU
    Corsair HX1000 1000 W 80+ Platinum
    Case
    Fractal Design Meshify 2
    Cooling
    iCUE H150i ELITE LCD Display Liquid CPU Cooler
Hi @Hazel123 I downloaded the software, installed it to my USB stick. Restarted. Tried to boot to the USB, it recognised it. But I keep getting a screen with the folowing message and it won't do anything, I keep having to power off and keep seeing the same screen.

Only 64-bit images supported
_


Any ideas? Of course this wouldn't work as it should for me, I knew it haha:confused:
 

My Computer

System One

  • OS
    Windows 11 Professional
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom build
    CPU
    AMD Ryzen™ 9 7950X
    Motherboard
    ASUS ROG Strix X670E-E Gaming WiFi
    Memory
    DOMINATOR® PLATINUM RGB 64GB (2x32GB) DDR5 DRAM 5200MHz
    Graphics Card(s)
    MSI GeForce RTX™ 3080 Ti SUPRIM X 12GB
    Hard Drives
    980 PRO NVMe M.2 SSD 1TB
    970 EVO Plus NVMe M.2 SSD 2TB
    PSU
    Corsair HX1000 1000 W 80+ Platinum
    Case
    Fractal Design Meshify 2
    Cooling
    iCUE H150i ELITE LCD Display Liquid CPU Cooler

My Computer

System One

  • OS
    Windows 11 Professional
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom build
    CPU
    AMD Ryzen™ 9 7950X
    Motherboard
    ASUS ROG Strix X670E-E Gaming WiFi
    Memory
    DOMINATOR® PLATINUM RGB 64GB (2x32GB) DDR5 DRAM 5200MHz
    Graphics Card(s)
    MSI GeForce RTX™ 3080 Ti SUPRIM X 12GB
    Hard Drives
    980 PRO NVMe M.2 SSD 1TB
    970 EVO Plus NVMe M.2 SSD 2TB
    PSU
    Corsair HX1000 1000 W 80+ Platinum
    Case
    Fractal Design Meshify 2
    Cooling
    iCUE H150i ELITE LCD Display Liquid CPU Cooler
Perhaps the Kaspersky tool auto-downloads, because there is malware out there that prevents the download of anti-malware apps.

It looks like you don't need the computer right away, so that you can try out 70+ posts worth of suggestions, and it would be a good learning experience too, but IMNSHO re-read my post #8.
 

My Computer

System One

  • OS
    Windows 10 Pro
Perhaps the Kaspersky tool auto-downloads, because there is malware out there that prevents the download of anti-malware apps.

It looks like you don't need the computer right away, so that you can try out 70+ posts worth of suggestions, and it would be a good learning experience too, but IMNSHO re-read my post #8.
Ok, good to know it may auto-download due to that.

Yes, there are lots of posts in this thread. What exactly are you referring to in your #8 post?

Right now, my main thing is getting this Trend Micro running from the USB I have put it on. I don't know why that would decide not to work. My PC is hardly setup in a way that doesn't allow this? It is an expensive enough machine I bought. Anyone with any ideas why this isn't wotking, feel free to chime in here, thanks.
 

My Computer

System One

  • OS
    Windows 11 Professional
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom build
    CPU
    AMD Ryzen™ 9 7950X
    Motherboard
    ASUS ROG Strix X670E-E Gaming WiFi
    Memory
    DOMINATOR® PLATINUM RGB 64GB (2x32GB) DDR5 DRAM 5200MHz
    Graphics Card(s)
    MSI GeForce RTX™ 3080 Ti SUPRIM X 12GB
    Hard Drives
    980 PRO NVMe M.2 SSD 1TB
    970 EVO Plus NVMe M.2 SSD 2TB
    PSU
    Corsair HX1000 1000 W 80+ Platinum
    Case
    Fractal Design Meshify 2
    Cooling
    iCUE H150i ELITE LCD Display Liquid CPU Cooler
My post #8 foresees the 70+ posts :-)

I can't help with the Trend Micro tool, I don't remember ever having used it, others will have to chime in.

There are quite a few other similar tools, though, and ironically, the Kaspersky tool is one of them. I did use the Kaspersky tool, more than a couple of times even, as a second opinion scanner, but it was many, many moons ago, and maybe the tool itself has evolved, nonetheless the Kaspersky tool still has a good reputation.

You may want to read this thread that I recently started Do you use portable anti-malware apps?
 

My Computer

System One

  • OS
    Windows 10 Pro
My post #8 foresees the 70+ posts :-)

I can't help with the Trend Micro tool, I don't remember ever having used it, others will have to chime in.

There are quite a few other similar tools, though, and ironically, the Kaspersky tool is one of them. I did use the Kaspersky tool, more than a couple of times even, as a second opinion scanner, but it was many, many moons ago, and maybe the tool itself has evolved, nonetheless the Kaspersky tool still has a good reputation.

You may want to read this thread that I recently started Do you use portable anti-malware apps?
Is there some sort of dark art at play? I am not sure what you mean haydon? Or are you saying in a weird way that people have been wasting their and my time here? Not too sure what you're getting at here.

Anyway yeah Kaspersky. Someone commented that is was linked to the Russia, not sure if you have read that? It would be complete thrash talk, or it could be a very good point, I am not sure. But here I am with half the day gone and I am not closer to getting the PC wiped because of the holdup with Trend Micro not wanting to boot from the USB. Ya gotta love good oul technology, eh?
 

My Computer

System One

  • OS
    Windows 11 Professional
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom build
    CPU
    AMD Ryzen™ 9 7950X
    Motherboard
    ASUS ROG Strix X670E-E Gaming WiFi
    Memory
    DOMINATOR® PLATINUM RGB 64GB (2x32GB) DDR5 DRAM 5200MHz
    Graphics Card(s)
    MSI GeForce RTX™ 3080 Ti SUPRIM X 12GB
    Hard Drives
    980 PRO NVMe M.2 SSD 1TB
    970 EVO Plus NVMe M.2 SSD 2TB
    PSU
    Corsair HX1000 1000 W 80+ Platinum
    Case
    Fractal Design Meshify 2
    Cooling
    iCUE H150i ELITE LCD Display Liquid CPU Cooler
After four pages of discussions, it appears that no one has mentioned false positives. While I'm not advocating lowering your guard and assuming an alert is a false positive, it's an important possibility to keep in mind, especially if you're considering spending a lot of time rebuilding a system.

Sometimes all it takes is to check what has been quarantined and do a search online to determine what the file is and where it came from. Often that will reveal information about whether it's prone to cause false positives. For example. Nirsoft utilities often trigger false positives, as do many others, such as Cmdow, and my own WinSetView. Also, perfectly legit Cmd, VBS, and PowerShell scripts can trigger false positives, even ones you've written yourself.

The first question is always "where did this come from"? If it was in the Downloads folder (before being quarantined), look at when it was downloaded and what other files were downloaded at the same time. Is it your download or somebody else's (i.e. on a shared PC). Some basic investigation should start to give you a sense of whether it's likely to be a threat or not.
 

My Computer

System One

  • OS
    Windows 10/11
    Computer type
    Laptop
    Manufacturer/Model
    Acer
Is there some sort of dark art at play? I am not sure what you mean haydon? Or are you saying in a weird way that people have been wasting their and my time here? Not too sure what you're getting at here.

Anyway yeah Kaspersky. Someone commented that is was linked to the Russia, not sure if you have read that? It would be complete thrash talk, or it could be a very good point, I am not sure. But here I am with half the day gone and I am not closer to getting the PC wiped because of the holdup with Trend Micro not wanting to boot from the USB. Ya gotta love good oul technology, eh?
No dark art, just that some people are habitually riding out their egos, and yes, that can lead to wasted time :eek1:

Yes, I read the comments about Kaspersky and other conspiracy theories :eek1:

You don't a priori pick a tool that does not work (n) You pick a tool that does work (y)
 

My Computer

System One

  • OS
    Windows 10 Pro
After four pages of discussions, it appears that no one has mentioned false positives. While I'm not advocating lowering your guard and assuming an alert is a false positive, it's an important possibility to keep in mind, especially if you're considering spending a lot of time rebuilding a system.

Sometimes all it takes is to check what has been quarantined and do a search online to determine what the file is and where it came from. Often that will reveal information about whether it's prone to cause false positives. For example. Nirsoft utilities often trigger false positives, as do many others, such as Cmdow, and my own WinSetView. Also, perfectly legit Cmd, VBS, and PowerShell scripts can trigger false positives, even ones you've written yourself.

The first question is always "where did this come from"? If it was in the Downloads folder (before being quarantined), look at when it was downloaded and what other files were downloaded at the same time. Is it your download or somebody else's (i.e. on a shared PC). Some basic investigation should start to give you a sense of whether it's likely to be a threat or not.
Yeah, have multiple tools in your toolbox (y)
 

My Computer

System One

  • OS
    Windows 10 Pro

Latest Support Threads

Back
Top Bottom