Formentera 0 Posted August 11, 2017 Posted August 11, 2017 No matter how many times I scan, the trojan always re-appears. The antivirus always says that the trojan has been removed, but every single day, it reappears. Is there a way to permanently remove it? I have attached a log file. Thank you a.txt
itman 1,807 Posted August 12, 2017 Posted August 12, 2017 (edited) Appears this malware has a .dll component that has to be manually removed. Trend Micro has an article on how to remove it here you can try: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_plugx.ztbf-b . If the .dll cannot be found per instructions given, then this new variant is doing something else and you need to contact Eset tech support for resolution help. Your Eset log indicates the malware is being discovered in memory at boot time. Appears it has created a "bogus" service that is automatically being started at boot time using svchost.exe. So removal of that service also has to be addressed. Edited August 12, 2017 by itman
itman 1,807 Posted August 13, 2017 Posted August 13, 2017 (edited) Another thing you can do is run Eset's most aggressive AV scan to see if it will remove the malware. Below is a screen shot of what you need to run. Select "Advanced Scans." Select the following; memory, boot sector, and the drive your OS is installed on. Click on the wheel symbol to display additional options. Change "Scan Profile" to In-depth. Click on the "Scan as Administrator" button to run the scan. This scan will take some time to run so be aware of that. Edited August 13, 2017 by itman
Administrators Marcos 5,466 Posted August 13, 2017 Administrators Posted August 13, 2017 Collect logs with ELC and "Threat detection" selected from the menu, upload the archive to a safe location and pm me a download link. I assume it''s a fileless threat that is present in the registry only.
Recommended Posts