Cannot remove Win32/Korplug.BX Trojan

[Formentera 0]

No matter how many times I scan, the trojan always re-appears. The antivirus always says that the trojan has been removed, but every single day, it reappears. Is there a way to permanently remove it?

I have attached a log file.

Thank you

a.txt

[itman 1,659]

Appears this malware has a .dll component that has to be manually removed. Trend Micro has an article on how to remove it here you can try: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_plugx.ztbf-b . If the .dll cannot be found per instructions given, then this new variant is doing something else and you need to contact Eset tech support for resolution help.

Your Eset log indicates the malware is being discovered in memory at boot time. Appears it has created a "bogus" service that is automatically being started at boot time using svchost.exe. So removal of that service also has to be addressed.

Edited August 12, 2017 by itman

[itman 1,659]

Another thing you can do is run Eset's most aggressive AV scan to see if it will remove the malware.

Below is a screen shot of what you need to run.

1. Select "Advanced Scans."
2. Select the following; memory, boot sector, and the drive your OS is installed on.
3. Click on the wheel symbol to display additional options. Change "Scan Profile" to In-depth.
4. Click on the "Scan as Administrator" button to run the scan.

This scan will take some time to run so be aware of that.

Edited August 13, 2017 by itman

[Marcos 5,074]

Collect logs with ELC and "Threat detection" selected from the menu, upload the archive to a safe location and pm me a download link. I assume it''s a fileless threat that is present in the registry only.