kevinok 0 Posted August 30, 2023 Share Posted August 30, 2023 Hi, in my pc with windows 10 home 22H2, I use as default antivirus, microsoft defender, and it reported the trojan Trojan:Win64/Spyboy!MSR in the folder file\??\C:\WINDOWS\System32\drivers\zam64.sys And file\??\C:\WINDOWS\System32\drivers\zamguard64.sys windows defender can't remove it. i did window defender quick scan, full scan and offline scan and none of the scans found it. But it always reported that Trojan:Win64/Spyboy!MSR was active threat. An acquaintance told me that because the file path said "??" it means that the trojan was in the disk cache, and he told me to clean it with windows disk cleanup. I cleaned the disk cache with windows disk cleanup, and window defender no longer reports the trojan, but now the Trojan:Win64/Spyboy!MSR can be hidden in any part of my pc. I would like to know if using the scanner eset online scanner, the one you download and use only for scans, detects and eliminates this virusTerminator Trojan:Win64/Spyboy!MSR Thank you Link to comment Share on other sites More sharing options...
Administrators Marcos 5,090 Posted August 30, 2023 Administrators Share Posted August 30, 2023 Since this is an official ESET forum, I'd recommend installing ESET Internet Security or ESET Smart Security Premium. Make sure to enable detection of potentially unsafe applications and run a full disk scan. If it's a malicious or vulnerable driver, it should be detected. Link to comment Share on other sites More sharing options...
kevinok 0 Posted August 30, 2023 Author Share Posted August 30, 2023 come ho scritto, vorrei usare eset online scanner, che si scarica ed esegue a richiesta, e vorrei sapere con certezza se trova e rimuove questo Trojan:Win64/Spyboy!MSR che puo' stare nascosto in qulunque parte del mio pc Link to comment Share on other sites More sharing options...
itman 1,668 Posted August 30, 2023 Share Posted August 30, 2023 3 minutes ago, kevinok said: come ho scritto, vorrei usare eset online scanner, che si scarica ed esegue a richiesta, e vorrei sapere con certezza se trova e rimuove questo Trojan:Win64/Spyboy!MSR che puo' stare nascosto in qulunque parte del mio pc You were already instructed to post in English! Quote as I wrote, I would like to use eset online scanner, which is downloaded and run on request, and I would like to know for sure if it finds and removes this Trojan:Win64/Spyboy!MSR that can be hidden anywhere on my pc Just manually delete the two .sys Zemana driver files Microsoft Defender is detecting. Link to comment Share on other sites More sharing options...
kevinok 0 Posted August 30, 2023 Author Share Posted August 30, 2023 (edited) Buongiorno, come ho scritto, vorrei utilizzare eset online scanner, che viene scaricato ed eseguito su richiesta, e vorrei sapere con certezza se trova e rimuove questo Trojan:Win64/Spyboy!MSR che può essere nascosto ovunque su il mio pc. the two zemana drivers are not in the windows driver folder. I read that Trojan:Win64/Spyboy!MSR changes its name, putting random characters, minimum 4 letters, maximum 10 letters. Maybe that's why I can't find those drivers in the Drivers folder Edited August 30, 2023 by kevinok wrong word Link to comment Share on other sites More sharing options...
itman 1,668 Posted August 30, 2023 Share Posted August 30, 2023 28 minutes ago, kevinok said: I cleaned the disk cache with windows disk cleanup, and window defender no longer reports the trojan, but now the Trojan:Win64/Spyboy!MSR can be hidden in any part of my pc. I missed this. Since its no longer being detected by Microsoft Defender, you should no longer be concerned about this. As far as Eset Online Scanner, just download it and run it if you want a second opinion scan. Link to comment Share on other sites More sharing options...
kevinok 0 Posted August 30, 2023 Author Share Posted August 30, 2023 I can write the problem in detail. on July 21st at 09.12 AM window defender detected Trojan:Win64/Spyboy!MSR, then at 09.16 window defender wrote "action taken" "removed or restored", but there was nothing in the quarantine list , there was nothing in the removed list. It seems that window defender did nothing. Then at 9.16 again window defender writes "active threat" Trojan:Win64/Spyboy!MSR. But no window defender scan found it. Strange that it did not result in the list of blocked viruses, nor those in quarantine. In the windows event log I find written that 30 seconds before the scan, the trojan has been removed from the quarantine!!! but I had checked the quarantine list before and there was nothing!!! mystery Link to comment Share on other sites More sharing options...
Administrators Marcos 5,090 Posted August 31, 2023 Administrators Share Posted August 31, 2023 Since you are using Windows Defender, please contact Microsoft support for assistance. If you install ESET, make sure to enable detection of potentially unsafe applications and run a full disk scan. Link to comment Share on other sites More sharing options...
Recommended Posts