Win64/Rozena.ABC

[TimBozo 0]

Hello all, after years of being able to rid myself of malware without help, I'm now stuck.

Nod32 is popping up the usual warning window saying a threat was found in file ... etc. When I click to see what files they are, they are .exe files, such as logitec mouse options, Nvidia Container and so on, but also various windows system apps when I try to open them.

I've rebooted as the Eset window suggests, to complete the cleaning, but the same warnings pop up after every reboot. I have Nod32 (paid subscription) and Malwarebytes Premier running.

A deep MalwareBytes scan is finding nothing and gleefully telling me my system is clean. I ran NKill and that found nothing. Have reset my Chrome browser so no extensions running.

Ran a full Nod32 scan with today's detection updates installed (29419 20240619), nothing found.

Has anyone got experience with a Win64/Rozena.ABC infection? Any idea how to clean it? All suggestions very much appreciated.

[Marcos 5,165]

This was a false positive. An update is being prepared which will fix it. In the mean time you can create a detection exclusion by the detection name.

[rogodra 0]

Hi, this issue is being addressed here:

https://forum.eset.com/topic/41396-eset-is-flagging-hundreds-of-legitimate-system32-processes-as-malware-and-running-my-computer-unusable/#comment-185846

In my case, the problem was solved by disabling the Windhawk program, which modifies the visual aspects of windows.

I hope that solves the problem.