Windows 10: Virus in System32 winevt Solved

  1.    20 Jun 2018 #1

    Virus in System32 winevt


    Avast in my Win 10 PC is showing threat as in the attached image but not able to resolve. I am even not able to delete this file manually. What is the importance of this file. How to delete it.Click image for larger version. 

Name:	Winevt.jpg 
Views:	2 
Size:	46.8 KB 
ID:	192963
      My ComputerSystem Spec

  2.    20 Jun 2018 #2

    Hi.
    Avast have a boot scan feature which you should try. Defo@boot infects the MBR, so it can't be removed while you're in the operating system.
    Running a Boot-time Scan in Avast Antivirus | Official Avast Support

    If that doesn't work, have a look at the steps here:
    https://www.precisesecurity.com/virus/threatdefoboot
    .
    Last edited by simrick; 22 Jun 2018 at 21:37.
      My ComputerSystem Spec

  3.    20 Jun 2018 #3

    simrick said: View Post
    Hi.
    Avast have a boot scan feature which you should try. Defo@boot infects the MBR, so it can't be removed while you're in the operating system.
    Running a Boot-time Scan in Avast Antivirus | Official Avast Support

    If that doesn't work, have a look at the steps here:
    Threatefo@boot - Virus Solution and Removal
    .
    Thanks. I have already tried Avast Boot Scan. Previously it was in MBR in my other hard disk which I had to ultimately formatted. In my this disk, I think this is not in MBR but a log file in System. I simply want to delete or replace this file. I think deleting this file should not make any problem for PC. I have tried TDSS .killer though not in safe mode and it did not detect this.
      My ComputerSystem Spec

  4.    22 Jun 2018 #4

    sam9 said: View Post
    Thanks. I have already tried Avast Boot Scan. Previously it was in MBR in my other hard disk which I had to ultimately formatted. In my this disk, I think this is not in MBR but a log file in System. I simply want to delete or replace this file. I think deleting this file should not make any problem for PC. I have tried TDSS .killer though not in safe mode and it did not detect this.
    Okay, I guess my question would be: How did this event end up on your new drive? Is the new drive a clone or restored image of the old one?

    I think you should be able to do this (but be sure to have an image made first, in case you have any problems):
    Double-click the log file to open it in Event Viewer.
    In the right pane under Actions, select Clear Log.

    I've never done this myself, so not sure how much will be cleared, but you can try it. If it works, and it's cleared, and then it reappears, I'd say you still have a problem.
      My ComputerSystem Spec

  5.    22 Jun 2018 #5

    simrick said: View Post
    Okay, I guess my question would be: How did this event end up on your new drive? Is the new drive a clone or restored image of the old one?

    I think you should be able to do this (but be sure to have an image made first, in case you have any problems):
    Double-click the log file to open it in Event Viewer.
    In the right pane under Actions, select Clear Log.

    I've never done this myself, so not sure how much will be cleared, but you can try it. If it works, and it's cleared, and then it reappears, I'd say you still have a problem.
    Thanks. Your and my thoughts are just similar. I already cleared all logs but you can yourself check that lots of logs of around 68 kb each reappear. Though this virus was showing in a log file and it may not be harmful but I was not at ease seeing my system affected with virus. So finally I went back to restore my system images one by one and then in third attempt, the image I restored was clean. For information , TDSSkiller, zero access tool and defender could not pick up virus in this file.
      My ComputerSystem Spec

  6.    23 Jun 2018 #6

    sam9 said: View Post
    Thanks. Your and my thoughts are just similar. I already cleared all logs but you can yourself check that lots of logs of around 68 kb each reappear. Though this virus was showing in a log file and it may not be harmful but I was not at ease seeing my system affected with virus. So finally I went back to restore my system images one by one and then in third attempt, the image I restored was clean. For information , TDSSkiller, zero access tool and defender could not pick up virus in this file.
    Good! I am surprised that TDSSKiller/Zeroaccess tool/Defender picked up nothing. That is so strange. But, glad you have a clean system now - that would bug me too, having it there.
      My ComputerSystem Spec

  7.    23 Jun 2018 #7

    Please go ahead and mark the thread as solved. Cheers!
      My ComputerSystem Spec


 

Related Threads
C:\Windows\System32\cmd.exe in General Support
On Aug 24 when I booted my laptop I got this pop up (see attached). I just clicked on OK and ignored it. However since then I've gotten several pop ups re this item and in Googling it, I find it could possibly be some kind of malware. This is...
C:\windows\system32\nvscap64.dll in Windows Updates and Activation
running windows 10pro vers1511 on my pc os build 10586.589, prod id 00330-80000-00000, each startup this message appears, could not find C:\windows\system32\nvspcap64.dll, what's wrong?:sick:
Every startup I get a command prompt window running reg.exe. There's nothing in my startup folder with reg.exe Noting in the usual registry start up locations with reg.exe Nothing in msconfig with reg.exe Anyone know why it's doing this?
Error in system32/svchost.exe in Installation and Upgrade
Since upgrading my laptop to Windows 10, I continually receive a window message saying: Error in C:/Windows/System32/svchost.exe Missing entry: MapNetworkDrive Can anyone help with this error please? Thanks, Skeeter
I keep getting this error usually when I'm online. any fixes??
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 18:06.
Find Us