Windows 10: WD says I have a trojan at every boot Solved

Page 1 of 2 12 LastLast
  1.    27 Jul 2017 #1

    WD says I have a trojan at every boot


    Hello.

    Windows Defender says I have a trojan on every boot buy when I check WD Security Center there is nothing there.

    I haven't noticed anything weird but the message is getting on my nerves.

    Ran AdwCleaner and it came up clean.

    This is the report and suspected file via Powershell:

    CategoryID : 8
    DidThreatExecute : False
    IsActive : False
    Resources : {file:_C:\Users\LaBusqueda\AppData\Local\Microsoft\Windows\INetCache\IE\CRDA093Q\deploy[1].xml,
    file:_C:\Users\LaBusqueda\AppData\Local\Microsoft\Windows\INetCache\IE\R5XBHIFN\deploy[1].xml,
    file:_C:\Users\LaBusqueda\AppData\Local\Microsoft\Windows\INetCache\IE\XYO5Y5ZK\deploy[1].xml}
    RollupStatus : 33
    SchemaVersion : 1.0.0.0
    SeverityID : 5
    ThreatID : 2147722737
    ThreatName : Trojan:JS/Runsas
    TypeID : 0
    PSComputerName :


    ActionSuccess : True
    AdditionalActionsBitMask : 0
    AMProductVersion : 4.11.15063.447
    CleaningActionID : 2
    CurrentThreatExecutionStatusID : 1
    DetectionID : {296FDAD3-8D05-4216-BD74-D3E87F3DB9C5}
    DetectionSourceTypeID : 3
    DomainUser : LABUSQUEDA\LaBusqueda
    InitialDetectionTime : 26/07/2017 9:34:25
    LastThreatStatusChangeTime : 26/07/2017 9:34:58
    ProcessName : C:\Windows\System32\regsvr32.exe
    RemediationTime : 26/07/2017 9:34:58
    Resources : {file:_C:\Users\LaBusqueda\AppData\Local\Microsoft\Windows\INetCache\IE\R5XBHIFN\deploy[1].xml}
    ThreatID : 2147722737
    ThreatStatusErrorCode : 0
    ThreatStatusID : 3
    PSComputerName :

    That file isn't present because I emptied all my browsers caches.

    Any ideas on how to proceed?

    TIA
      My ComputerSystem Spec

  2.    27 Jul 2017 #2

    Can you try running the Eset Online Scanner.
      My ComputersSystem Spec

  3.    27 Jul 2017 #3

    Yes. I have already thought about running an AV program offline but I cannot right now. It's a work PC.

    I will check it later. I may run WD offline too to have a second opinion.

    Thank you very much.
      My ComputerSystem Spec

  4.    27 Jul 2017 #4

    This is the opposite, its their online scanner, you don't have to install the full program, just enough to get a scan going.

    An offline scan wouldn't hurt either
      My ComputersSystem Spec

  5.    27 Jul 2017 #5

    Sign onto another account and delete the C:\Users\LaBusqueda\AppData\Local\Microsoft\Windows\INetCache folder.

    It will be regenerated next time you log on.
      My ComputerSystem Spec


  6. Posts : 3,143
    10.5 Home 1803 x64
       27 Jul 2017 #6

    It might be a fileless malware. Check startup entries, particularly scheduled tasks.

    Autoruns for Windows - Windows Sysinternals | Microsoft Docs
      My ComputerSystem Spec


  7. Posts : 5
    Windows 10 creator edition
       27 Jul 2017 #7

    Try an offline scan, open WD security center, click advanced on the scan section, select offline scan and click scan then click scan and follow the on-screen instructions
      My ComputerSystem Spec

  •    27 Jul 2017 #8

    Maybe try SuperAntiSpyware Free?
    RUNSAS.EXE - Trojan.Agent/Gen-Renamer | SUPERAntiSpyware

    Honestly never heard of this one, but worth a try.

    It could also be a FP, because that is the file name of SuperAntiSpyware's Alternate Start Tool
      My ComputerSystem Spec

  •    28 Jul 2017 #9

    In the end I restored a Macrium Reflect backup copy. Now I have to investigate where and how I caught that. I have made some changes to WD to strengthen security (enable pua dectection) and I have installed MBAE (which wasn't installed).
      My ComputerSystem Spec

  •    28 Jul 2017 #10

    simrick said: View Post
    Maybe try SuperAntiSpyware Free?
    RUNSAS.EXE - Trojan.Agent/Gen-Renamer | SUPERAntiSpyware

    Honestly never heard of this one, but worth a try.

    It could also be a FP, because that is the file name of SuperAntiSpyware's Alternate Start Tool
    Surprised you've never heard of SAS, its pretty well known on these forums. Its mostly used for scanning for malicious cookies which it does very well.
      My ComputersSystem Spec


  •  
    Page 1 of 2 12 LastLast

    Related Threads
    Solved Trojan, Trojan.Generic? in AntiVirus, Firewalls and System Security
    Hi! Today i might have got a trojan. I did indeed install a program that redirected me to a site where i think the website downloaded unwanted malware to my PC. The malware that has got control over my PC has completely blacked out my access to...
    Is there a trojan csrss.exe? If so how do I eliminate it. in AntiVirus, Firewalls and System Security
    Hi, Please bear with me for a minute. I am helping my roommate with issues installing a printer to her notebook. It has been installed and running in the past. I searched for an answer, and I ended up in what I thought I was a chat session...
    Solved Trojan or not ? in AntiVirus, Firewalls and System Security
    Hi all, Not quite sure when this started but roughly somewhere around July I noticed a file called NTUSER.rhk that resides in "Users\My username". Googling for the .rhk file extension gave me a bit of a scare as most sites suggest this is...
    Solved Do I Have A Trojan? in AntiVirus, Firewalls and System Security
    Hello, First post here :) Lately my Windows Defender is finding a Trojan in the Recovery D (Trojan:Win32/Dynamer!ac) It only shows up after a full 3 hour search and not in the fast search A full search with Malwarebytes, Adware and Hitman...
    Trojan in My Registry in AntiVirus, Firewalls and System Security
    I have an older 15 inch HP with W10 that I recently updated. I have always had McAfee on the computer, it has never lapsed. I have also run Spybot, Malwarebytes, Google Ghostery and ABP Adblock Popup. When I recently bought a new printer...
    Our Sites
    Site Links
    About Us
    Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

    Designer Media Ltd
    All times are GMT -5. The time now is 11:34.
    Find Us