H
Hashbeth
I do a daily virus scan on my laptop.
On June 13, 2018, my windows defender scan quarantined a file, identifying it as Trojan:Win32/Vigorf.A. The scan result from Windows Defender reads:
Trojan:Win32/Vigorf.A
Affected items:
- containerfile: C:\Recovery\Customizations\usmt.ppkg
- file: C:\Recovery\Customizations\usmt.ppkg->\ICB\0\MachineSpecific\File\C$\Windows\Installer\1fbc9.msi
When I first chose to remove the file, it was gone (and subsequent scans did not find any viruses/malware). Upon rebooting the computer, however, the file was back.
I ran Windows Defender Offline and the problem was not resolved. As the file was in C:\Recovery, despite my best efforts, I could not access it directly.
When Windows Defender Offline did not resolve the issue, I checked with Malwarebytes, ESET, Zemana, and HitmanPro. None of those programs found the flagged Trojan. After clearing the Trojan and running the scans, I tried restoring my computer to a June 12, 2018 backup. This didn't resolve the issue.
I checked Autoruns and nothing was flagged on Virus Total. I turned off Windows Defender, ran Malwarebytes, Zemana, adwarecleaner, hitmanpro, and rkill to see if I could see the Trojan in action. No virus scanner found it. In fact, security suggested everything was fine with ESET running as the anti-virus. However, when I restarted windows defender, it again flagged the Trojan.
I also reviewed the ESET system inspector and couldn't find anything that appeared threatening.
At this point, I don't know the best way to go forward. If this is a false positive, I'd like to know to assuage my worries. If it is not, I'd like to know what else I should do to try and resolve the issue.
The other issue is the location of the document. It's location in C:\Recovery\Customizations renders it essentially unreachable. Despite my best efforts, I have not been able to get into that folder (though I can see it).
If there's any additional information, please let me know. I appreciate any help that anyone can provide, and I thank you for your time.
Continue reading...
On June 13, 2018, my windows defender scan quarantined a file, identifying it as Trojan:Win32/Vigorf.A. The scan result from Windows Defender reads:
Trojan:Win32/Vigorf.A
Affected items:
- containerfile: C:\Recovery\Customizations\usmt.ppkg
- file: C:\Recovery\Customizations\usmt.ppkg->\ICB\0\MachineSpecific\File\C$\Windows\Installer\1fbc9.msi
When I first chose to remove the file, it was gone (and subsequent scans did not find any viruses/malware). Upon rebooting the computer, however, the file was back.
I ran Windows Defender Offline and the problem was not resolved. As the file was in C:\Recovery, despite my best efforts, I could not access it directly.
When Windows Defender Offline did not resolve the issue, I checked with Malwarebytes, ESET, Zemana, and HitmanPro. None of those programs found the flagged Trojan. After clearing the Trojan and running the scans, I tried restoring my computer to a June 12, 2018 backup. This didn't resolve the issue.
I checked Autoruns and nothing was flagged on Virus Total. I turned off Windows Defender, ran Malwarebytes, Zemana, adwarecleaner, hitmanpro, and rkill to see if I could see the Trojan in action. No virus scanner found it. In fact, security suggested everything was fine with ESET running as the anti-virus. However, when I restarted windows defender, it again flagged the Trojan.
I also reviewed the ESET system inspector and couldn't find anything that appeared threatening.
At this point, I don't know the best way to go forward. If this is a false positive, I'd like to know to assuage my worries. If it is not, I'd like to know what else I should do to try and resolve the issue.
The other issue is the location of the document. It's location in C:\Recovery\Customizations renders it essentially unreachable. Despite my best efforts, I have not been able to get into that folder (though I can see it).
If there's any additional information, please let me know. I appreciate any help that anyone can provide, and I thank you for your time.
Continue reading...